Ascension is committed to the privacy and security of its patients’ information. This notice relates to a security incident that affected certain Ascension patient information from Ascension locations in Alabama, Michigan, Indiana, Tennessee, and Texas. Importantly, this incident did not involve Ascension systems, networks, or electronic health records. We are posting this substitute notice to provide information about the incident and provide relevant resources.

What Happened? On December 5, 2024, we learned that Ascension patient information may have been involved in a potential security incident. We immediately initiated an investigation to determine whether and how a security incident occurred. Our investigation determined on January 21, 2025, that Ascension inadvertently disclosed information to a former business partner, and some of this information was likely stolen from them due to a vulnerability in third-party software used by the former business partner. We have since reviewed our processes and are working to implement enhanced measures to prevent similar incidents from occurring in the future.

What Information Was Involved? Our investigation determined that the personal information involved in this incident included demographic information, such as a name, address, phone number(s), email address, date of birth, race, gender, and Social Security number (SSN), as well as clinical information related to an inpatient visit, such as place of service, physician name, admission and discharge dates, diagnosis and billing codes, medical record number, and insurance company name. The exact type of information involved depends on the individual.

What Are We Doing? We have offered two years of complimentary credit monitoring and identity theft protection services to those impacted, provided by Kroll. These services include Credit Monitoring, Fraud Consultation, and Identity Theft Restoration. For more information about Kroll and Identity Monitoring services, visit www.info.krollmonitoring.com.

What Can You Do? We regret any inconvenience this incident may cause and are providing individuals with information about steps they can take to help protect their information. We encourage individuals to remain vigilant against incidents of identity theft and fraud, review account statements, and monitor credit reports for suspicious activity. Here are some steps individuals can take to help protect their information.  

• Order a Credit Report. You are entitled under U.S. law to one free credit report annually from each of the three nationwide consumer reporting agencies. To order your free credit report, visit www.annualcreditreport.com or call toll-free at (877) 322-8228.
• Remain Vigilant. We encourage individuals to remain alert for any unsolicited communications regarding their personal information, review account statements for suspicious activity, and monitor free credit reports. 
• Review the Enclosed Reference Guide. The following Reference Guide provides additional information and recommendations on the protection of personal information.

For More Information. We take the privacy and security of our patients' health information seriously and sincerely apologize for this incident. If you have questions, please call our dedicated, toll-free call center (866) 408-3556, Monday through Friday between 8:00 am and 5:30 pm Central Time, excluding major U.S. holidays.

Reference Guide

Order Your Free Credit Report. You may obtain a copy of your credit report, free of charge, whether or not you suspect any unauthorized activity on your account. To order your free credit report, visit www.annualcreditreport.com, call toll-free at (877) 322-8228, or complete the Annual Credit Report Request Form on the U.S. Federal Trade Commission’s (“FTC”) website at www.consumer.ftc.gov and mail it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. The three nationwide consumer reporting agencies provide free annual credit reports only through the website, toll-free number or request form.

Monitoring. You should always remain vigilant for incidents of fraud and identity theft by reviewing bank and payment card account statements, monitoring your credit reports for suspicious or unusual activity and immediately reporting any suspicious activity or incidents of identity theft.

You can contact the FTC to learn more about how to protect yourself from becoming a victim of identity theft and how to repair identity theft: Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580, (877) IDTHEFT (438-4338), www.ftc.gov/idtheft/. 

Consider Placing a Fraud Alert on Your Credit File. To protect yourself from possible identity theft, consider placing a fraud alert on your credit file. A fraud alert tells creditors to follow certain procedures, including contacting you, before they open any new accounts or change your existing accounts. For that reason, placing a fraud alert can protect you, but also may delay you when you seek to obtain credit. Initial fraud alerts last for one year. Victims of identity theft can also get an extended fraud alert for seven years.  You can place fraud alerts with the three credit bureaus by phone, by mail, or online (see below). The bureau you contact will notify the other two bureaus about the fraud alert.  For more information on fraud alerts, you also may contact the FTC, as described above.

Consider Placing a Security Freeze on Your Credit File. You also have the right to place a security freeze on your credit report.  A security freeze is intended to prevent credit, loans, and services from being approved in your name without your consent. Unlike a fraud alert, you must place a security freeze on your credit file at each consumer reporting agency individually. 

To place a security freeze on your credit report, you must make a request to each consumer reporting agency by phone, by mail, or online (see below). The consumer reporting agencies may require proper identification prior to honoring your request, so to place the security freeze for yourself, your spouse, or a minor under the age of 16, you will need to provide your name, address for the past two years, date of birth, Social Security number, proof of identity and proof of address as requested by the credit reporting company. After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique PIN (personal identification number) or password, which will be required to lift the freeze, which you can do either temporarily or permanently. It is free to place, lift, or remove a security freeze.

Additional Resources

For Iowa Residents. You may contact law enforcement or the Iowa Attorney General’s Office to report suspected incidents of identity theft. This office can be reached at: Office of the Attorney General of Iowa, Hoover State Office Building, 1305 E. Walnut Street, Des Moines, IA 50319, (515) 281-5164, www.iowaattorneygeneral.gov. 

