• Ascension’s Notice of Cybersecurity Incident - December 19, 2024

    We are committed to protecting the privacy and security of our patients’ and associates’ information. This notice relates to a cybersecurity incident that took place in May 2024. We are posting this substitute notice to provide information about the incident and provide relevant resources for patients and individuals with no known mailing address. We began notifying individuals with known contact information on December 19, 2024. This notice is meant to provide you with information about the incident, our response, and additional measures you can take to help protect your information.

    What Happened?
    On May 8, 2024, we detected unauthorized activity on certain of Ascension’s technology systems resulting from a ransomware attack. Upon discovering the unauthorized activity, we initiated an investigation with the assistance of leading cybersecurity experts. Through this investigation, we found evidence that on May 7 and 8, a cybercriminal obtained a copy of certain files containing personal information of our patients and associates.

    What Information Was Involved?
    The information involved depends on the individual. Our investigation has determined that data from our electronic health records (EHRs) and other clinical systems was not involved in the security incident. However, some of the files contain an individual’s name and information in one or more of the following categories:

    • Medical information (such as medical record number, date of service, types of lab tests, or procedure codes)
    • Payment information (such as credit card information or bank account number)
    • Insurance information (such as Medicaid/Medicare ID, policy number, or insurance claim)
    • Government identification (such as Social Security number, tax identification number, driver’s license number, or passport number)
    • Other personal information (such as date of birth or address)

    What is Ascension Doing?
    We have launched an investigation with leading cybersecurity experts and notified law enforcement and government regulators. Additionally, we implemented enhanced security measures to prevent similar incidents from occurring in the future.

    Although we are not aware of any misuse of any personal information, we have arranged to offer individuals whose information was involved in the security incident identity theft protection services through IDX. These identity protection services will be provided at no cost and include: 24 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed ID theft recovery services.

    What You Can Do
    We regret any inconvenience this incident may cause and are providing you with additional information below about steps you can take to help protect your information. We encourage you to remain alert for any unsolicited communications regarding your personal information, review your account statements for suspicious activity, and monitor your free credit reports.

    For More Information
    If you have additional questions regarding this notice or think your information may have been involved in the security incident, please call our dedicated assistance line toll-free at (866) 724-3233 between 8:00 a.m. to 8:00 p.m. CT, Monday through Friday (excluding holidays).

    Additional Information

    Register for Identity Protection Services. If you wish to enroll in free online credit monitoring and identity theft protection services, you can call our dedicated assistance line toll-free at (866) 724-3233 and a call center representative will assist you in your request for enrollment. Thereafter, you will receive an email or a letter in the mail with instructions on how to complete enrollment. You must have established credit to enroll in credit monitoring. The deadline to enroll is April 4, 2025.

    Note that you must have access to a computer and the internet to use these services. Once enrollment is complete, you must activate the credit monitoring services included in your membership in your online IDX Member Portal. Alternatively, to activate your membership via phone, you can call our dedicated assistance line toll-free at (866) 724-3233 and speak to a call center representative who can assist.

    Monitoring. You should always remain vigilant for incidents of fraud and identity theft by reviewing bank and payment card account statements and monitoring your credit reports for suspicious or unusual activity and immediately reporting any suspicious activity or incidents of identity theft. You can contact the U.S. Federal Trade Commission (“FTC”) to learn more about how to protect yourself from becoming a victim of identity theft and how to remedy identity theft:

    Federal Trade Commission
    Consumer Response Center
    600 Pennsylvania Avenue, NW
    Washington, DC 20580
    1-877-IDTHEFT (438-4338)
    https://www.ftc.gov/idtheft/ 

    Order Your Free Credit Report. You may obtain a copy of your credit report, free of charge, whether or not you suspect any unauthorized activity on your account. To order your free credit report, visit https://www.annualcreditreport.com, call toll-free at (877) 322-8228, or complete the Annual Credit Report Request Form on the FTC’s website at https://www.consumer.ftc.gov and mail it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. The three nationwide consumer reporting agencies provide free annual credit reports only through their websites, toll-free numbers, or request form.

    Consider Placing a Fraud Alert on Your Credit File. To protect yourself from possible identity theft, consider placing a fraud alert on your credit file. A fraud alert tells creditors to follow certain procedures, including contacting you, before they open any new accounts or change your existing accounts. For that reason, placing a fraud alert can protect you, but also may delay you when you seek to obtain credit. Initial fraud alerts last for one year. Victims of identity theft can also get an extended fraud alert for seven years. You can place fraud alerts with the three credit bureaus by phone, by mail, or online (see below). The bureau you contact will notify the other two bureaus about the fraud alert. For more information on fraud alerts, you also may contact the FTC as described above.

