1. Brief Description of the Story (with source)
In May 2024, Ascension was hit by a ransomware attack where hackers lock up computer files and demand money. It has taken months to determine how many people were affected. In December 2024, Ascension reported that the health records of nearly 5.6 million patients had been stolen. It was the third largest healthcare data breach of the year, behind the Change Healthcare ransomware attack (100 million records) and the Kaiser Foundation Health Plan tracking technology data breach (13.4 million records).
Original Reference: https://www.hipaajournal.com/ascension-cyberattack-2024/

2. Impact and Consequences of the Data Breach
The attack caused serious problems for Ascension’s hospitals and patients.
Operation Shutdown: The attack forced Ascension to redirect ambulances, shut down pharmacies, take important IT systems offline, and use pen and paper to record patient information.
Financial Lost: The attack caused delays in revenue cycle processes, claims submission, and payment processing, in addition to significant remediation costs. In its 2024 fiscal year, Ascension posted a net loss of almost $1.1 billion.
Patient Information Stolen: The hackers stole the private health information of 5,599,699 patients.
Legal Troubles: Because of the breach, Ascension was faced lawsuits from patients and an official government investigation.

3. How Did the Data Breach Occur?
An employee of Ascension unknowingly downloaded a malicious file on a work computer. That file allowed the hackers to move laterally and use ransomware to encrypt and stole data from Ascension’s computers. Then they launched their main attack which locked up the hospital’s systems.

4. What Was the Root Cause?
The main cause was ransomware likely spread through a phishing link. One of the employees accidentally downloaded a malicious file onto a work computer. Then, the attackers spread ransomware and stole patient records from the computers.

5. How could you prevent this data breach attack?
We could prevent these kinds of attacks by the following methods.
Training: regularly train staff on digital security and use practice phishing tests to keep them aware.
Email Security: set up powerful email security to automatically block dangerous emails before employees can see them.
Anitvirus: install antivirus software and regularly update on all work computers.
Limit Access: Give employees access only to the files and software they need for the job to prevent downloading and installing unknown software from unknown sources.
Backup Plan: regularly back up all important files and keep them separate from the main network.