SHF
Company Details
Linkedin ID:
seton-healthcare-family
Website:
Employees number:
2,589
Number of followers:
19,952
NAICS:
62
Industry Type:
Homepage:
seton.net
IP Addresses:
228
Company ID:
SET_2860780
Scan Status:
Completed
Seton Healthcare Family Company CyberSecurity Posture
seton.net
Ascension (www.ascension.org) is a faith-based healthcare organization dedicated to transformation through innovation across the continuum of care. As one of the leading non-profit and Catholic health systems in the U.S., Ascension is committed to delivering compassionate, personalized care to all, with special attention to persons living in poverty and those most vulnerable. In FY2018, Ascension provided nearly $2 billion in care of persons living in poverty and other community benefit programs. Ascension includes approximately 156,000 associates and 34,000 aligned providers. The national health system operates more than 2,600 sites of care – including 151 hospitals and more than 50 senior living facilities – in 21 states and the District of Columbia, while providing a variety of services including physician practice management, venture capital investing, investment management, biomedical engineering, facilities management, clinical care management, information services, risk management, and contracting through Ascension’s own group purchasing organization.
Seton Healthcare Family A.I CyberSecurity Scoring
SHF Risk Score (AI oriented)Between 750 and 799
SHF
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
SHF Global Score (TPRM)XXXX
SHF
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
SHF Company CyberSecurity News & History
Past Incidents
13
Attack Types
3
Ascension
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Ascension Michigan notifies some of its patients of a data breach that happened between Oct. 15, 2015, and Sept. 8, 2021. It noticed suspicious activity in its electronic health record and upon investigation found that an unauthorized individual accessed its patient information. The compromised information included full name, date of birth, address(es), email address(es), phone number(s), health insurance information, health insurance identification number and medical records, Social Security numbers. The Ascension Michigan offered free credit and identity theft protection-monitoring services to the affected patients.
Ascension
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: Ascension, one of the largest private healthcare systems in the United States, experienced a data breach that exposed the personal and healthcare information of over 430,000 patients. The incident, disclosed in April, involved a data theft attack impacting a former business partner in December. Attackers accessed personal health information related to inpatient visits, including physician names, admission and discharge dates, diagnosis and billing codes, medical record numbers, and insurance company names. Personal information such as names, addresses, phone numbers, email addresses, dates of birth, race, gender, and Social Security numbers were also compromised. The breach was linked to a vulnerability in third-party software used by the former business partner, likely part of widespread Clop ransomware attacks.
Ascension Health
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: On December 19, 2024, the Washington State Office of the Attorney General disclosed a **ransomware attack** targeting **Ascension Health**, initially detected on **May 8, 2024**. The breach compromised the personal data of **5,787 Washington residents**, exposing highly sensitive information, including **Social Security numbers (SSNs) and medical records**. The attack posed severe risks to affected individuals, as exposed SSNs and medical data can facilitate **identity theft, financial fraud, and targeted phishing scams**. Given the nature of the stolen data—health records in particular—the breach also raised concerns about **long-term privacy violations, potential blackmail, and misuse of medical histories**. Ascension Health, a major healthcare provider, faced **reputational damage, regulatory scrutiny, and potential legal liabilities** due to the failure to prevent the attack. The incident underscored vulnerabilities in healthcare cybersecurity, where ransomware groups increasingly target **critical patient data** for extortion. The exposure of such information not only harms individuals but also erodes trust in the organization’s ability to safeguard confidential records. Recovery efforts likely involved **forensic investigations, notification processes, credit monitoring for victims, and system reinforcements** to mitigate future threats.
Ascension Health: Strengthening the CFO/CISO partnership for cybersecurity
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: **Healthcare Cyberattacks: The $1.3 Billion Cost of Ransomware and Why CFOs Must Lead the Response** In 2024, Ascension Health faced a ransomware attack that inflicted an estimated **$1.3 billion** in financial damage—a staggering blow that smaller and mid-sized healthcare providers may not survive. Beyond immediate costs like breached records and operational downtime, such incidents disrupt patient care, delay reimbursements, and erode long-term trust. For healthcare organizations, cybersecurity is no longer just an IT concern; it’s a **financial and patient safety crisis**. ### **The Escalating Threat Landscape** Healthcare remains the **most targeted and costly** sector for cyberattacks, with breaches averaging **$10 million per incident** in the U.S.—a 50% increase since 2020. Key risks include: - **Ransomware:** Demands averaged **$5.2 million** in 2024, with healthcare among the hardest-hit industries. - **Phishing & Social Engineering:** These attacks cost healthcare organizations **$9.77 million per breach**. - **Prolonged Breach Containment:** Healthcare breaches take **279 days** to resolve—five weeks longer than other sectors—amplifying financial and operational fallout. - **Regulatory Penalties:** The HHS Office for Civil Rights (OCR) is investigating **554 hacking-related breaches**, with fines in 2025 ranging from **$75,000 to $3 million** per case. ### **Why CFOs Must Partner with CISOs** As cyber threats grow, **chief financial officers (CFOs) and chief information security officers (CISOs) must collaborate** to align security investments with financial resilience. Key challenges include: - **Downtime Costs:** A 24-hour system outage can cripple billing, claims processing, and liquidity. - **Insurance & Liquidity:** CFOs must secure emergency funds, manage insurer payouts, and coordinate vendor payments during crises. - **Vendor Risks:** Third-party breaches are under OCR scrutiny, requiring stricter oversight (e.g., SOC 2/ISO 27001 compliance). - **Cyber Insurance:** Premiums remain high, but tailored coverage can mitigate healthcare-specific risks like billing disruptions. ### **A Financial Action Plan for Cyber Resilience** To mitigate risks, healthcare CFOs are adopting proactive measures: - **Tabletop Exercises:** Simulating attacks to practice crisis response, including liquidity sourcing and insurer coordination. - **Dedicated Cyber Reserves:** Allocating **1–2% of operating expenses** for breach response, penalties, and uninsured costs. - **Vendor Accountability:** Enforcing breach-notification clauses and cyber insurance requirements for third parties. - **Strategic Insurance Use:** Leveraging policies that cover healthcare-specific disruptions, such as delayed reimbursements. ### **The Human Cost of Cyberattacks** Beyond financial losses, cyber incidents **directly endanger patients**—delaying diagnostics, canceling procedures, and compromising care. For organizations without Ascension’s resources, a single attack can force closures or severe cost-cutting. As regulators and insurers demand **quarterly cyber attestations**, the CFO-CISO partnership is critical to ensuring compliance, financial stability, and patient safety. The message is clear: **In healthcare, cybersecurity is not just a technical issue—it’s a survival strategy.**
Ascension
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: In February 2024, Ascension, a major healthcare provider, suffered a devastating **ransomware attack** initiated when a contractor clicked a phishing link via Microsoft Bing and Edge. The attack exploited **Kerberoasting**, leveraging Microsoft’s outdated **RC4 encryption** (a 1980s protocol long deemed insecure) to gain administrative privileges through **Active Directory**. Hackers then deployed ransomware across **thousands of systems**, compromising **personal data, medical records, payment/insurance details, and government IDs of over 5.6 million patients**. The breach disrupted hospital operations, delayed critical treatments, and exposed systemic vulnerabilities tied to Microsoft’s default security configurations—including weak password policies for privileged accounts. Despite repeated warnings from **CISA, FBI, and NSA** about RC4 and Kerberoasting risks (notably by state actors like Iran), Microsoft had yet to disable RC4 by default, prolonging exposure. Ascension’s incident underscores the cascading impact of **legacy encryption flaws**, **poor default security settings**, and **third-party contractor risks** in healthcare cybersecurity.
