Strauss Borrelli PLLC, a leading data breach law firm, is investigating Ascension Health Alliance, which does business as Ascension, regarding its recent data breach. The Ascension data breach involved sensitive personal information and protected health information belonging to an undetermined number of individuals.
ABOUT ASCENSION HEALTH ALLIANCE D/B/A ASCENSION:
Ascension is a non-profit, Catholic healthcare system based in Missouri. Founded in 1999, Ascension operates in 16 states and the District of Columbia – including over 100 hospitals and 34 senior living facilities – while providing a variety of services including physician practice management, venture capital investing, investment management, biomedical engineering, facilities management, clinical care management, information services, risk management, and contracting through Ascension’s own group purchasing organization.2,3 In FY2024, Ascension provided $2.1 billion in care of persons living in poverty and other community benefit programs.2 Headquartered in St. Louis, Missouri, Ascension employs over 10,000 individuals.
WHAT HAPPENED?
Recently, Ascension announced that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its care may have been compromised. According to the breach notice, on December 5, 2024, Ascension learned that its patient information may have been involved in a potential security incident.1 As a result, Ascension launched an investigation to determine the nature of the incident.
Through its investigation, on January 21, 2025, Ascension determined it had disclosed information to a former business partner, and some of this information was likely stolen from them due to a vulnerability in third-party software that the former business partner used.1 As a result, Ascension began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Address
- Date of birth
- Phone number and email address
- Race and gender
- Clinical information related to an inpatient visit (e.g., place of service, physician name, admission and discharge dates, diagnosis and billing codes, medical record number, and insurance company name)
On April 28, 2025, Ascension posted a notice of the incident on its website. Based on the website breach notice, Ascension is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. A link to the form breach notification that Ascension posted to its website is below.
If you received a breach notification letter from Ascension Health Alliance d/b/a Ascension:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
