Ascension, based in St. Louis, is notifying patients that some personal information was exposed following a security incident involving a former business partner.
The breach affects patients from Ascension care sites in Alabama, Michigan, Indiana, Tennessee and Texas, according to a news release the health system shared with Becker’s. Ascension emphasized that the incident did not involve its own systems, networks or electronic health records.
Here are four things to know about the incident:
- On Dec. 5, Ascension learned that patient data may have been compromised and launched an investigation. On Jan. 21, investigators determined that Ascension had inadvertently disclosed information to a former business partner and that the data was likely stolen from the partner due to a vulnerability in the third party’s software.
- Ascension said it has since reviewed its processes and is working to implement enhanced safeguards to prevent similar incidents.
- The information involved includes demographic details such as names, addresses, phone numbers, email addresses, dates of birth, race, gender and Social Security numbers. Clinical information related to inpatient visits — including place of service, physician names, admission and discharge dates, diagnosis and billing codes, medical record numbers and insurance company names — may also have been exposed. The type of information affected varies by individual.
- Ascension is offering two years of complimentary credit monitoring and identity theft protection services through Kroll to those impacted. Services include credit monitoring, fraud consultation and identity theft restoration, according to the release.
