A data breach tied to a former business partner of St. Louis-based Ascension compromised the information of 437,329 individuals.
Ascension reported the breach to the HHS Office for Civil Rights, which listed the incident on its public breach portal.
The breach was first identified by Ascension on Dec. 5. An internal investigation later determined on Jan. 21 that the incident likely stemmed from a vulnerability in the software of a third-party vendor. The exposed information varies by individual and includes both personal and clinical details.
Ascension emphasized that its own networks, systems and electronic health records were not affected by the breach.
Patients from Ascension facilities in Alabama, Michigan, Indiana, Tennessee and Texas were impacted.
The health system confirmed the breach to Becker’s on April 28.
Becker’s has reached out to Ascension for comment and will update this story if more information becomes available.
