Ascension Health has announced having some of its patients' data potentially exfiltrated following a December attack that compromised a former business partner's third-party software, CRN reports.
Information from Ascension patients at its Alabama, Indiana, Michigan, Tennessee, and Texas care sites, including names, birthdates, addresses, phone numbers, email addresses, Social Security numbers, race, and gender, as well as clinical details, were "inadvertently" shared with the breached business partner, which had vulnerable third-party software, noted the leading nonprofit Catholic health system in a statement.
"Importantly, this incident did not involve Ascension systems, networks, or electronic health records," said Ascension, which is providing two years of free identity monitoring services to affected individuals.
Such a disclosure comes months after Ascension reported having 5.6 million individuals' data exfiltrated in a Black Basta ransomware attack that led to the significant disruption of its electronic health records system, as well as some of its hospitals' emergency care operations.