Ascension
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Ascension experienced a ransomware attack involving social engineering which resulted in the data of 5,599,699 individuals being affected. An employee was tricked into downloading malware, resulting in a data breach. Although there was no evidence that data was extracted from their Electronic Health Records (EHR) and other clinical systems where complete patient records are securely kept, personal information was involved and notifications to the affected individuals have been initiated.
Ascension
Ransomware
Rankiteo Explanation
Attack that could injure or kill people
Description: Ascension faced a ransomware attack resulting in severe disruptions across 140 hospitals, implicating patient care and treatment schedules. The recovery was hindered by the need for 'assurance' letters to reconnect systems with suppliers, adding to the operational chaos. The impact extended to canceled appointments and surgeries, and pushed medical staff to revert to manual processes. The organization's swift action towards transparency and reconnection of supplies post-attack mitigated prolonged delays.
Providence Healthcare Network
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A ransomware attack occurred against ESO Solutions, a significant software provider for emergency services and healthcare. This incident resulted from unauthorised data access and system encryption across many enterprise platforms. Depending on the information patients have shared with their healthcare providers using ESO's software, a range of personal data was exposed in the hack. Among the compromised data are: complete names dates of birth Numbers to call Numbers for patient accounts and medical records Details of the injury, diagnosis, treatment, and procedure, and Social Security numbers. It was established that patient data connected to U.S. hospitals and clinics that ESO serves as a client was compromised. All notified parties will receive a year of identity monitoring services from Kroll through ESO to assist in reducing risks.
Ascension Health
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Ascension Health was the target of an unsuccessful ransomware attack by the BlackBasta cybercriminal group. The internal chat logs from BlackBasta revealed that this health organization could have suffered significant operational disruptions and potential data leaks that would impact patient privacy and the provision of healthcare services. While the attack was not fruitful, it exposed the vulnerability of critical health infrastructure to sophisticated cyber threats, emphasizing the need for robust cybersecurity measures.
Providence Medical Institute
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Providence Medical Institute experienced a ransomware attack in April 2018 which led to the encryption of ePHI across its systems, affecting 85,000 individuals. The attack exposed significant vulnerabilities, including lack of a business associate agreement and inadequate access controls. As a result, the U.S. Department of Health and Human Services imposed a civil penalty of $240,000 due to the HIPAA Security Rule violations following the series of ransomware attacks. These incidents underline critical lapses in cybersecurity measures necessary to protect sensitive health information.
Sacred Heart Health System
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: The Sacred Heart Hospital in Mol was hit by a cyber attack in February 2021. Criminals managed to interrupt into the hospital’s IT system with viruses presumably via email. However, no data was stolen and no patients’ medical information was leaked, but the viruses managed to shut down many systems.
Seton Healthcare Family
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Seton Healthcare Family suffered a data breach incident after a laptop computer had been stolen from its Seton McCarthy Clinic. The compromised information included the name, address, phone number, date of birth, seton medical record number, patient account number, some Social Security numbers, diagnosis, immunizations and insurance information. They immediately notified the impacted individuals and Austin Police Department and took steps to reduce the possibility of this happening again.
Saint Agnes Medical Center
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: On May 2, 2016, Saint Agnes Medical Center fell victim to a **Business Email Compromise (BEC) attack**, leading to a significant **data breach** that exposed sensitive employee information. The incident compromised **W-2 tax forms** of **2,812 employees**, including highly confidential details such as **names, home addresses, salaries, tax withholding data, and Social Security Numbers (SSNs)**. The breach stemmed from a targeted phishing scam, where attackers impersonated a legitimate entity to deceive employees into disclosing payroll-related credentials or redirecting sensitive data. Such exposures pose severe risks, including **identity theft, financial fraud, and long-term reputational harm** to both the affected individuals and the organization. The breach underscored vulnerabilities in email security protocols and the critical need for robust **employee training, multi-factor authentication (MFA), and fraud detection mechanisms** to mitigate similar threats in healthcare institutions, where safeguarding personnel data is paramount.
SHF Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for SHF
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for Seton Healthcare Family in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Seton Healthcare Family in 2025.
Incident Types SHF vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for Seton Healthcare Family in 2025.
Incident History — SHF (X = Date, Y = Severity)
SHF cyber incidents detection timeline including parent company and subsidiaries
SHF Company Subsidiaries
Ascension (www.ascension.org) is a faith-based healthcare organization dedicated to transformation through innovation across the continuum of care. As one of the leading non-profit and Catholic health systems in the U.S., Ascension is committed to delivering compassionate, personalized care to all, with special attention to persons living in poverty and those most vulnerable. In FY2018, Ascension provided nearly $2 billion in care of persons living in poverty and other community benefit programs. Ascension includes approximately 156,000 associates and 34,000 aligned providers. The national health system operates more than 2,600 sites of care – including 151 hospitals and more than 50 senior living facilities – in 21 states and the District of Columbia, while providing a variety of services including physician practice management, venture capital investing, investment management, biomedical engineering, facilities management, clinical care management, information services, risk management, and contracting through Ascension’s own group purchasing organization.