For Maryland Residents. You can obtain information from the Maryland Office of the Attorney General about steps you can take to avoid identity theft. You may contact the Maryland Attorney General at: Maryland Office of the Attorney General, Consumer Protection Division, 200 St. Paul Place, Baltimore, MD 21202, (888) 743-0023, www.marylandattorneygeneral.gov.

For Massachusetts Residents. You have the right to obtain a police report and request a security freeze as described above. The consumer reporting agencies may require that you provide certain personal information (such as your name, Social Security number, date of birth, and address) and proper identification (such as a copy of a government-issued ID card and a bill or statement) prior to honoring your request to place a security freeze on your account.  

For New Mexico Residents. You have rights under the federal Fair Credit Reporting Act (“FCRA”). These include, among others, the right to know what is in your file; to dispute incomplete or inaccurate information; and to have consumer reporting agencies correct or delete inaccurate, incomplete, or unverifiable information. For more information about the FCRA, please visit files.consumerfinance.gov/f/201504_cfpb_summary_your-rights-under-fcra.pdf or www.ftc.gov.

For New York Residents. You can obtain information from the New York State Office of the Attorney General about how to protect yourself from identity theft and tips on how to protect your privacy online. This office can be reached at: Office of the Attorney General, The Capital, Albany, NY 12224-0341, (800) 771-7755, www.ag.ny.gov.

For North Carolina Residents. You can obtain information from the North Carolina Attorney General’s Office about preventing identity theft. You can contact the North Carolina Attorney General at: North Carolina Attorney General’s Office, 9001 Mail Service Center, Raleigh, NC 27699-9001, (919) 716-6400, www.ncdoj.gov. 

For Oregon Residents. We encourage you to report suspected identity theft to the Oregon Attorney General at: Oregon Department of Justice, 1162 Court Street NE, Salem, OR 97301-4096, (877) 877-9392, www.doj.state.or.us. 

For Rhode Island Residents.  You may obtain information about preventing and avoiding identity theft from the Rhode Island Office of the Attorney General at: Rhode Island Office of the Attorney General, Consumer Protection Unit, 150 South Main Street, Providence, RI 02903, (401) 274-4400, www.riag.ri.gov.

You have the right to obtain a police report and request a security freeze as described above. The consumer reporting agencies may require that you provide certain personal information (such as your name, Social Security number, date of birth, and address) and proper identification (such as a copy of a government-issued ID card and a bill or statement) prior to honoring your request for a security freeze on your account. 

For Washington, D.C. Residents. You may obtain information about preventing and avoiding identity theft from the Office of the Attorney General for the District of Columbia at: Office of the Attorney General for the District of Columbia, 400 6th Street NW, Washington, D.C. 20001, (202) 727-3400, www.oag.dc.gov.

Ascension received notice from a third party - Scharnhorst Ast Kennard Griffin (“SAKG”) - of a security incident that impacted Ascension information. Importantly, this incident did not involve Ascension systems, networks, or electronic health records. On August 1, 2024, SAKG became aware of suspicious activity within its environments and launched an investigation into the nature and scope of the activity with the assistance of third-party forensic specialists. SAKG also notified law enforcement. The investigation determined that certain information was viewed or taken by an unauthorized actor between July 17, 2024 and August 6, 2024. SAKG notified Ascension of impacted individuals on February 14, 2025.

The following types of information were impacted: name, phone number, date of birth, date of death, Social Security number, driver’s license or state identification card, race, and medical treatment related information including dates of services, condition, history, procedure information, provider name, test or vaccine information, lab results, prescription information health insurance name and identification number, and other identifiers such as medical record number and patient account number. Not everyone had all types of information affected.

SAKG is not aware of any attempted or actual misuse of the information, or that the information was used to commit identity theft or fraud, but is providing credit monitoring and identity theft protection services at no cost to the individual. SAKG is also reminding individuals to remain vigilant against incidents of identity theft and fraud by reviewing account statements and monitoring free credit reports for suspicious activity and to detect errors. SAKG is also reviewing existing security policies and have implemented additional cybersecurity measures to further protect against similar events moving forward. 

SAKG has set up a dedicated assistance line to answer questions. If you have additional questions, please call 1-800-939-4170 from 9:00 a.m. to 5:00 p.m. Central time, Monday through Friday, excluding major U.S. holidays. You may also write to SAKG at 1100 Walnut Street, Suite 1950, Kansas City, Missouri 64106.

We received notice from Access Telecare, a third-party business partner who provides telehealth services to Ascension Seton (Texas), of a security incident affecting their systems. Importantly, this incident did not involve Ascension systems, networks, or electronic health records. Additional information is available on Access TeleCare’s website at: https://accesstelecare.com/notice-of-data-privacy-event/. Access TeleCare has established a dedicated assistance line at 1-833-799-4431, available Monday through Friday from 8 a.m. to 8 p.m. Eastern time.