On December 19, Ascension disclosed that it had completed its review of individuals’ data that may have been involved in the May ransomware attack. The total number of people affected was listed as 5,599,699.
“Ascension was hacked through a social engineering email from a ransomware gang that lured an employee of Ascension to download malware that enabled the hacker to steal Ascension’s data,” Forbes’ Steve Weisman reported on December 23.
Ascension has begun notifying individuals whose personal information was involved in the incident. “Although patient data was involved, importantly, there remains no evidence that data was taken from our Electronic Health Records (EHR) and other clinical systems, where our full patient records are securely stored,” Ascension noted on its website.