Legal Fallout Mounts for Ascension After Ransomware Attack

Class-Action Lawsuit Arises from Ascension Ransomware Attack

Ascension Lawsuit and Mitigation Tactics

Legal challenges are mounting for healthcare giant Ascension following a recent ransomware attack that disrupted operations across its extensive network of 140 hospitals. The company is now facing two proposed class-action lawsuits filed in the District Courts of Illinois and Texas, alleging negligence on Ascension’s part for failing to encrypt patient data.

The lawsuits claim that the lack of proper encryption measures exposed patients to the risk of identity theft following the cyberattack that forced the diversion of ambulances and suspension of elective care services. Ascension has not confirmed any compromise of patient data, but investigations are ongoing.

In response to the lawsuits, Ascension stated, “We are conducting a thorough investigation of the incident with the support of leading cybersecurity experts and law enforcement. If we determine sensitive data was potentially exfiltrated or accessed, we will notify and support the affected individuals in accordance with all relevant regulatory and legal obligations.”

Despite ongoing investigations, Ascension has yet to disclose whether patients’ sensitive information was compromised during the cyber incident. The company is working with cybersecurity experts to restore and recover from the attack, aiming to bring systems back online safely and swiftly.

Industry analysts note that Ascension, a Catholic health system with a workforce of approximately 132,000 individuals, has robust liquidity and leverage, providing a significant rating cushion against such one-off events. The company remains focused on mitigating the impact of the ransomware attack on its operations and reputation.