By Raphael Satter
WASHINGTON (Reuters) – Hospital operator Ascension told Maine’s state attorney general on Friday that nearly 5.6 million people were affected in a ransomware attack that hit it earlier this year.
The company said an unspecified amount of medical data – including patients’ medical records, lab tests and insurance information – was compromised.
Cybercriminals use ransomware to paralyze computer networks and extort a payment, typically in cryptocurrency. Many also steal data for added leverage.
Hospitals and healthcare providers – whose data is particularly sensitive and whose operations are especially critical – have regularly been targeted.
In a letter to the attorney general, Ascension’s lawyer said the incident happened on May 7 and 8 and blamed it on a “cybercriminal”, whom the company did not identify. Ascension did not immediately return a message seeking further comment.
The hack disrupted clinical operations, Reuters reported at the time.
Founded as a Catholic nonprofit in 1999, the Ascension network has about 134,000 associates, 35,000 affiliated providers and 140 hospitals, serving 19 states and the District of Columbia.
This year a particularly damaging intrusion at UnitedHealth affected the information of 100 million people.
(Reporting by Raphael Satter in Washington and AJ Vicens in Detroit.)