Loading...
SHF Similar Companies
Addus HomeCare
Addus HomeCare is one of the nation's largest and fastest growing providers of personal home care and support services. Since 1979, Addus has built an exceptional home care company through a commitment to improving the health and wellness of our clients and providing high-quality, cost-effective car
Cardinal Health is a distributor of pharmaceuticals, a global manufacturer and distributor of medical and laboratory products, and a provider of performance and data solutions for healthcare facilities. With more than 50 years in business, operations in more than 30 countries and approximately 48,00
Advancing Health. Personalizing Care. Memorial Hermann Health System is a nonprofit, values-driven, community-owned health system dedicated to improving health. A fully integrated health system with more than 260 care delivery sites throughout the Greater Houston area, Memorial Hermann is committe
City of Hope's mission is to deliver the cures of tomorrow to the people who need them today. Founded in 1913, City of Hope has grown into one of the largest cancer research and treatment organizations in the U.S. and one of the leading research centers for diabetes and other life-threatening illnes
Mount Sinai Health System
The Mount Sinai Health System is an integrated health system committed to providing distinguished care, conducting transformative research, and advancing biomedical education. Structured around seven hospital campuses and a single medical school, the Health System has an extensive ambulatory netwo
Piedmont
At Piedmont, we deliver healthcare marked by compassion and sustainable excellence in a progressive environment, guided by physicians, delivered by exceptional professionals and inspired by the communities we serve. Piedmont is a not-for-profit, community health system comprised of 25 hospitals and
Headquartered in Utah with locations in six primary states and additional operations across the western U.S., Intermountain Health is a nonprofit system of 33 hospitals, 400+ clinics, a medical group of more than 4,800 employed physicians and advanced care providers, a health plan division called Se
AdventHealth is a connected network of care that helps people feel whole – body, mind and spirit. More than 100,000 team members across a national footprint provide whole-person care to nearly nine million people annually through more than 2,000 care sites that include hospitals, physician practices
Atrium Health
Atrium Health, part of Advocate Health, is redefining how, when and where care is delivered. We are rethinking methods of care delivery to reach more people and bringing human kindness to every step of their health journey. Our dedication to elevating health care for every individual, every teammate
.png)
SHF CyberSecurity News
May 08, 2024 07:00 AM
Ascension Seton continues patient care amid ongoing ransomware recovery efforts
UPDATE:Ascension Seton Hospital provided an update since last week's ransomware attackthat has caused disruptions to patient care in its...
April 26, 2015 07:00 AM
Seton Family Of Hospitals Announces 39K HIPAA Breach
A HIPAA breach has been suffered by the Seton Family of Hospitals in which the Protected Health Information (PHI) of close to 39000 patients...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
SHF CyberSecurity History Information
Official Website of Seton Healthcare Family
The official website of Seton Healthcare Family is http://www.seton.net.
Seton Healthcare Family’s AI-Generated Cybersecurity Score
According to Rankiteo, Seton Healthcare Family’s AI-generated cybersecurity score is 766, reflecting their Fair security posture.
How many security badges does Seton Healthcare Family’ have ?
According to Rankiteo, Seton Healthcare Family currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Seton Healthcare Family have SOC 2 Type 1 certification ?
According to Rankiteo, Seton Healthcare Family is not certified under SOC 2 Type 1.
Does Seton Healthcare Family have SOC 2 Type 2 certification ?
According to Rankiteo, Seton Healthcare Family does not hold a SOC 2 Type 2 certification.
Does Seton Healthcare Family comply with GDPR ?
According to Rankiteo, Seton Healthcare Family is not listed as GDPR compliant.
Does Seton Healthcare Family have PCI DSS certification ?
According to Rankiteo, Seton Healthcare Family does not currently maintain PCI DSS compliance.
Does Seton Healthcare Family comply with HIPAA ?
According to Rankiteo, Seton Healthcare Family is not compliant with HIPAA regulations.
Does Seton Healthcare Family have ISO 27001 certification ?
According to Rankiteo,Seton Healthcare Family is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Seton Healthcare Family
Seton Healthcare Family operates primarily in the Hospitals and Health Care industry.
Number of Employees at Seton Healthcare Family
Seton Healthcare Family employs approximately 2,589 people worldwide.
Subsidiaries Owned by Seton Healthcare Family
Seton Healthcare Family presently has no subsidiaries across any sectors.
Seton Healthcare Family’s LinkedIn Followers
Seton Healthcare Family’s official LinkedIn profile has approximately 19,952 followers.
NAICS Classification of Seton Healthcare Family
Seton Healthcare Family is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
Seton Healthcare Family’s Presence on Crunchbase
No, Seton Healthcare Family does not have a profile on Crunchbase.
Seton Healthcare Family’s Presence on LinkedIn
Yes, Seton Healthcare Family maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/seton-healthcare-family.
Cybersecurity Incidents Involving Seton Healthcare Family
As of December 26, 2025, Rankiteo reports that Seton Healthcare Family has experienced 13 cybersecurity incidents.
Number of Peer and Competitor Companies
Seton Healthcare Family has an estimated 31,365 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Seton Healthcare Family ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack, Ransomware and Breach.
What was the total financial impact of these incidents on Seton Healthcare Family ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $1.30 billion.
How does Seton Healthcare Family detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with free credit and identity theft protection-monitoring services, and communication strategy with notified affected patients, and law enforcement notified with austin police department, and communication strategy with impacted individuals were immediately notified, and third party assistance with kroll, and enhanced monitoring with identity monitoring services, and recovery measures with transparency, recovery measures with reconnection of supplies, and communication strategy with transparency, and communication strategy with notifications to affected individuals..
Incident Details
Can you provide details on each incident ?
Title: Ascension Michigan Data Breach
Description: Ascension Michigan notifies some of its patients of a data breach that happened between Oct. 15, 2015, and Sept. 8, 2021. It noticed suspicious activity in its electronic health record and upon investigation found that an unauthorized individual accessed its patient information. The compromised information included full name, date of birth, address(es), email address(es), phone number(s), health insurance information, health insurance identification number and medical records, Social Security numbers. Ascension Michigan offered free credit and identity theft protection-monitoring services to the affected patients.
