Ascension
Company Details
Linkedin ID:
ascensionorg
Website:
Employees number:
66,110
Number of followers:
285,431
NAICS:
62
Industry Type:
Homepage:
ascension.org
IP Addresses:
858
Company ID:
ASC_1647020
Scan Status:
Completed
Ascension Company CyberSecurity Posture
ascension.org
Answering God's call to bring health, healing and hope to all. Ascension is one of the nation’s leading non-profit and Catholic health systems, with a Mission of delivering compassionate, personalized care to all, with special attention to those most vulnerable. In FY2025, Ascension provided $1.7 billion in care of persons living in poverty and other community benefit programs along with $1.8 billion of unreimbursed care for Medicare patients. Across 16 states and the District of Columbia, Ascension’s network encompasses approximately 99,000 associates, 22,300 aligned providers, 95 wholly owned or consolidated hospitals, and ownership interests in 26 additional hospitals through partnerships. Ascension also operates 30 senior living facilities and a variety of other care sites offering a range of healthcare services.
Ascension A.I CyberSecurity Scoring
Ascension Risk Score (AI oriented)Between 0 and 549
Ascension
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Ascension Global Score (TPRM)XXXX
Ascension
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Ascension Company CyberSecurity News & History
Past Incidents
10
Attack Types
3
Ascension
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Ascension Michigan notifies some of its patients of a data breach that happened between Oct. 15, 2015, and Sept. 8, 2021. It noticed suspicious activity in its electronic health record and upon investigation found that an unauthorized individual accessed its patient information. The compromised information included full name, date of birth, address(es), email address(es), phone number(s), health insurance information, health insurance identification number and medical records, Social Security numbers. The Ascension Michigan offered free credit and identity theft protection-monitoring services to the affected patients.
Ascension Health
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: Ascension Health, a Missouri-based hospital system operating 140 hospitals across 19 U.S. states, faced a **May 2024 data breach** exposing the **personal information of over 5 million individuals**. The breach allegedly stemmed from negligent cybersecurity practices, leading to a **proposed class-action lawsuit** for failing to protect sensitive data. Plaintiffs accused Ascension of violating **consumer protection laws in six states**, along with claims of **negligence and negligence per se**. The exposed data—though not explicitly detailed in the article—likely includes **medical, financial, or personally identifiable information (PII)**, given the healthcare context. The breach’s scale and the **legal standing granted by a federal judge** underscore its severity, as it directly threatens **patient trust, regulatory compliance, and potential financial liabilities**. The incident highlights systemic vulnerabilities in healthcare cybersecurity, where data exposures can have **long-term reputational and operational consequences** for providers.
Ascension
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: Ascension, one of the largest private healthcare systems in the United States, experienced a data breach that exposed the personal and healthcare information of over 430,000 patients. The incident, disclosed in April, involved a data theft attack impacting a former business partner in December. Attackers accessed personal health information related to inpatient visits, including physician names, admission and discharge dates, diagnosis and billing codes, medical record numbers, and insurance company names. Personal information such as names, addresses, phone numbers, email addresses, dates of birth, race, gender, and Social Security numbers were also compromised. The breach was linked to a vulnerability in third-party software used by the former business partner, likely part of widespread Clop ransomware attacks.
Ascension Health
Cyber Attack
Rankiteo Explanation
Attack threatening the organization’s existence
Description: On December 19, 2024, the Maine Office of the Attorney General disclosed a severe data breach affecting **Ascension Health**, stemming from an external hacking incident that occurred on **May 8, 2024**. The breach compromised the personal data of approximately **5,599,699 individuals**, including **658 Maine residents**. The exposed information encompasses highly sensitive details such as **medical records, payment data, insurance information, and government-issued identification documents**.This incident poses a critical threat to the affected individuals, as the leaked data could facilitate **identity theft, financial fraud, and targeted phishing attacks**. The scale of the breach—impacting millions—suggests systemic vulnerabilities in Ascension Health’s cybersecurity defenses, raising concerns about the organization’s ability to safeguard patient confidentiality. The inclusion of **medical and financial data** elevates the risk of long-term harm, including potential **blackmail, fraudulent medical claims, or unauthorized access to healthcare services**. The breach not only undermines trust in Ascension Health but also highlights the broader risks associated with cyberattacks on healthcare providers, where data integrity is paramount for patient safety and operational continuity.
Ascension
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: The California Attorney General's Office reported that Ascension Health experienced a ransomware attack on May 8, 2024, affecting personal information of patients and associates. The breach potentially exposed names, medical information, payment information, insurance information, government identification, and other personal information. The number of individuals affected is currently unknown.
