Ascension Living residents, employees among 6 million affected by data breach

Senior living and care residents and employees are among the six million people Ascension said Dec. 19 that it was notifying of potential stolen personal information in the wake of a May 8 ransomware attack.

The St. Louis-based nonprofit healthcare network, which includes Ascension Living, operator of three dozen senior living and care communities and also a provider of home care and hospice services, announced Dec. 19 that a review by third-party experts of the attack was complete. On that date, Ascension began notifying individuals whose personal information was involved and is providing them with free credit monitoring and identity protection services.

The data that were compromised vary from person to person, the company said, but affected data may include medical information (such as medical record numbers, dates of service, types of lab tests and procedure codes), payment information (such as credit card and bank account numbers), insurance information (such as Medicaid/Medicare IDs, policy numbers and insurance claim information), government identification (such as Social Security, tax identification, driver’s license and passport numbers), and other personal information (such as dates of birth and addresses). 

Cyberattacks have become increasingly common in healthcare.

Recently, a state of Rhode Island computer system faced a major cyberattack potentially affecting the government’s long-term services and supports, Medicaid and other programs.

In a Dec. 30 update, Gov. Dan McKee (D) said that the state still did not know the scope of the data that are included in the accessed files, “but as we’ve been saying for several weeks, we should assume that data contained in the RIBridges system has been compromised.” 

Some files have been released to the “dark web,” according to the state, although they may not have been used for identity theft purposes — yet.

The governor encouraged affected individuals to freeze their credit, monitor their credit, request fraud alerts and use multi-factor authentication for account log-ins. Additionally, he said, residents should remain watchful for fake emails, phone calls or texts that look legitimate but could be fraudulent attempts to steal additional personal information.