SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Ascension Discloses Data Breach Potentially Linked to Cleo Hack

Ascension is notifying over 100,000 people that their personal information was stolen in a data breach potentially linked to the Cleo hack.

Non-profit healthcare system Ascension Health is notifying over 100,000 people that their personal and health information was stolen in a third-party data breach.

The data was stolen after hackers exploited a vulnerability in third-party software that a former business partner was using. Ascension inadvertently exposed the compromised information to that business partner.

The organization says it learned of the data breach on December 5, 2024, which, given its description of the incident, suggests that it was linked to the Cleo hack that affected dozens of entities.

As part of the attack on Cleo’s file transfer platform, the notorious Cl0p ransomware group exploited two zero-day flaws to exfiltrate data from numerous organizations, including car rental giant Hertz Corporation and Western Alliance Bank.

Ascension, which runs one of the largest healthcare systems in the US, appears to have been affected as well, through the former business partner that it did not name.

In an incident notice this week, the organization revealed that personal and health information such as names, addresses, phone numbers, dates of birth, email addresses, Social Security numbers, diagnosis details, insurance information, and inpatient visit details were stolen in the attack.

Ascension is providing the potentially affected individuals with two years of free credit monitoring and identity theft protection services.

The organization did not say how many individuals might have been affected by the data breach, but said the stolen information pertained to patients at its locations in Alabama, Michigan, Indiana, Tennessee, and Texas.

Advertisement. Scroll to continue reading.

Notices sent to Massachusetts and Texas authorities show that more than 114,700 people were affected. SecurityWeek has emailed Ascension for additional information on the incident and will update this article if a reply arrives.

Last year, Ascension disclosed a data breach that affected roughly 5.6 million individuals. The incident occurred in May 2024 and was said to be the result of a BlackBasta ransomware attack.

Related: 4 Million Affected by VeriSource Data Breach

Related: African Telecom Giant MTN Group Discloses Data Breach

Related: Blue Shield of California Data Breach Impacts 4.7 Million People

Related: 5.5 Million Patients Affected by Data Breach at Yale New Haven Health

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Virtual Event: Threat Detection and Incident Response Summit
May 21, 2025

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Webinar: Cut Through the Noise: Why Context is a Secret Weapon in ASPM
May 29, 2025

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Cloud and cybersecurity MSP Ekco has appointed Ben Savage as UK CEO.

Shane Barney has been appointed CISO of password management and PAM solutions provider Keeper Security.

Edge Delta has appointed Joan Pepin as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.