We previously reported that Ascension Health detected a cyber-attack on May 8, 2024, that affected clinical operations in Ascension facilities in six states.

On December 20, 2024, Ascension notified the Maine Attorney General in a regulatory filing that the attack compromised the personal information of 5.6 million individuals. According to Ascension, the incident occurred on February 29, 2024, but was detected on May 8, 2024. The data compromised included individuals’ names, insurance information, Social Security numbers, and payment details. The incident occurred when “an employee accidentally downloaded a malicious file disguised as legitimate…an honest mistake.”

Ascension is notifying the individuals and providing 24 months of credit monitoring, a $1,000,000 insurance reimbursement policy, and identity theft recovery services for those affected by the incident.