Date Detected: 2021-09-08
Type: Data Breach
Attack Vector: Unauthorized Access
Threat Actor: Unauthorized Individual
Title: Seton Healthcare Family Data Breach
Description: Seton Healthcare Family suffered a data breach incident after a laptop computer had been stolen from its Seton McCarthy Clinic.
Type: Data Breach
Attack Vector: Theft of Laptop
Title: Cyber Attack on Sacred Heart Hospital, Mol
Description: The Sacred Heart Hospital in Mol was hit by a cyber attack in February 2021. Criminals managed to interrupt into the hospital’s IT system with viruses presumably via email. However, no data was stolen and no patients’ medical information was leaked, but the viruses managed to shut down many systems.
Date Detected: February 2021
Type: Cyber Attack
Attack Vector: Email
Threat Actor: Unknown
Title: Ransomware Attack on ESO Solutions
Description: A ransomware attack occurred against ESO Solutions, a significant software provider for emergency services and healthcare. This incident resulted from unauthorised data access and system encryption across many enterprise platforms. Depending on the information patients have shared with their healthcare providers using ESO's software, a range of personal data was exposed in the hack. Among the compromised data are: complete names, dates of birth, phone numbers, patient account and medical record numbers, details of the injury, diagnosis, treatment, and procedure, and Social Security numbers. It was established that patient data connected to U.S. hospitals and clinics that ESO serves as a client was compromised. All notified parties will receive a year of identity monitoring services from Kroll through ESO to assist in reducing risks.
Type: Ransomware
Attack Vector: Unauthorized data access and system encryption
Motivation: Financial gain
Title: Ransomware Attack on Ascension
Description: Ascension faced a ransomware attack resulting in severe disruptions across 140 hospitals, implicating patient care and treatment schedules. The recovery was hindered by the need for 'assurance' letters to reconnect systems with suppliers, adding to the operational chaos. The impact extended to canceled appointments and surgeries, and pushed medical staff to revert to manual processes. The organization's swift action towards transparency and reconnection of supplies post-attack mitigated prolonged delays.
Type: Ransomware
Title: Unsuccessful Ransomware Attack on Ascension Health by BlackBasta
Description: Ascension Health was the target of an unsuccessful ransomware attack by the BlackBasta cybercriminal group. The internal chat logs from BlackBasta revealed that this health organization could have suffered significant operational disruptions and potential data leaks that would impact patient privacy and the provision of healthcare services. While the attack was not fruitful, it exposed the vulnerability of critical health infrastructure to sophisticated cyber threats, emphasizing the need for robust cybersecurity measures.
Type: ransomware
Threat Actor: BlackBasta
Motivation: financial gainoperational disruption
Title: Ascension Ransomware Attack
Description: Ascension experienced a ransomware attack involving social engineering which resulted in the data of 5,599,699 individuals being affected.
Type: Ransomware Attack
Attack Vector: Social Engineering
Vulnerability Exploited: Human Error
Motivation: Financial
Title: Ransomware Attack on Providence Medical Institute
Description: Providence Medical Institute experienced a ransomware attack in April 2018 which led to the encryption of ePHI across its systems, affecting 85,000 individuals. The attack exposed significant vulnerabilities, including lack of a business associate agreement and inadequate access controls. As a result, the U.S. Department of Health and Human Services imposed a civil penalty of $240,000 due to the HIPAA Security Rule violations following the series of ransomware attacks. These incidents underline critical lapses in cybersecurity measures necessary to protect sensitive health information.
Date Detected: April 2018
Type: Ransomware Attack
Vulnerability Exploited: Lack of a business associate agreementInadequate access controls
Title: Ascension Healthcare Data Breach
Description: Ascension, one of the largest private healthcare systems in the United States, experienced a data breach that exposed the personal and healthcare information of over 430,000 patients. The incident, disclosed in April, involved a data theft attack impacting a former business partner in December. Attackers accessed personal health information related to inpatient visits, including physician names, admission and discharge dates, diagnosis and billing codes, medical record numbers, and insurance company names. Personal information such as names, addresses, phone numbers, email addresses, dates of birth, race, gender, and Social Security numbers were also compromised. The breach was linked to a vulnerability in third-party software used by the former business partner, likely part of widespread Clop ransomware attacks.
Date Detected: December
Date Publicly Disclosed: April
Type: Data Breach
Attack Vector: Vulnerability in third-party software
Vulnerability Exploited: Third-party software vulnerability
Threat Actor: Clop ransomware group
Motivation: Data theft
Title: Ascension Hospital Ransomware Attack (2024)
Description: A ransomware attack on Ascension hospital in 2024 resulted in the theft of personal data, medical data, payment information, insurance information, and government IDs for over 5.6 million patients. The attack originated from a contractor clicking a phishing link via Microsoft Bing and Edge, exploiting vulnerabilities in Microsoft's Active Directory (Kerberoasting technique) due to outdated RC4 encryption support. Hackers gained administrative privileges and deployed ransomware across thousands of systems.
Date Detected: 2024-02
Type: ransomware
Attack Vector: phishingexploitation of outdated encryption (RC4)Kerberoastingprivilege escalation via Active Directory
Vulnerability Exploited: RC4 encryption (obsolete since 1980s)Kerberoasting in Active Directorydefault weak password policies (privileged accounts <14 characters)
Motivation: financial gain (ransomware)data theft
Title: Ascension Health Ransomware Attack and Data Breach (2024)
Description: On December 19, 2024, the Washington State Office of the Attorney General reported a data breach involving Ascension Health, discovered on May 8, 2024. The breach was caused by a ransomware attack affecting approximately 5,787 Washington residents and potentially exposing personal information, including social security numbers and medical data.
Date Detected: 2024-05-08
Date Publicly Disclosed: 2024-12-19
Type: ransomware
Title: Saint Agnes Medical Center Data Breach (2016)
Description: The California Office of the Attorney General reported that Saint Agnes Medical Center experienced a data breach on May 2, 2016, affecting 2,812 employees. The breach resulted from a Business Email Compromise (BEC) attack that compromised W-2 data, including names, addresses, salaries, withholding information, and Social Security Numbers.