Ascension Health
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: On December 19, 2024, the Washington State Office of the Attorney General disclosed a **ransomware attack** targeting **Ascension Health**, initially detected on **May 8, 2024**. The breach compromised the personal data of **5,787 Washington residents**, exposing highly sensitive information, including **Social Security numbers (SSNs) and medical records**. The attack posed severe risks to affected individuals, as exposed SSNs and medical data can facilitate **identity theft, financial fraud, and targeted phishing scams**. Given the nature of the stolen data—health records in particular—the breach also raised concerns about **long-term privacy violations, potential blackmail, and misuse of medical histories**. Ascension Health, a major healthcare provider, faced **reputational damage, regulatory scrutiny, and potential legal liabilities** due to the failure to prevent the attack. The incident underscored vulnerabilities in healthcare cybersecurity, where ransomware groups increasingly target **critical patient data** for extortion. The exposure of such information not only harms individuals but also erodes trust in the organization’s ability to safeguard confidential records. Recovery efforts likely involved **forensic investigations, notification processes, credit monitoring for victims, and system reinforcements** to mitigate future threats.
Ascension
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: In February 2024, Ascension, a major healthcare provider, suffered a devastating **ransomware attack** initiated when a contractor clicked a phishing link via Microsoft Bing and Edge. The attack exploited **Kerberoasting**, leveraging Microsoft’s outdated **RC4 encryption** (a 1980s protocol long deemed insecure) to gain administrative privileges through **Active Directory**. Hackers then deployed ransomware across **thousands of systems**, compromising **personal data, medical records, payment/insurance details, and government IDs of over 5.6 million patients**. The breach disrupted hospital operations, delayed critical treatments, and exposed systemic vulnerabilities tied to Microsoft’s default security configurations—including weak password policies for privileged accounts. Despite repeated warnings from **CISA, FBI, and NSA** about RC4 and Kerberoasting risks (notably by state actors like Iran), Microsoft had yet to disable RC4 by default, prolonging exposure. Ascension’s incident underscores the cascading impact of **legacy encryption flaws**, **poor default security settings**, and **third-party contractor risks** in healthcare cybersecurity.
Ascension
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Ascension experienced a ransomware attack involving social engineering which resulted in the data of 5,599,699 individuals being affected. An employee was tricked into downloading malware, resulting in a data breach. Although there was no evidence that data was extracted from their Electronic Health Records (EHR) and other clinical systems where complete patient records are securely kept, personal information was involved and notifications to the affected individuals have been initiated.
Ascension
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Ascension faced a cyber breach where a ransomware attack led to unauthorized disclosure of patient personal information. The incident caused class action lawsuits and disruptions in emergency medical services as well as interruptions to the electronic health records system. Identified as conducted by the Russian-speaking group Black Basta, the attack's consequences included services diversion, posing risks to patient care and data security.
Ascension
Ransomware
Rankiteo Explanation
Attack that could injure or kill people
Description: Ascension faced a ransomware attack resulting in severe disruptions across 140 hospitals, implicating patient care and treatment schedules. The recovery was hindered by the need for 'assurance' letters to reconnect systems with suppliers, adding to the operational chaos. The impact extended to canceled appointments and surgeries, and pushed medical staff to revert to manual processes. The organization's swift action towards transparency and reconnection of supplies post-attack mitigated prolonged delays.
Ascension Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Ascension
Incidents vs Hospitals and Health Care Industry Average (This Year)
Ascension has 33.33% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Ascension has 53.85% more incidents than the average of all companies with at least one recorded incident.
Incident Types Ascension vs Hospitals and Health Care Industry Avg (This Year)
Ascension reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — Ascension (X = Date, Y = Severity)
Ascension cyber incidents detection timeline including parent company and subsidiaries
Ascension Company Subsidiaries
Answering God's call to bring health, healing and hope to all. Ascension is one of the nation’s leading non-profit and Catholic health systems, with a Mission of delivering compassionate, personalized care to all, with special attention to those most vulnerable. In FY2025, Ascension provided $1.7 billion in care of persons living in poverty and other community benefit programs along with $1.8 billion of unreimbursed care for Medicare patients. Across 16 states and the District of Columbia, Ascension’s network encompasses approximately 99,000 associates, 22,300 aligned providers, 95 wholly owned or consolidated hospitals, and ownership interests in 26 additional hospitals through partnerships. Ascension also operates 30 senior living facilities and a variety of other care sites offering a range of healthcare services.
Loading...
Ascension Similar Companies
McKesson
Welcome to the official LinkedIn page for McKesson Corporation. We're an impact-driven healthcare organization dedicated to “Advancing Health Outcomes For All.” As a global healthcare company, we touch virtually every aspect of health. Our leaders empower our people to lead with a growth mindset an
Rochester Regional Health
Rochester Regional Health, headquartered in Rochester, NY, is an integrated health services organization serving the people of Western New York, the Finger Lakes, St. Lawrence County, and beyond. We are dedicated to helping our community stay healthy and live fulfilling lives. Together, we find the
AdventHealth is a connected network of care that helps people feel whole – body, mind and spirit. More than 100,000 team members across a national footprint provide whole-person care to nearly nine million people annually through more than 2,000 care sites that include hospitals, physician practices
IQVIA (NYSE:IQV) is a leading global provider of clinical research services, commercial insights and healthcare intelligence to the life sciences and healthcare industries. IQVIA’s portfolio of solutions are powered by IQVIA Connected Intelligence™ to deliver actionable insights and services built o
Baptist Health
Baptist Health South Florida is the largest healthcare organization in the region, with 12 hospitals, more than 28,000 employees, 4,500 physicians and 200 outpatient centers, urgent care facilities and physician practices spanning Miami-Dade, Monroe, Broward and Palm Beach counties. Baptist Health S
RWJBarnabas Health is New Jersey’s largest and most comprehensive academic health system, caring for more than 5 million people annually. Nationally renowned for quality and safety, the system includes 14 hospitals and 9,000 affiliated physicians integrated to provide care at more than 700 patient
Mercy Health
At Mercy Health, we understand that every family is a universe. A network of people who love, and support, and count on one other to be there. Everybody means the world to someone and we are committed to care for others so they can be there for the ones they love. With nearly 35,000 employees across
Beth Israel Deaconess Medical Center
Beth Israel Deaconess Medical Center (BIDMC) is part of Beth Israel Lahey Health, a new health care system that brings together academic medical centers and teaching hospitals, community and specialty hospitals, more than 4,000 physicians and 35,000 employees in a shared mission to expand access to
Northside Hospital
Northside Hospital — a certified Great Place To Work® — is one of Georgia’s top health systems. We have acute-care hospitals in Atlanta, Canton, Cumming, Duluth and Lawrenceville and hundreds of outpatient locations across the state. Northside Hospital leads the U.S. in newborn deliveries and is amo
.png)
Ascension CyberSecurity News
September 25, 2025 07:00 AM
Class action against Ascension over 2024 cybersecurity breach trimmed, but may continue, judge rules
The 13 named plaintiffs on the consolidated class action were patients at the time of the breach and said they had given Ascension their...
September 11, 2025 07:00 AM
Cybersecurity News: npm update, Cursor Autorun flaw details, Microsoft probe over Ascension hack?
The code attempted to hijack cryptocurrency transactions, but quick detection and response limited the damage: malicious versions were live for...
September 11, 2025 07:00 AM
Senator Wyden Urges FTC to Probe Microsoft for Ransomware-Linked Cybersecurity Negligence
Sen. Wyden urges FTC probe after Ascension breach exposed 5.6M records via Microsoft's insecure RC4 defaults.
September 11, 2025 07:00 AM
Ron Wyden asks FTC to investigate Microsoft for enabling Ascension ransomware attack
A prominent senator is calling for federal regulators to investigate Microsoft over “gross cybersecurity negligence” he said enabled last...
September 11, 2025 07:00 AM
Senator Urges FTC Probe Into Microsoft After Ascension Ransomware Attack
US Senator Ron Wyden urges the FTC to investigate Microsoft after its software contributed to a major ransomware attack on Ascension...
September 11, 2025 07:00 AM
US Senator urges probing Microsoft over cybersecurity negligence, ransomware risks
Senator Ron Wyden urged the Federal Trade Commission to investigate Microsoft for “gross cybersecurity negligence,” citing ransomware...
September 10, 2025 07:00 AM
Wyden calls on FTC to investigate Microsoft for ‘gross cybersecurity negligence’ in protecting critical infrastructure
The Oregon senator said Microsoft's default settings for Windows and other products are enabling ransomware attacks, like the one against...
September 10, 2025 07:00 AM
Wyden Says Microsoft Flaws Led to Hack of US Hospital System
US Senator Ron Wyden says glaring cybersecurity flaws by Microsoft Corp. enabled a ransomware attack on a US hospital system and has called...
August 14, 2025 07:00 AM
Barracuda Managed XDR Named Best SecOps Solution in 2025 Tech Ascension Awards
PRNewswire/ -- Barracuda Networks, Inc., a leading cybersecurity company providing complete protection against complex threats for...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Ascension CyberSecurity History Information
Official Website of Ascension
The official website of Ascension is http://www.ascension.org/.
Ascension’s AI-Generated Cybersecurity Score
According to Rankiteo, Ascension’s AI-generated cybersecurity score is 132, reflecting their Critical security posture.
How many security badges does Ascension’ have ?
According to Rankiteo, Ascension currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Ascension have SOC 2 Type 1 certification ?
According to Rankiteo, Ascension is not certified under SOC 2 Type 1.
Does Ascension have SOC 2 Type 2 certification ?
According to Rankiteo, Ascension does not hold a SOC 2 Type 2 certification.
Does Ascension comply with GDPR ?
According to Rankiteo, Ascension is not listed as GDPR compliant.
Does Ascension have PCI DSS certification ?
According to Rankiteo, Ascension does not currently maintain PCI DSS compliance.
Does Ascension comply with HIPAA ?
According to Rankiteo, Ascension is not compliant with HIPAA regulations.
Does Ascension have ISO 27001 certification ?
According to Rankiteo,Ascension is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Ascension
Ascension operates primarily in the Hospitals and Health Care industry.
Number of Employees at Ascension
Ascension employs approximately 66,110 people worldwide.
Subsidiaries Owned by Ascension
Ascension presently has no subsidiaries across any sectors.
Ascension’s LinkedIn Followers
Ascension’s official LinkedIn profile has approximately 285,431 followers.
