Around 5.6 million individuals have had their sensitive personal, medical and financial information breached as a result of a ransomware attack on US healthcare giant Ascension.

The company shared the extent of the data breach in a filing to the Office of the Maine Attorney General on December 19.

Following an investigation, Ascension discovered that the attackers obtained copies of files containing the personal information of its patients and employees.

This information included:

Personal details, including names, dates of birth, addresses, Social Security numbers and drivers’ licenses’

Medical information, including medical record numbers, dates of service, types of lab tests, or procedure codes

Financial details, including credit card information or bank account number

The type of information accessed varied by individual, Ascension said.

However, there is currently no evidence that data was taken from its Electronic Health Records (EHR) and other clinical systems, where full patient records are stored.

‍