Date Detected: 2016-05-02
Type: Data Breach
Attack Vector: Business Email Compromise (BEC)
Title: Ascension Health Ransomware Incident 2024
Description: A ransomware attack on Ascension Health in 2024 resulted in an estimated financial loss of $1.3 billion, severely impacting operations, patient safety, and financial stability. The incident highlights the escalating cyber threats in healthcare, including ransomware, phishing, and regulatory risks, with long-term reputational and operational consequences.
Date Publicly Disclosed: 2024
Type: Ransomware
Attack Vector: PhishingSocial Engineering
Motivation: Financial Gain
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Social Engineering and phishing link clicked via Microsoft Bing/Edge on contractor’s laptop.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach ASC124828422
Data Compromised: Full name, Date of birth, Address(es), Email address(es), Phone number(s), Health insurance information, Health insurance identification number, Medical records, Social security numbers
Systems Affected: Electronic Health Record
Identity Theft Risk: High
Incident : Data Breach SET233416522
Data Compromised: Name, Address, Phone number, Date of birth, Seton medical record number, Patient account number, Social security numbers, Diagnosis, Immunizations, Insurance information
Incident : Cyber Attack SAC011241022
Systems Affected: Many
Incident : Ransomware PRO8475124
Data Compromised: Complete names, Dates of birth, Phone numbers, Patient account and medical record numbers, Details of the injury, diagnosis, treatment, and procedure, Social security numbers
Identity Theft Risk: High
Incident : Ransomware ASC1012070724
Systems Affected: 140 hospitals
Operational Impact: Canceled appointmentsCanceled surgeriesReverted to manual processes
Incident : ransomware PRO523031825
Operational Impact: potential significant operational disruptions
Incident : Ransomware Attack ASC000032225
Data Compromised: Personal information
Systems Affected: Electronic Health Records (EHR)Other Clinical Systems
Incident : Data Breach ASC220051225
Data Compromised: Personal health information, Physician names, Admission and discharge dates, Diagnosis and billing codes, Medical record numbers, Insurance company names, Names, Addresses, Phone numbers, Email addresses, Dates of birth, Race, Gender, Social security numbers
Incident : ransomware ASC5102151091125
Data Compromised: Personal data, Medical records, Payment information, Insurance information, Government ids
Systems Affected: thousands of computers
Operational Impact: severe (healthcare operations disrupted)
Brand Reputation Impact: high (public scrutiny, regulatory concern)
Identity Theft Risk: high (5.6M records exposed)
Payment Information Risk: high
Incident : ransomware ASC547091725
Data Compromised: Social security numbers, Medical information
Identity Theft Risk: high
Incident : Data Breach ST.024091825
Data Compromised: W-2 data (names, addresses, salaries, withholding information, social security numbers)
Identity Theft Risk: High (SSNs compromised)
Incident : Ransomware ASC1766477123
Financial Loss: $1.3 billion
Downtime: 24+ hours (implied)
Operational Impact: Cancelled proceduresDelayed diagnosticsDelayed reimbursements
Brand Reputation Impact: Long-term reputational damage
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $100.02 million.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personally Identifiable Information, Health Information, , Name, Address, Phone Number, Date Of Birth, Seton Medical Record Number, Patient Account Number, Social Security Numbers, Diagnosis, Immunizations, Insurance Information, , Personally Identifiable Information, Medical Records, , Personal Information, , ePHI, Personal Health Information, Personal Information, , Personal Data, Medical Records, Payment Information, Insurance Details, Government Ids, , Personally Identifiable Information (Pii), Protected Health Information (Phi), , Personally Identifiable Information (Pii), Tax/Financial Data and .
Which entities were affected by each incident ?
Incident : Data Breach ASC124828422
Entity Name: Ascension Michigan
Entity Type: Healthcare Provider
Industry: Healthcare
Location: Michigan
Incident : Data Breach SET233416522
Entity Name: Seton Healthcare Family
Entity Type: Healthcare Provider
Industry: Healthcare
Location: Austin, Texas
Incident : Cyber Attack SAC011241022
Entity Name: Sacred Heart Hospital
Entity Type: Hospital
Industry: Healthcare
Location: Mol
Incident : Ransomware PRO8475124
Entity Name: ESO Solutions
Entity Type: Software Provider
Industry: Healthcare
Customers Affected: U.S. hospitals and clinics
Incident : Ransomware ASC1012070724
Entity Name: Ascension
Entity Type: Healthcare
Industry: Healthcare
Size: 140 hospitals
Incident : ransomware PRO523031825
Entity Name: Ascension Health
Entity Type: Health Organization
Industry: Healthcare
Incident : Ransomware Attack ASC000032225
Entity Name: Ascension
Entity Type: Healthcare
Industry: Healthcare
Customers Affected: 5599699
Incident : Ransomware Attack PRO000032425
Entity Name: Providence Medical Institute
Entity Type: Healthcare
Industry: Healthcare
Customers Affected: 85,000
Incident : Data Breach ASC220051225
Entity Name: Ascension
Entity Type: Healthcare System
Industry: Healthcare
Location: United States
Customers Affected: 430000
Incident : ransomware ASC5102151091125
Entity Name: Ascension
Entity Type: healthcare provider
Industry: healthcare
Location: United States
Customers Affected: 5.6 million patients
Incident : ransomware ASC547091725
Entity Name: Ascension Health
Entity Type: healthcare provider
Industry: healthcare
Location: United States (Washington residents affected)
Customers Affected: 5,787
Incident : Data Breach ST.024091825
Entity Name: Saint Agnes Medical Center
Entity Type: Healthcare Provider
Industry: Healthcare
Location: California, USA
Customers Affected: 2,812 (employees)
Incident : Ransomware ASC1766477123
Entity Name: Ascension Health
Entity Type: Healthcare Provider
Industry: Healthcare
Size: Large
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach ASC124828422
Remediation Measures: Free credit and identity theft protection-monitoring services
Communication Strategy: Notified affected patients
Incident : Data Breach SET233416522
Law Enforcement Notified: Austin Police Department
Communication Strategy: Impacted individuals were immediately notified
Incident : Ransomware PRO8475124
Third Party Assistance: Kroll
Enhanced Monitoring: Identity monitoring services
Incident : Ransomware ASC1012070724
Recovery Measures: TransparencyReconnection of supplies
Communication Strategy: Transparency
Incident : Ransomware Attack ASC000032225
Communication Strategy: Notifications to affected individuals
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Kroll.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach ASC124828422
Type of Data Compromised: Personally identifiable information, Health information
Sensitivity of Data: High
Personally Identifiable Information: full namedate of birthaddress(es)email address(es)phone number(s)Social Security numbers
Incident : Data Breach SET233416522
Type of Data Compromised: Name, Address, Phone number, Date of birth, Seton medical record number, Patient account number, Social security numbers, Diagnosis, Immunizations, Insurance information
Sensitivity of Data: High