NAICS Classification of Ascension
Ascension is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
Ascension’s Presence on Crunchbase
No, Ascension does not have a profile on Crunchbase.
Ascension’s Presence on LinkedIn
Yes, Ascension maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/ascensionorg.
Cybersecurity Incidents Involving Ascension
As of December 10, 2025, Rankiteo reports that Ascension has experienced 10 cybersecurity incidents.
Number of Peer and Competitor Companies
Ascension has an estimated 30,832 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Ascension ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack, Ransomware and Breach.
How does Ascension detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with free credit and identity theft protection-monitoring services, and communication strategy with notified affected patients, and recovery measures with transparency, recovery measures with reconnection of supplies, and communication strategy with transparency, and communication strategy with notifications to affected individuals..
Incident Details
Can you provide details on each incident ?
Title: Ascension Michigan Data Breach
Description: Ascension Michigan notifies some of its patients of a data breach that happened between Oct. 15, 2015, and Sept. 8, 2021. It noticed suspicious activity in its electronic health record and upon investigation found that an unauthorized individual accessed its patient information. The compromised information included full name, date of birth, address(es), email address(es), phone number(s), health insurance information, health insurance identification number and medical records, Social Security numbers. Ascension Michigan offered free credit and identity theft protection-monitoring services to the affected patients.
Date Detected: 2021-09-08
Type: Data Breach
Attack Vector: Unauthorized Access
Threat Actor: Unauthorized Individual
Title: Ransomware Attack on Ascension
Description: Ascension faced a ransomware attack resulting in severe disruptions across 140 hospitals, implicating patient care and treatment schedules. The recovery was hindered by the need for 'assurance' letters to reconnect systems with suppliers, adding to the operational chaos. The impact extended to canceled appointments and surgeries, and pushed medical staff to revert to manual processes. The organization's swift action towards transparency and reconnection of supplies post-attack mitigated prolonged delays.
Type: Ransomware
Title: Ascension Ransomware Attack
Description: Ascension experienced a ransomware attack involving social engineering which resulted in the data of 5,599,699 individuals being affected.
Type: Ransomware Attack
Attack Vector: Social Engineering
Vulnerability Exploited: Human Error
Motivation: Financial
Title: Ascension Ransomware Attack
Description: Ascension faced a cyber breach where a ransomware attack led to unauthorized disclosure of patient personal information. The incident caused class action lawsuits and disruptions in emergency medical services as well as interruptions to the electronic health records system. Identified as conducted by the Russian-speaking group Black Basta, the attack's consequences included services diversion, posing risks to patient care and data security.
Type: Ransomware Attack
Threat Actor: Black Basta
Title: Ascension Healthcare Data Breach
Description: Ascension, one of the largest private healthcare systems in the United States, experienced a data breach that exposed the personal and healthcare information of over 430,000 patients. The incident, disclosed in April, involved a data theft attack impacting a former business partner in December. Attackers accessed personal health information related to inpatient visits, including physician names, admission and discharge dates, diagnosis and billing codes, medical record numbers, and insurance company names. Personal information such as names, addresses, phone numbers, email addresses, dates of birth, race, gender, and Social Security numbers were also compromised. The breach was linked to a vulnerability in third-party software used by the former business partner, likely part of widespread Clop ransomware attacks.
Date Detected: December
Date Publicly Disclosed: April
Type: Data Breach
Attack Vector: Vulnerability in third-party software
Vulnerability Exploited: Third-party software vulnerability
Threat Actor: Clop ransomware group
Motivation: Data theft
Title: Ascension Health Ransomware Attack
Description: The California Attorney General's Office reported that Ascension Health experienced a ransomware attack on May 8, 2024, affecting personal information of patients and associates. The breach potentially exposed names, medical information, payment information, insurance information, government identification, and other personal information. The number of individuals affected is currently unknown.
Date Detected: 2024-05-08
Type: Ransomware Attack
Title: Ascension Health Data Breach (2024)
Description: The Maine Office of the Attorney General reported a data breach involving Ascension Health on December 19, 2024. The breach occurred on May 8, 2024, due to an external hacking incident, affecting approximately 5,599,699 individuals in total, with 658 Maine residents specifically impacted. Personal data potentially compromised includes medical, payment, insurance, and government identification information.
Date Detected: 2024-05-08
Date Publicly Disclosed: 2024-12-19
Type: Data Breach
Attack Vector: External Hacking
Title: Ascension Hospital Ransomware Attack (2024)
Description: A ransomware attack on Ascension hospital in 2024 resulted in the theft of personal data, medical data, payment information, insurance information, and government IDs for over 5.6 million patients. The attack originated from a contractor clicking a phishing link via Microsoft Bing and Edge, exploiting vulnerabilities in Microsoft's Active Directory (Kerberoasting technique) due to outdated RC4 encryption support. Hackers gained administrative privileges and deployed ransomware across thousands of systems.
Date Detected: 2024-02
Type: ransomware
Attack Vector: phishingexploitation of outdated encryption (RC4)Kerberoastingprivilege escalation via Active Directory
Vulnerability Exploited: RC4 encryption (obsolete since 1980s)Kerberoasting in Active Directorydefault weak password policies (privileged accounts <14 characters)
Motivation: financial gain (ransomware)data theft
Title: Ascension Health Ransomware Attack and Data Breach (2024)
Description: On December 19, 2024, the Washington State Office of the Attorney General reported a data breach involving Ascension Health, discovered on May 8, 2024. The breach was caused by a ransomware attack affecting approximately 5,787 Washington residents and potentially exposing personal information, including social security numbers and medical data.
Date Detected: 2024-05-08
Date Publicly Disclosed: 2024-12-19
Type: ransomware
Title: Ascension Health Data Breach (May 2024)
Description: Missouri-based Ascension Health faced a proposed class action alleging negligent failure to protect the personal information of over 5 million people exposed in a May 2024 data breach. Plaintiffs claimed violations of consumer protection laws in six states, negligence, and negligence per se. The breach affected Ascension, a hospital system with 140 hospitals across 19 states.
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Social Engineering and phishing link clicked via Microsoft Bing/Edge on contractor’s laptop.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach ASC124828422
Data Compromised: Full name, Date of birth, Address(es), Email address(es), Phone number(s), Health insurance information, Health insurance identification number, Medical records, Social security numbers
Systems Affected: Electronic Health Record
Identity Theft Risk: High
Incident : Ransomware ASC1012070724
Systems Affected: 140 hospitals
Operational Impact: Canceled appointmentsCanceled surgeriesReverted to manual processes
Incident : Ransomware Attack ASC000032225
Data Compromised: Personal information
Systems Affected: Electronic Health Records (EHR)Other Clinical Systems
Incident : Ransomware Attack ASC004032225
Data Compromised: Patient personal information
Systems Affected: Electronic health records systemEmergency medical services
Downtime: Services diversion
Operational Impact: Disruptions in emergency medical services and interruptions to the electronic health records system
Legal Liabilities: Class action lawsuits
Incident : Data Breach ASC220051225
Data Compromised: Personal health information, Physician names, Admission and discharge dates, Diagnosis and billing codes, Medical record numbers, Insurance company names, Names, Addresses, Phone numbers, Email addresses, Dates of birth, Race, Gender, Social security numbers
Incident : Ransomware Attack ASC146072825
Data Compromised: Names, Medical information, Payment information, Insurance information, Government identification, Other personal information
Incident : Data Breach ASC546082925
Data Compromised: Medical information, Payment information, Insurance information, Government identification information
Identity Theft Risk: High
Payment Information Risk: High
Incident : ransomware ASC5102151091125
Data Compromised: Personal data, Medical records, Payment information, Insurance information, Government ids
Systems Affected: thousands of computers
Operational Impact: severe (healthcare operations disrupted)
Brand Reputation Impact: high (public scrutiny, regulatory concern)
Identity Theft Risk: high (5.6M records exposed)
Payment Information Risk: high
Incident : ransomware ASC547091725
Data Compromised: Social security numbers, Medical information
Identity Theft Risk: high
Incident : Data Breach ASC2293322092425
Data Compromised: Personal information
Customer Complaints: Class action lawsuit filed
Brand Reputation Impact: Significant (class action alleging negligence)
Legal Liabilities: Proposed class action for negligence, negligence per se, and violations of consumer protection laws in six states
Identity Theft Risk: High (personal information of 5M+ exposed)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personally Identifiable Information, Health Information, , Personal Information, , Patient personal information, Personal Health Information, Personal Information, , Names, Medical Information, Payment Information, Insurance Information, Government Identification, Other Personal Information, , Medical, Payment, Insurance, Government Identification, , Personal Data, Medical Records, Payment Information, Insurance Details, Government Ids, , Personally Identifiable Information (Pii), Protected Health Information (Phi), and Personal Information.
Which entities were affected by each incident ?
