Ascension Health reports data breach exposing patient info
Learn More
Ascension Health, a St. Louis-based healthcare provider, is reporting a data breach affecting patients across multiple states. This incident, was detected by Ascension on December 5, 2024, and exposed sensitive patient information due to a vulnerability in third-party software used by a former business partner.
On January 21, 2025, Ascension's investigation determined that the healthcare system had inadvertently disclosed information to a former business partner. Some of this information was stolen from the business partner due to a vulnerability in third-party software they were using. The breach affected Ascension care sites in Alabama, Michigan, Indiana, Tennessee, and Texas. The compromised data includes:
- Names
- Addresses
- Phone numbers
- Email addresses
- Dates of birth
- Race
- Gender
- Social Security numbers
- Place of service
- Physician names
- Admission and discharge dates
- Diagnosis and billing codes
- Medical record numbers
- Insurance company names
The number of affected individuals is not disclosed.
Update - as of 1st of May 2025, Ascension Health reports that the incident has impacted more than 100,000 people in multiple states.
As of 9th of May 2025, Ascension says recent data breach affects over 430,000 patients.
Ascension claims that their electronic health records, systems, or networks were directly impacted by this breach. This incident is separate from the cyberattack Ascension experienced in May 2024.
Ascension is offering two years of complimentary credit monitoring and identity theft protection services to affected individuals and has established a dedicated call center for questions at 866-408-3556, available from 8 a.m. to 5:30 p.m. CST, Monday through Friday (excluding major U.S. holidays).