Incident : Ransomware PRO8475124
Type of Data Compromised: Personally identifiable information, Medical records
Sensitivity of Data: High
Personally Identifiable Information: complete namesdates of birthphone numberspatient account and medical record numbersSocial Security numbers
Incident : Ransomware Attack ASC000032225
Type of Data Compromised: Personal information
Number of Records Exposed: 5599699
Sensitivity of Data: High
Incident : Ransomware Attack PRO000032425
Type of Data Compromised: ePHI
Number of Records Exposed: 85,000
Sensitivity of Data: High
Incident : Data Breach ASC220051225
Type of Data Compromised: Personal health information, Personal information
Number of Records Exposed: 430000
Sensitivity of Data: High
Personally Identifiable Information: NamesAddressesPhone numbersEmail addressesDates of birthRaceGenderSocial Security numbers
Incident : ransomware ASC5102151091125
Type of Data Compromised: Personal data, Medical records, Payment information, Insurance details, Government ids
Number of Records Exposed: 5.6 million
Sensitivity of Data: high (PII, PHI, financial data)
Data Exfiltration: yes
Data Encryption: no (RC4 encryption exploited)
Personally Identifiable Information: yes
Incident : ransomware ASC547091725
Type of Data Compromised: Personally identifiable information (pii), Protected health information (phi)
Number of Records Exposed: 5,787
Sensitivity of Data: high
Personally Identifiable Information: social security numbersmedical information
Incident : Data Breach ST.024091825
Type of Data Compromised: Personally identifiable information (pii), Tax/financial data
Number of Records Exposed: 2,812
Sensitivity of Data: High
Data Exfiltration: Yes
File Types Exposed: W-2 forms
Personally Identifiable Information: NamesAddressesSalariesWithholding InformationSocial Security Numbers
Incident : Ransomware ASC1766477123
Data Encryption: Implied (ransomware)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Free credit and identity theft protection-monitoring services, .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware PRO8475124
Data Encryption: Yes
Incident : ransomware PRO523031825
Ransomware Strain: BlackBasta
Incident : Ransomware Attack ASC000032225
Data Encryption: True
Incident : Ransomware Attack PRO000032425
Data Encryption: True
Incident : Data Breach ASC220051225
Ransomware Strain: Clop
Incident : ransomware ASC5102151091125
Data Encryption: yes (ransomware deployed across systems)
Data Exfiltration: yes
Incident : Ransomware ASC1766477123
Data Encryption: Yes
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Transparency, Reconnection of supplies, .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Ransomware Attack PRO000032425
Regulations Violated: HIPAA Security Rule
Fines Imposed: $240,000
Incident : ransomware ASC5102151091125
Legal Actions: Sen. Ron Wyden's call for FTC investigation into Microsoft's default security configurations,
Regulatory Notifications: CISA, FBI, NSA warnings (2023–2024) about RC4/Kerberoasting exploits in healthcare
Incident : ransomware ASC547091725
Regulatory Notifications: Washington State Office of the Attorney General
Incident : Data Breach ST.024091825
Regulatory Notifications: California Office of the Attorney General
Incident : Ransomware ASC1766477123
Regulations Violated: HIPAA,
Fines Imposed: $75,000 to $3 million (potential)
Regulatory Notifications: HHS Office for Civil Rights (OCR) investigation
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Sen. Ron Wyden's call for FTC investigation into Microsoft's default security configurations, .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : ransomware PRO523031825
Lessons Learned: The vulnerability of critical health infrastructure to sophisticated cyber threats, The need for robust cybersecurity measures
Incident : ransomware ASC5102151091125
Lessons Learned: Default configurations in enterprise software (e.g., Microsoft Active Directory) can enable large-scale breaches if outdated protocols (e.g., RC4) are retained., Kerberoasting exploits persist due to legacy encryption support, despite decades of warnings., Organizations rarely modify default security settings, placing burden on vendors to enforce secure defaults., Phishing remains a critical initial access vector, especially via default applications (e.g., Microsoft Edge/Bing).
Incident : Ransomware ASC1766477123
Lessons Learned: Cybersecurity is a financial and patient safety imperative. CFOs and CISOs must collaborate closely to align cybersecurity investments with financial resilience, regulatory compliance, and operational continuity. Tabletop exercises, financial reserves, vendor oversight, and strategic cyber insurance are critical for mitigating risks.
What recommendations were made to prevent future incidents ?
Incident : ransomware ASC5102151091125
Recommendations: Microsoft should disable RC4 by default immediately (planned for Q1 2026 is insufficient)., Enforce stronger default password policies for privileged accounts (e.g., 14+ characters)., Healthcare sector should prioritize patching Active Directory vulnerabilities and monitoring for Kerberoasting., Vendors must proactively deprecate obsolete encryption standards, even if it risks breaking legacy systems., Public disclosure of timelines for security fixes should be accelerated to reduce exposure windows.Microsoft should disable RC4 by default immediately (planned for Q1 2026 is insufficient)., Enforce stronger default password policies for privileged accounts (e.g., 14+ characters)., Healthcare sector should prioritize patching Active Directory vulnerabilities and monitoring for Kerberoasting., Vendors must proactively deprecate obsolete encryption standards, even if it risks breaking legacy systems., Public disclosure of timelines for security fixes should be accelerated to reduce exposure windows.Microsoft should disable RC4 by default immediately (planned for Q1 2026 is insufficient)., Enforce stronger default password policies for privileged accounts (e.g., 14+ characters)., Healthcare sector should prioritize patching Active Directory vulnerabilities and monitoring for Kerberoasting., Vendors must proactively deprecate obsolete encryption standards, even if it risks breaking legacy systems., Public disclosure of timelines for security fixes should be accelerated to reduce exposure windows.Microsoft should disable RC4 by default immediately (planned for Q1 2026 is insufficient)., Enforce stronger default password policies for privileged accounts (e.g., 14+ characters)., Healthcare sector should prioritize patching Active Directory vulnerabilities and monitoring for Kerberoasting., Vendors must proactively deprecate obsolete encryption standards, even if it risks breaking legacy systems., Public disclosure of timelines for security fixes should be accelerated to reduce exposure windows.Microsoft should disable RC4 by default immediately (planned for Q1 2026 is insufficient)., Enforce stronger default password policies for privileged accounts (e.g., 14+ characters)., Healthcare sector should prioritize patching Active Directory vulnerabilities and monitoring for Kerberoasting., Vendors must proactively deprecate obsolete encryption standards, even if it risks breaking legacy systems., Public disclosure of timelines for security fixes should be accelerated to reduce exposure windows.