Incident : Data Breach ASC124828422
Entity Name: Ascension Michigan
Entity Type: Healthcare Provider
Industry: Healthcare
Location: Michigan
Incident : Ransomware ASC1012070724
Entity Name: Ascension
Entity Type: Healthcare
Industry: Healthcare
Size: 140 hospitals
Incident : Ransomware Attack ASC000032225
Entity Name: Ascension
Entity Type: Healthcare
Industry: Healthcare
Customers Affected: 5599699
Incident : Ransomware Attack ASC004032225
Entity Name: Ascension
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach ASC220051225
Entity Name: Ascension
Entity Type: Healthcare System
Industry: Healthcare
Location: United States
Customers Affected: 430000
Incident : Ransomware Attack ASC146072825
Entity Name: Ascension Health
Entity Type: Healthcare Provider
Industry: Healthcare
Incident : Data Breach ASC546082925
Entity Name: Ascension Health
Entity Type: Healthcare Provider
Industry: Healthcare
Location: United States
Customers Affected: 5,599,699 (658 in Maine)
Incident : ransomware ASC5102151091125
Entity Name: Ascension
Entity Type: healthcare provider
Industry: healthcare
Location: United States
Customers Affected: 5.6 million patients
Incident : ransomware ASC547091725
Entity Name: Ascension Health
Entity Type: healthcare provider
Industry: healthcare
Location: United States (Washington residents affected)
Customers Affected: 5,787
Incident : Data Breach ASC2293322092425
Entity Name: Ascension Health
Entity Type: Hospital System
Industry: Healthcare
Location: Missouri, USA (operates in 19 states)
Size: 140 hospitals
Customers Affected: 5,000,000+
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach ASC124828422
Remediation Measures: Free credit and identity theft protection-monitoring services
Communication Strategy: Notified affected patients
Incident : Ransomware ASC1012070724
Recovery Measures: TransparencyReconnection of supplies
Communication Strategy: Transparency
Incident : Ransomware Attack ASC000032225
Communication Strategy: Notifications to affected individuals
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach ASC124828422
Type of Data Compromised: Personally identifiable information, Health information
Sensitivity of Data: High
Personally Identifiable Information: full namedate of birthaddress(es)email address(es)phone number(s)Social Security numbers
Incident : Ransomware Attack ASC000032225
Type of Data Compromised: Personal information
Number of Records Exposed: 5599699
Sensitivity of Data: High
Incident : Ransomware Attack ASC004032225
Type of Data Compromised: Patient personal information
Incident : Data Breach ASC220051225
Type of Data Compromised: Personal health information, Personal information
Number of Records Exposed: 430000
Sensitivity of Data: High
Personally Identifiable Information: NamesAddressesPhone numbersEmail addressesDates of birthRaceGenderSocial Security numbers
Incident : Ransomware Attack ASC146072825
Type of Data Compromised: Names, Medical information, Payment information, Insurance information, Government identification, Other personal information
Incident : Data Breach ASC546082925
Type of Data Compromised: Medical, Payment, Insurance, Government identification
Number of Records Exposed: 5,599,699
Sensitivity of Data: High
Incident : ransomware ASC5102151091125
Type of Data Compromised: Personal data, Medical records, Payment information, Insurance details, Government ids
Number of Records Exposed: 5.6 million
Sensitivity of Data: high (PII, PHI, financial data)
Data Exfiltration: yes
Data Encryption: no (RC4 encryption exploited)
Personally Identifiable Information: yes
Incident : ransomware ASC547091725
Type of Data Compromised: Personally identifiable information (pii), Protected health information (phi)
Number of Records Exposed: 5,787
Sensitivity of Data: high
Personally Identifiable Information: social security numbersmedical information
Incident : Data Breach ASC2293322092425
Type of Data Compromised: Personal Information
Number of Records Exposed: 5,000,000+
Sensitivity of Data: High
Personally Identifiable Information: Yes
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Free credit and identity theft protection-monitoring services, .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware Attack ASC000032225
Data Encryption: True
Incident : Data Breach ASC220051225
Ransomware Strain: Clop
Incident : ransomware ASC5102151091125
Data Encryption: yes (ransomware deployed across systems)
Data Exfiltration: yes
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Transparency, Reconnection of supplies, .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Ransomware Attack ASC004032225
Legal Actions: Class action lawsuits
Incident : Data Breach ASC546082925
Regulatory Notifications: Maine Office of the Attorney General
Incident : ransomware ASC5102151091125
Legal Actions: Sen. Ron Wyden's call for FTC investigation into Microsoft's default security configurations,
Regulatory Notifications: CISA, FBI, NSA warnings (2023–2024) about RC4/Kerberoasting exploits in healthcare
Incident : ransomware ASC547091725
Regulatory Notifications: Washington State Office of the Attorney General
Incident : Data Breach ASC2293322092425
Regulations Violated: Consumer Protection Laws (six states),
Legal Actions: Proposed class action lawsuit (negligence, negligence per se, consumer protection violations)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class action lawsuits, Sen. Ron Wyden's call for FTC investigation into Microsoft's default security configurations, , Proposed class action lawsuit (negligence, negligence per se, consumer protection violations).
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : ransomware ASC5102151091125
Lessons Learned: Default configurations in enterprise software (e.g., Microsoft Active Directory) can enable large-scale breaches if outdated protocols (e.g., RC4) are retained., Kerberoasting exploits persist due to legacy encryption support, despite decades of warnings., Organizations rarely modify default security settings, placing burden on vendors to enforce secure defaults., Phishing remains a critical initial access vector, especially via default applications (e.g., Microsoft Edge/Bing).
What recommendations were made to prevent future incidents ?
