Ascension Healthcare 2023 Data Breach

Ascension Health Nonprofit Hospital System Breach (2023): Patient Medical Diagnoses & SSN Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Cl0p (via MOVEit supply chain; CVE-2023-34362)RansomwareMedicalFull NameMedical DiagnosisPhone NumberPhysical AddressSocial Security Number
High SeverityWebsite / service breach

Ascension Health Nonprofit Hospital System Breach (2023): Patient Medical Diagnoses & SSN Exposed

Large nonprofit Catholic health system operating hospitals and clinics.

Verified by ObscureIQ Intelligence
75/100Breach Risk Index
60Data Value
25Market Recency
509dSince Breach

Breach Intelligence Summary

Entity: Ascension Healthcare · Actor: Cl0p (via MOVEit supply chain; CVE-2023-34362) · Sources: 2 references
Attack: Ransomware
Profile: Healthcare provider · Hospital and healthcare services · Nonprofit health system · USA
Timeline: Breach (2023-05-31) · Indexed (Dec 04, 2024) · Year (2023)
Exposure: 261K records · 5 fields: Full Name, Medical Diagnosis, Phone Number, Physical Address, Social Security Number
Status: Reported

Executive Summary

Ascension Healthcare patient data was compromised in the 2023 MOVEit Transfer software supply-chain attack carried out by the Cl0p ransomware group. The Cl0p group exploited a previously unknown zero-day vulnerability in Progress Software's MOVEit Transfer file-sharing platform around May 28-31, 2023, accessing data from hundreds of organizations worldwide that used MOVEit either directly or through vendors. The Ascension portion of the incident was indexed in late 2024 by breach-tracking services after disclosures continued to surface from various MOVEit-affected vendors handling Ascension patient data.\n\nThe breach affected approximately 261,000 Ascension patient records. Compromised fields included names, home addresses, phone numbers, Social Security numbers, and medical diagnosis information. Cl0p exploited the MOVEit zero-day to extract data from MOVEit Transfer servers operated by various organizations in the broader healthcare supply chain. Ascension itself was not the direct MOVEit operator; rather, patient data flowed through vendors that used MOVEit for secure file transfer.\n\nFor affected patients, the practical risk profile is severe and durable. The combination of name, address, Social Security number, and medical diagnosis is a strong base for synthetic identity fraud, fraudulent credit applications, and medical-themed scams that reference real diagnoses. Ascension patients should also note that they may have been affected by additional unrelated incidents at Ascension, including the May 2024 direct ransomware attack and the late 2024 Cleo-related vendor breach. Affected individuals should freeze credit at all three U.S. bureaus, monitor health-insurance and Medicare statements closely for unfamiliar charges, and treat unsolicited contact referencing Ascension, related hospitals, or insurance verification with caution. The combination of multiple back-to-back disclosures involving the same patient population makes Ascension patients an unusually attractive target for medical-fraud and identity-theft attempts.

ObscureIQ assessment: Severe risk of identity theft, medical fraud, insurance abuse, and targeted phishing. The scale of the system increases the reach and durability of downstream harm.

Breach Impact

Ascension faces substantial cumulative institutional exposure, with three major breach events disclosed between 2023 and 2025 affecting more than six million patients in total. Federal HIPAA notification obligations, an active Office for Civil Rights review, multistate attorney-general filings, and class-action litigation pipelines are all underway. The 2024 Black Basta attack imposed direct operational costs through extended clinical-system outages, contributing to the system's reported fiscal-year net loss of \$1.1 billion. Vendor-pathway and supply-chain risks have prompted ongoing review of Ascension's third-party governance functions. The reputational impact is national in scope given Ascension's scale and the public discussion of patient-care disruptions during the May 2024 outage.

About Ascension Healthcare

Ascension Healthcare, also known as Ascension Health, is one of the largest nonprofit Catholic health systems in the United States. Headquartered in St. Louis, Missouri, the organization operates approximately 142 hospitals across sixteen states and the District of Columbia, alongside a wide network of senior-living facilities, physician practices, and ambulatory care sites. Ascension employs more than 142,000 staff and reported total revenue of approximately \$28.3 billion in fiscal 2023. As a HIPAA-regulated health system at substantial scale, Ascension maintains comprehensive protected health information across hospital, ambulatory, and home-care operations, including patient identity, insurance, billing, diagnostic, treatment, and prescription records.

Why They Hold Your Data

Large nonprofit health systems collect patient identity, contact, insurance, billing, scheduling, and clinical records across hospitals, clinics, and administrative systems.

Recent Developments

The 2023 MOVEit-related disclosure was followed by two further major incidents at Ascension. In May 2024, Ascension was directly hit by a Black Basta ransomware attack that began when an employee downloaded a malicious file, ultimately affecting approximately 5.6 million patients and forcing extended outages of clinical systems across the network. The system reported a \$1.1 billion net loss for fiscal 2024 due in part to the attack. In April 2025, Ascension disclosed a separate incident at a former business partner involving the late-2024 Cl0p exploitation of Cleo file-transfer software, ultimately affecting approximately 437,000 additional patients. Multiple class-action lawsuits and a continuing federal Office for Civil Rights review remain active as of 2026.

Data Points Exposed

5 verified field types
Full Name High
Medical Diagnosis Critical
Phone Number
Physical Address High
Social Security Number Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Identity theft and synthetic identity construction using government-issued IDs
  • SIM swap attacks where phone numbers are present
  • Doxxing risk from physical address exposure
  • Medical identity fraud or insurance abuse using health data
Threat vectors:
  • Name-based social engineering
  • Medical extortion, insurance fraud & discrimination
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat
  • Full identity theft & synthetic identity fraud

Threat Actor: Cl0p (via MOVEit supply chain; CVE-2023-34362)

Cl0p (via MOVEit supply chain; CVE-2023-34362)
Ransomware

Attribution and method are based on available breach intelligence. Reported attack vector: Ransomware.

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
IdentityTheft.gov
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Ascension Healthcare breach?

Ascension Healthcare patient data was compromised in the 2023 MOVEit Transfer software supply-chain attack carried out by the Cl0p ransomware group. The Cl0p group exploited a previously unknown zero-day vulnerability in Progress Software's MOVEit Transfer file-sharing platform around May 28-31,…

What data was exposed?

Verified fields include Full Name, Medical Diagnosis, Phone Number, Physical Address, Social Security Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation