US hospital operator Ascension says 5.6 million affected in medical data breach in May

By Raphael Satter

WASHINGTON (Reuters) - Hospital operator Ascension told Maine's state attorney general on Friday that nearly 5.6 million people were affected in a ransomware attack that hit it earlier this year.

The company said an unspecified amount of medical data - including patients' medical records, lab tests and insurance information - was compromised.

Cybercriminals use ransomware to paralyze computer networks and extort a payment, typically in cryptocurrency. Many also steal data for added leverage.

Hospitals and healthcare providers - whose data is particularly sensitive and whose operations are especially critical - have regularly been targeted.

ADVERTISEMENT

In a letter to the attorney general, Ascension's lawyer said the incident happened on May 7 and 8 and blamed it on a "cybercriminal", whom the company did not identify. Ascension did not immediately return a message seeking further comment.

The hack disrupted clinical operations, Reuters reported at the time.

Founded as a Catholic nonprofit in 1999, the Ascension network has about 134,000 associates, 35,000 affiliated providers and 140 hospitals, serving 19 states and the District of Columbia.

This year a particularly damaging intrusion at UnitedHealth affected the information of 100 million people.

(Reporting by Raphael Satter in Washington and AJ Vicens in Detroit.)