Incident : ransomware ASC5102151091125
Recommendations: Microsoft should disable RC4 by default immediately (planned for Q1 2026 is insufficient)., Enforce stronger default password policies for privileged accounts (e.g., 14+ characters)., Healthcare sector should prioritize patching Active Directory vulnerabilities and monitoring for Kerberoasting., Vendors must proactively deprecate obsolete encryption standards, even if it risks breaking legacy systems., Public disclosure of timelines for security fixes should be accelerated to reduce exposure windows.Microsoft should disable RC4 by default immediately (planned for Q1 2026 is insufficient)., Enforce stronger default password policies for privileged accounts (e.g., 14+ characters)., Healthcare sector should prioritize patching Active Directory vulnerabilities and monitoring for Kerberoasting., Vendors must proactively deprecate obsolete encryption standards, even if it risks breaking legacy systems., Public disclosure of timelines for security fixes should be accelerated to reduce exposure windows.Microsoft should disable RC4 by default immediately (planned for Q1 2026 is insufficient)., Enforce stronger default password policies for privileged accounts (e.g., 14+ characters)., Healthcare sector should prioritize patching Active Directory vulnerabilities and monitoring for Kerberoasting., Vendors must proactively deprecate obsolete encryption standards, even if it risks breaking legacy systems., Public disclosure of timelines for security fixes should be accelerated to reduce exposure windows.Microsoft should disable RC4 by default immediately (planned for Q1 2026 is insufficient)., Enforce stronger default password policies for privileged accounts (e.g., 14+ characters)., Healthcare sector should prioritize patching Active Directory vulnerabilities and monitoring for Kerberoasting., Vendors must proactively deprecate obsolete encryption standards, even if it risks breaking legacy systems., Public disclosure of timelines for security fixes should be accelerated to reduce exposure windows.Microsoft should disable RC4 by default immediately (planned for Q1 2026 is insufficient)., Enforce stronger default password policies for privileged accounts (e.g., 14+ characters)., Healthcare sector should prioritize patching Active Directory vulnerabilities and monitoring for Kerberoasting., Vendors must proactively deprecate obsolete encryption standards, even if it risks breaking legacy systems., Public disclosure of timelines for security fixes should be accelerated to reduce exposure windows.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Default configurations in enterprise software (e.g., Microsoft Active Directory) can enable large-scale breaches if outdated protocols (e.g., RC4) are retained.,Kerberoasting exploits persist due to legacy encryption support, despite decades of warnings.,Organizations rarely modify default security settings, placing burden on vendors to enforce secure defaults.,Phishing remains a critical initial access vector, especially via default applications (e.g., Microsoft Edge/Bing).
References
Where can I find more information about each incident ?
Incident : Ransomware Attack ASC146072825
Source: California Attorney General's Office
Incident : Data Breach ASC546082925
Source: Maine Office of the Attorney General
Date Accessed: 2024-12-19
Incident : ransomware ASC5102151091125
Source: CyberScoop
Incident : ransomware ASC5102151091125
Source: Sen. Ron Wyden’s letter to FTC Chair Andrew Ferguson
Incident : ransomware ASC5102151091125
Source: CISA, FBI, NSA joint advisory (2023–2024) on RC4/Kerberoasting
Incident : ransomware ASC547091725
Source: Washington State Office of the Attorney General
Date Accessed: 2024-12-19
Incident : Data Breach ASC2293322092425
Source: US District Court for the Eastern District of Missouri (Judge John A. Ross ruling)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Attorney General's Office, and Source: Maine Office of the Attorney GeneralDate Accessed: 2024-12-19, and Source: CyberScoop, and Source: Sen. Ron Wyden’s letter to FTC Chair Andrew Ferguson, and Source: CISA, FBI, NSA joint advisory (2023–2024) on RC4/Kerberoasting, and Source: Washington State Office of the Attorney GeneralDate Accessed: 2024-12-19, and Source: US District Court for the Eastern District of Missouri (Judge John A. Ross ruling).
Investigation Status
What is the current status of the investigation for each incident ?
Incident : ransomware ASC5102151091125
Investigation Status: ongoing (FTC investigation requested by Sen. Wyden)
Incident : Data Breach ASC2293322092425
Investigation Status: Ongoing (class action lawsuit in progress)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notified Affected Patients, Transparency and Notifications To Affected Individuals.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Ransomware Attack ASC000032225
Customer Advisories: Notifications to affected individuals
Incident : ransomware ASC5102151091125
Stakeholder Advisories: Sen. Wyden’S Oversight Findings Shared With Ascension And Microsoft.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Notifications To Affected Individuals, and Sen. Wyden’S Oversight Findings Shared With Ascension And Microsoft.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Ransomware Attack ASC000032225
Entry Point: Social Engineering
Incident : ransomware ASC5102151091125
Entry Point: phishing link clicked via Microsoft Bing/Edge on contractor’s laptop
High Value Targets: Active Directory Administrative Privileges,
Data Sold on Dark Web: Active Directory Administrative Privileges,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Ransomware Attack ASC000032225
Root Causes: Human Error,
Incident : ransomware ASC5102151091125
Root Causes: Use Of Obsolete Rc4 Encryption In Active Directory (Enabled By Default)., Default Weak Password Policies For Privileged Accounts., Phishing Attack Via Default Microsoft Applications (Edge/Bing)., Lack Of Network Segmentation Allowing Lateral Movement To Thousands Of Systems.,
Corrective Actions: Microsoft’S Planned Deprecation Of Rc4 (Q1 2026 For Active Directory)., Ascension Likely Implemented Stricter Password Policies And Active Directory Monitoring Post-Breach.,
