Description: Ascension Michigan notifies some of its patients of a data breach that happened between Oct. 15, 2015, and Sept. 8, 2021. It noticed suspicious activity in its electronic health record and upon investigation found that an unauthorized individual accessed its patient information. The compromised information included full name, date of birth, address(es), email address(es), phone number(s), health insurance information, health insurance identification number and medical records, Social Security numbers. The Ascension Michigan offered free credit and identity theft protection-monitoring services to the affected patients.

Description: Seton Healthcare Family suffered a data breach incident after a laptop computer had been stolen from its Seton McCarthy Clinic. The compromised information included the name, address, phone number, date of birth, seton medical record number, patient account number, some Social Security numbers, diagnosis, immunizations and insurance information. They immediately notified the impacted individuals and Austin Police Department and took steps to reduce the possibility of this happening again.

Description: Ascension, one of the largest private healthcare systems in the United States, experienced a data breach that exposed the personal and healthcare information of over 430,000 patients. The incident, disclosed in April, involved a data theft attack impacting a former business partner in December. Attackers accessed personal health information related to inpatient visits, including physician names, admission and discharge dates, diagnosis and billing codes, medical record numbers, and insurance company names. Personal information such as names, addresses, phone numbers, email addresses, dates of birth, race, gender, and Social Security numbers were also compromised. The breach was linked to a vulnerability in third-party software used by the former business partner, likely part of widespread Clop ransomware attacks.

Description: A ransomware attack occurred against ESO Solutions, a significant software provider for emergency services and healthcare. This incident resulted from unauthorised data access and system encryption across many enterprise platforms. Depending on the information patients have shared with their healthcare providers using ESO's software, a range of personal data was exposed in the hack. Among the compromised data are: complete names dates of birth Numbers to call Numbers for patient accounts and medical records Details of the injury, diagnosis, treatment, and procedure, and Social Security numbers. It was established that patient data connected to U.S. hospitals and clinics that ESO serves as a client was compromised. All notified parties will receive a year of identity monitoring services from Kroll through ESO to assist in reducing risks.

Description: Ascension faced a ransomware attack resulting in severe disruptions across 140 hospitals, implicating patient care and treatment schedules. The recovery was hindered by the need for 'assurance' letters to reconnect systems with suppliers, adding to the operational chaos. The impact extended to canceled appointments and surgeries, and pushed medical staff to revert to manual processes. The organization's swift action towards transparency and reconnection of supplies post-attack mitigated prolonged delays.

Description: Ascension Health was the target of an unsuccessful ransomware attack by the BlackBasta cybercriminal group. The internal chat logs from BlackBasta revealed that this health organization could have suffered significant operational disruptions and potential data leaks that would impact patient privacy and the provision of healthcare services. While the attack was not fruitful, it exposed the vulnerability of critical health infrastructure to sophisticated cyber threats, emphasizing the need for robust cybersecurity measures.

Description: Ascension experienced a ransomware attack involving social engineering which resulted in the data of 5,599,699 individuals being affected. An employee was tricked into downloading malware, resulting in a data breach. Although there was no evidence that data was extracted from their Electronic Health Records (EHR) and other clinical systems where complete patient records are securely kept, personal information was involved and notifications to the affected individuals have been initiated.

Description: Ascension faced a cyber breach where a ransomware attack led to unauthorized disclosure of patient personal information. The incident caused class action lawsuits and disruptions in emergency medical services as well as interruptions to the electronic health records system. Identified as conducted by the Russian-speaking group Black Basta, the attack's consequences included services diversion, posing risks to patient care and data security.

Description: Providence Medical Institute experienced a ransomware attack in April 2018 which led to the encryption of ePHI across its systems, affecting 85,000 individuals. The attack exposed significant vulnerabilities, including lack of a business associate agreement and inadequate access controls. As a result, the U.S. Department of Health and Human Services imposed a civil penalty of $240,000 due to the HIPAA Security Rule violations following the series of ransomware attacks. These incidents underline critical lapses in cybersecurity measures necessary to protect sensitive health information.