    Equifax Fraud Alert
    P.O. Box 105069
    Atlanta, GA 30348-5069
    https://www.equifax.com/personal/credit-report-services/credit-fraud-alerts/
    1-800-685-1111

    Experian Fraud Alert
    P.O. Box 9554
    Allen, TX 75013-9544
    https://www.experian.com/fraud/center.html
    1-888-397-3742

    TransUnion Fraud Alert
    P.O. Box 2000
    Chester, PA 19016
    https://www.transunion.com/fraud-victim-resource/place-fraud-alert
    1-800-916-8800

    Consider Placing a Security Freeze on Your Credit File. You also have the right to place a security freeze on your credit report. A security freeze is intended to prevent credit, loans, and services from being approved in your name without your consent. Unlike a fraud alert, you must place a security freeze on your credit file at each consumer reporting agency individually.

    To place a security freeze on your credit report, you must make a request to each consumer reporting agency by phone, by mail, or online (see below). The consumer reporting agencies may require proper identification prior to honoring your request, so to place the security freeze for yourself, your spouse, or a minor under the age of 16, you will need to provide your name, address for the past two years, date of birth, Social Security number, proof of identity (such as a copy of a government-issued ID card and a bill or statement) and proof of address as requested by the credit reporting company. After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique PIN (personal identification number) or password, which will be required to lift the freeze, which you can do either temporarily or permanently. It is free to place, lift, or remove a security freeze.

    Equifax Security Freeze
    P.O. Box 105788
    Atlanta, GA 30348-5788
    https://www.equifax.com/personal/credit-report-services/credit-freeze/
    1-888-378-4329

    Experian Security Freeze
    P.O. Box 9554
    Allen, TX 75013-9544
    https://www.experian.com/freeze/center.html
    1-888-397-3742

    TransUnion Security Freeze
    P.O. Box 160
    Woodlyn, PA 19094
    https://www.transunion.com/credit-freeze
    1-800-916-8800

    Additional Resources

    Iowa Residents: You may contact law enforcement or the Iowa Attorney General’s Office to report suspected incidents of identity theft. This office can be reached at: Office of the Attorney General of Iowa, Hoover State Office Building, 1305 E. Walnut Street, Des Moines, IA 50319, (515) 281-5164, https://www.iowaattorneygeneral.gov.

    Maryland Residents: You can obtain information from the Maryland Office of the Attorney General about steps you can take to avoid identity theft. This office can be reached at: Maryland Office of the Attorney General, Consumer Protection Division, 200 St. Paul Place, Baltimore, MD 21202, (888) 743-0023, https://www.marylandattorneygeneral.gov.

    Massachusetts Residents: You have the right to obtain a police report and request a security freeze (at no charge) as described above. The consumer reporting agencies may require that you provide certain personal information (such as your name, Social Security number, date of birth, and address) and proper identification (such as a copy of a government-issued ID card and a bill or statement) prior to honoring your request to place a security freeze on your account.

    New Mexico Residents: You have rights under the federal Fair Credit Reporting Act (“FCRA”). These include, among others, the right to know what is in your file; to dispute incomplete or inaccurate information; and to have consumer reporting agencies correct or delete inaccurate, incomplete, or unverifiable information. For more information about the FCRA, please visit: https://files.consumerfinance.gov/f/201504_cfpb_summary_your-rights-under-fcra.pdf or www.ftc.gov.

    New York Residents: You can obtain information from the New York State Office of the Attorney General about how to protect yourself from identity theft and tips on how to protect your privacy online. This office can be reached at: Office of the Attorney General, The Capital, Albany, NY 12224-0341, (800) 771-7755, https://www.ag.ny.gov.

    North Carolina Residents: You can obtain information from the North Carolina Attorney General’s Office about preventing identity theft. This office can be reached at: North Carolina Attorney General’s Office, 9001 Mail Service Center, Raleigh, NC 27699-9001, (919) 716-6400, https://www.ncdoj.gov.

    Oregon Resident: We encourage you to report suspected identity theft to the Oregon Attorney General. This office can be reached at: Oregon Department of Justice, 1162 Court Street NE, Salem, OR 97301-4096, (877) 877-9392, https://www.doj.state.or.us.

    Rhode Island Residents: You may obtain information about preventing and avoiding identity theft from the Rhode Island Office of the Attorney General. This office can be reached at: Rhode Island Office of the Attorney General, Consumer Protection Unit, 150 South Main Street, Providence, RI 02903, (401) 274-4400, https://www.riag.ri.gov.

    You have the right to obtain a police report and request a security freeze as described above. The consumer reporting agencies may require that you provide certain personal information (such as your name, Social Security number, date of birth, and address) and proper identification (such as a copy of a government-issued ID card and a bill or statement) prior to honoring your request for a security freeze on your account.

    Washington, D.C. Residents: You may obtain information about preventing and avoiding identity theft from the Office of the Attorney General for the District of Columbia. This office can be reached at: Office of the Attorney General for the District of Columbia, 400 6th Street NW, Washington, D.C. 20001, (202) 727-3400, https://www.oag.dc.gov.