Incident : Ransomware ASC1766477123
Recommendations: Participate in tabletop exercises to simulate cyber incident responses., Allocate 1–2% of operating expenses for breach response and uninsured costs., Enforce vendor oversight with SOC 2/ISO 27001 attestations and cyber insurance requirements., Use cyber insurance strategically, focusing on business interruption coverage for healthcare billing risks., Strengthen the CFO-CISO partnership to reframe cybersecurity as a financial and patient safety priority., Conduct quarterly cyber attestations and financial modeling of risk for auditors and insurers.Participate in tabletop exercises to simulate cyber incident responses., Allocate 1–2% of operating expenses for breach response and uninsured costs., Enforce vendor oversight with SOC 2/ISO 27001 attestations and cyber insurance requirements., Use cyber insurance strategically, focusing on business interruption coverage for healthcare billing risks., Strengthen the CFO-CISO partnership to reframe cybersecurity as a financial and patient safety priority., Conduct quarterly cyber attestations and financial modeling of risk for auditors and insurers.Participate in tabletop exercises to simulate cyber incident responses., Allocate 1–2% of operating expenses for breach response and uninsured costs., Enforce vendor oversight with SOC 2/ISO 27001 attestations and cyber insurance requirements., Use cyber insurance strategically, focusing on business interruption coverage for healthcare billing risks., Strengthen the CFO-CISO partnership to reframe cybersecurity as a financial and patient safety priority., Conduct quarterly cyber attestations and financial modeling of risk for auditors and insurers.Participate in tabletop exercises to simulate cyber incident responses., Allocate 1–2% of operating expenses for breach response and uninsured costs., Enforce vendor oversight with SOC 2/ISO 27001 attestations and cyber insurance requirements., Use cyber insurance strategically, focusing on business interruption coverage for healthcare billing risks., Strengthen the CFO-CISO partnership to reframe cybersecurity as a financial and patient safety priority., Conduct quarterly cyber attestations and financial modeling of risk for auditors and insurers.Participate in tabletop exercises to simulate cyber incident responses., Allocate 1–2% of operating expenses for breach response and uninsured costs., Enforce vendor oversight with SOC 2/ISO 27001 attestations and cyber insurance requirements., Use cyber insurance strategically, focusing on business interruption coverage for healthcare billing risks., Strengthen the CFO-CISO partnership to reframe cybersecurity as a financial and patient safety priority., Conduct quarterly cyber attestations and financial modeling of risk for auditors and insurers.Participate in tabletop exercises to simulate cyber incident responses., Allocate 1–2% of operating expenses for breach response and uninsured costs., Enforce vendor oversight with SOC 2/ISO 27001 attestations and cyber insurance requirements., Use cyber insurance strategically, focusing on business interruption coverage for healthcare billing risks., Strengthen the CFO-CISO partnership to reframe cybersecurity as a financial and patient safety priority., Conduct quarterly cyber attestations and financial modeling of risk for auditors and insurers.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are The vulnerability of critical health infrastructure to sophisticated cyber threats,The need for robust cybersecurity measuresDefault configurations in enterprise software (e.g., Microsoft Active Directory) can enable large-scale breaches if outdated protocols (e.g., RC4) are retained.,Kerberoasting exploits persist due to legacy encryption support, despite decades of warnings.,Organizations rarely modify default security settings, placing burden on vendors to enforce secure defaults.,Phishing remains a critical initial access vector, especially via default applications (e.g., Microsoft Edge/Bing).Cybersecurity is a financial and patient safety imperative. CFOs and CISOs must collaborate closely to align cybersecurity investments with financial resilience, regulatory compliance, and operational continuity. Tabletop exercises, financial reserves, vendor oversight, and strategic cyber insurance are critical for mitigating risks.
References
Where can I find more information about each incident ?
Incident : Ransomware PRO8475124
Source: Cyber Incident Description
Incident : ransomware ASC5102151091125
Source: CyberScoop
Incident : ransomware ASC5102151091125
Source: Sen. Ron Wyden’s letter to FTC Chair Andrew Ferguson
Incident : ransomware ASC5102151091125
Source: CISA, FBI, NSA joint advisory (2023–2024) on RC4/Kerberoasting
Incident : ransomware ASC547091725
Source: Washington State Office of the Attorney General
Date Accessed: 2024-12-19
Incident : Data Breach ST.024091825
Source: California Office of the Attorney General
Incident : Ransomware ASC1766477123
Source: Fortified Health Security
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Cyber Incident Description, and Source: CyberScoop, and Source: Sen. Ron Wyden’s letter to FTC Chair Andrew Ferguson, and Source: CISA, FBI, NSA joint advisory (2023–2024) on RC4/Kerberoasting, and Source: Washington State Office of the Attorney GeneralDate Accessed: 2024-12-19, and Source: California Office of the Attorney General, and Source: Fortified Health Security.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : ransomware ASC5102151091125
Investigation Status: ongoing (FTC investigation requested by Sen. Wyden)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notified Affected Patients, Impacted individuals were immediately notified, Transparency and Notifications To Affected Individuals.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Ransomware Attack ASC000032225
Customer Advisories: Notifications to affected individuals
Incident : ransomware ASC5102151091125
Stakeholder Advisories: Sen. Wyden’S Oversight Findings Shared With Ascension And Microsoft.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Notifications To Affected Individuals, and Sen. Wyden’S Oversight Findings Shared With Ascension And Microsoft.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Ransomware Attack ASC000032225
Entry Point: Social Engineering
Incident : ransomware ASC5102151091125
Entry Point: phishing link clicked via Microsoft Bing/Edge on contractor’s laptop
High Value Targets: Active Directory Administrative Privileges,
Data Sold on Dark Web: Active Directory Administrative Privileges,
Incident : Data Breach ST.024091825
High Value Targets: Employee W-2 Data,
Data Sold on Dark Web: Employee W-2 Data,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Ransomware Attack ASC000032225
Root Causes: Human Error,
Incident : ransomware ASC5102151091125
Root Causes: Use Of Obsolete Rc4 Encryption In Active Directory (Enabled By Default)., Default Weak Password Policies For Privileged Accounts., Phishing Attack Via Default Microsoft Applications (Edge/Bing)., Lack Of Network Segmentation Allowing Lateral Movement To Thousands Of Systems.,
Corrective Actions: Microsoft’S Planned Deprecation Of Rc4 (Q1 2026 For Active Directory)., Ascension Likely Implemented Stricter Password Policies And Active Directory Monitoring Post-Breach.,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Kroll, Identity monitoring services.
