TZUTC: -0500   
   MSGID: 1089.consprcy@1:2320/105 2c78ce5a   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Millions of users possibly at risk after Ascension healthcare reveals new    
   data breach, potentially linked to Cl0p ransomware   
      
   Date:   
   Thu, 01 May 2025 13:25:59 +0000   
      
   Description:   
   Another data breach has been announced by healthcare giant Ascension   
      
   FULL STORY   
      
   One of the biggest private healthcare systems in the US, Ascension, has   
   notified patients that personally identifiable information (PII) including   
   health data, was stolen in a previously unannounced attack affecting a former   
   business partner in December 2024.    
      
   The incident follows a previous ransomware attack in May 2024, in which the   
   sensitive data of six million patients , forcing the company to take systems   
   offline, divert ambulances, and pause elective care in some places.    
      
   On December 5, 2024, we learned that Ascension patient information may have   
   been involved in a potential security incident. We immediately initiated an   
   investigation to determine whether and how a security incident occurred,   
   Ascension confirmed in its breach notification.   
      
   Sensitive data exposed    
      
   Attackers reportedly gained access to sensitive information including the   
   name, address, phone number(s), email address, date of birth, race, gender,   
   and Social Security number (SSN), and even clinical and healthcare related   
   information of some patients, depending on the individual.    
      
   Our investigation determined on January 21, 2025, that Ascension    
   inadvertently disclosed information to a former business partner, and some of   
   this information was likely stolen from them due to a vulnerability in   
   third-party software used by the former business partner. We have since   
   reviewed our processes and are working to implement enhanced measures to   
   prevent similar incidents from occurring in the future," the company   
   confirmed.    
      
   This leaves anyone exposed at serious risk of social engineering attacks or   
   identity theft , especially given that SSNs are involved. To assist anyone   
   affected, Ascension is offering two years of free identity monitoring    
   services including credit monitoring, fraud consultation, and identity theft   
   restoration.    
      
   Although nothing is confirmed about the details of the incident, the timing   
   and description of the incident suggest this could be linked to the Cl0p   
   ransomware attack that abused a flaw in Cleo File Transfer software .    
      
   The group claimed 59 organizations were affected in the incident, so its   
   certainly possible that Ascension is part of that list.    
      
   Via BleepingComputer   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/millions-of-users-possibly-at-risk-afte   
   r-ascension-healthcare-reveals-new-data-breach-potentially-linked-to-cl0p-rans   
   omware   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426