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Microsoft’S Planned Deprecation Of Rc4 (Q1 2026 For Active Directory)., Ascension Likely Implemented Stricter Password Policies And Active Directory Monitoring Post-Breach., .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Unauthorized Individual, Black Basta and Clop ransomware group.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2021-09-08.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-12-19.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were full name, date of birth, address(es), email address(es), phone number(s), health insurance information, health insurance identification number, medical records, Social Security numbers, , Personal Information, , Patient personal information, Personal health information, Physician names, Admission and discharge dates, Diagnosis and billing codes, Medical record numbers, Insurance company names, Names, Addresses, Phone numbers, Email addresses, Dates of birth, Race, Gender, Social Security numbers, , names, medical information, payment information, insurance information, government identification, other personal information, , Medical Information, Payment Information, Insurance Information, Government Identification Information, , personal data, medical records, payment information, insurance information, government IDs, , social security numbers, medical information, , Personal Information and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Electronic Health Record and and Electronic Health Records (EHR)Other Clinical Systems and Electronic health records systemEmergency medical services and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were date of birth, Race, Admission and discharge dates, Social Security numbers, full name, Diagnosis and billing codes, Phone numbers, medical information, names, insurance information, government IDs, address(es), other personal information, payment information, Personal health information, Addresses, Insurance Information, email address(es), personal data, medical records, Personal Information, Payment Information, Government Identification Information, phone number(s), Dates of birth, Gender, Medical Information, social security numbers, Patient personal information, government identification, Physician names, health insurance information, Names, Email addresses, health insurance identification number, Insurance company names and Medical record numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 16.2M.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class action lawsuits, Sen. Ron Wyden's call for FTC investigation into Microsoft's default security configurations, , Proposed class action lawsuit (negligence, negligence per se, consumer protection violations).
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Phishing remains a critical initial access vector, especially via default applications (e.g., Microsoft Edge/Bing).
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Vendors must proactively deprecate obsolete encryption standards, even if it risks breaking legacy systems., Microsoft should disable RC4 by default immediately (planned for Q1 2026 is insufficient)., Enforce stronger default password policies for privileged accounts (e.g., 14+ characters)., Healthcare sector should prioritize patching Active Directory vulnerabilities and monitoring for Kerberoasting. and Public disclosure of timelines for security fixes should be accelerated to reduce exposure windows..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are CyberScoop, US District Court for the Eastern District of Missouri (Judge John A. Ross ruling), Sen. Ron Wyden’s letter to FTC Chair Andrew Ferguson, Washington State Office of the Attorney General, Maine Office of the Attorney General, California Attorney General's Office, CISA, FBI and NSA joint advisory (2023–2024) on RC4/Kerberoasting.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is ongoing (FTC investigation requested by Sen. Wyden).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Sen. Wyden’s oversight findings shared with Ascension and Microsoft, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Notifications to affected individuals.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Social Engineering and phishing link clicked via Microsoft Bing/Edge on contractor’s laptop.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Human Error, Use of obsolete RC4 encryption in Active Directory (enabled by default).Default weak password policies for privileged accounts.Phishing attack via default Microsoft applications (Edge/Bing).Lack of network segmentation allowing lateral movement to thousands of systems..
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Microsoft’s planned deprecation of RC4 (Q1 2026 for Active Directory).Ascension likely implemented stricter password policies and Active Directory monitoring post-breach..
.png)
Latest Global CVEs (Not Company-Specific)
Description
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain a Stored Cross-Site Scripting (XSS) vulnerability in the /WeGIA/html/geral/configurar_senhas.php endpoint. The application does not sanitize user-controlled data before rendering it inside the employee selection dropdown. The application retrieves employee names from the database and injects them directly into HTML <option> elements without proper escaping. This issue is fixed in version 3.5.5.
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Description
ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout endpoint. The /logout endpoint insecurely routes to a value that is supplied in the post_logout_redirect GET parameter. As a result, unauthenticated remote attacker can execute malicious JS code on Zitadel users’ browsers. To carry out an attack, multiple user sessions need to be active in the same browser, however, account takeover is mitigated when using Multi-Factor Authentication (MFA) or Passwordless authentication. This issue is fixed in version 4.7.1.
Risk Information
cvss3
Base: 8.0
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
Description
ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI (V2) treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This allows an unauthenticated attacker to force the server to make HTTP requests to arbitrary domains, such as internal addresses, and read the responses, enabling data exfiltration and bypassing network-segmentation controls. This issue is fixed in version 4.7.1.
Risk Information
cvss3
Base: 9.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Description
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.add_media_files() function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target user regardless of valid credentials. This issue is fixed in versions 16.0.44 and 17.0.23.
Risk Information
cvss4
Base: 9.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/FreePBX/framework/commit/04224253156543cd9932b90458660b2f19fc0e35#diff-72f14a52840a61504a8e03cd195035b44e488aecd634b001bc6412a04bdc940bR20-R50
- https://github.com/FreePBX/security-reporting/security/advisories/GHSA-9jvh-mv6x-w698
- https://www.freepbx.org/watch-what-we-do-with-security-fixes-%f0%9f%91%80
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=ascensionorg' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