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Microsoft’S Planned Deprecation Of Rc4 (Q1 2026 For Active Directory)., Ascension Likely Implemented Stricter Password Policies And Active Directory Monitoring Post-Breach., .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Unauthorized Individual, Unknown, BlackBasta and Clop ransomware group.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2021-09-08.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $1.3 billion.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were full name, date of birth, address(es), email address(es), phone number(s), health insurance information, health insurance identification number, medical records, Social Security numbers, , Name, Address, Phone Number, Date of Birth, Seton Medical Record Number, Patient Account Number, Social Security Numbers, Diagnosis, Immunizations, Insurance Information, , complete names, dates of birth, phone numbers, patient account and medical record numbers, details of the injury, diagnosis, treatment, and procedure, Social Security numbers, , Personal Information, , ePHI, Personal health information, Physician names, Admission and discharge dates, Diagnosis and billing codes, Medical record numbers, Insurance company names, Names, Addresses, Phone numbers, Email addresses, Dates of birth, Race, Gender, Social Security numbers, , personal data, medical records, payment information, insurance information, government IDs, , social security numbers, medical information, , W-2 data (names, addresses, salaries, withholding information, Social Security Numbers) and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Electronic Health Record and and and Electronic Health Records (EHR)Other Clinical Systems and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Kroll.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Social Security Numbers, Diagnosis and billing codes, medical records, Personal Information, insurance information, health insurance information, phone numbers, payment information, Date of Birth, Immunizations, Addresses, ePHI, date of birth, address(es), Insurance Information, Dates of birth, Race, dates of birth, Phone Number, Names, complete names, Admission and discharge dates, W-2 data (names, addresses, salaries, withholding information, Social Security Numbers), details of the injury, diagnosis, treatment, and procedure, email address(es), full name, Physician names, Name, Patient Account Number, Gender, medical information, Seton Medical Record Number, Insurance company names, Social Security numbers, patient account and medical record numbers, Phone numbers, Email addresses, Address, social security numbers, government IDs, Diagnosis, health insurance identification number, personal data, Medical record numbers, phone number(s) and Personal health information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 5.7M.
Regulatory Compliance
What was the highest fine imposed for a regulatory violation ?
Highest Fine Imposed: The highest fine imposed for a regulatory violation was $240,000, $75,000 to $3 million (potential).
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Sen. Ron Wyden's call for FTC investigation into Microsoft's default security configurations, .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Phishing remains a critical initial access vector, especially via default applications (e.g., Microsoft Edge/Bing)., Cybersecurity is a financial and patient safety imperative. CFOs and CISOs must collaborate closely to align cybersecurity investments with financial resilience, regulatory compliance, and operational continuity. Tabletop exercises, financial reserves, vendor oversight, and strategic cyber insurance are critical for mitigating risks.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Allocate 1–2% of operating expenses for breach response and uninsured costs., Public disclosure of timelines for security fixes should be accelerated to reduce exposure windows., Microsoft should disable RC4 by default immediately (planned for Q1 2026 is insufficient)., Enforce vendor oversight with SOC 2/ISO 27001 attestations and cyber insurance requirements., Enforce stronger default password policies for privileged accounts (e.g., 14+ characters)., Participate in tabletop exercises to simulate cyber incident responses., Strengthen the CFO-CISO partnership to reframe cybersecurity as a financial and patient safety priority., Vendors must proactively deprecate obsolete encryption standards, even if it risks breaking legacy systems., Use cyber insurance strategically, focusing on business interruption coverage for healthcare billing risks., Conduct quarterly cyber attestations and financial modeling of risk for auditors and insurers. and Healthcare sector should prioritize patching Active Directory vulnerabilities and monitoring for Kerberoasting..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are CISA, FBI, NSA joint advisory (2023–2024) on RC4/Kerberoasting, California Office of the Attorney General, Fortified Health Security, Sen. Ron Wyden’s letter to FTC Chair Andrew Ferguson, Washington State Office of the Attorney General, CyberScoop and Cyber Incident Description.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is ongoing (FTC investigation requested by Sen. Wyden).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Sen. Wyden’s oversight findings shared with Ascension and Microsoft, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Notifications to affected individuals.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an phishing link clicked via Microsoft Bing/Edge on contractor’s laptop and Social Engineering.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Human Error, Use of obsolete RC4 encryption in Active Directory (enabled by default).Default weak password policies for privileged accounts.Phishing attack via default Microsoft applications (Edge/Bing).Lack of network segmentation allowing lateral movement to thousands of systems..
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Microsoft’s planned deprecation of RC4 (Q1 2026 for Active Directory).Ascension likely implemented stricter password policies and Active Directory monitoring post-breach..
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This vulnerability affects the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart results in buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used.
Risk Information
cvss2
Base: 9.0
Severity: LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 7.4
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. This affects the function strcpy of the file /goform/APSecurity. The manipulation of the argument wepkey1 leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Risk Information
cvss2
Base: 9.0
Severity: LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 7.4
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was detected in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is the function postilService.loadPostils of the file /je/postil/postil/loadPostil. Performing manipulation of the argument keyWord results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java. Such manipulation of the argument orderSn leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 4.0
Severity: LOW
AV:N/AC:L/Au:S/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 4.0
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:N/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=seton-healthcare-family' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
