Ascension has reported a data breach that might be linked to a hack on Cleo.

Ascension Health, a non-profit healthcare system, is letting more than 100,000 people know that hackers stole their personal and health information. This happened because hackers found a security flaw in software used by a business partner Ascension used to work with.

Due to this flaw, Ascension accidentally shared sensitive information with that business partner. The breach was discovered on December 5, 2024, and it appears to be linked to the Cleo data breach that impacted many companies.

In the Cleo attack, a group called Cl0p ransomware exploited two unknown security weaknesses to steal data from various organizations, including well-known firms like Hertz Corporation and Western Alliance Bank.

Ascension, a major healthcare provider in the United States, was affected due to this former business partner, though the partner's name was not disclosed.

Recently, Ascension shared that the stolen data includes personal and health details such as names, addresses, phone numbers, birth dates, email addresses, Social Security numbers, diagnosis information, insurance details, and inpatient visit records.

To help those who might be impacted, Ascension is offering two years of free credit monitoring and identity theft protection services.

The organization did not reveal the exact number of affected individuals but confirmed it involves patients located in Alabama, Michigan, Indiana, Tennessee, and Texas.

Notifications sent to authorities in Massachusetts and Texas indicate that over 114,700 people were impacted. SecurityWeek has contacted Ascension seeking more details, promising updates if they receive more information.

Earlier, Ascension reported another data breach affecting about 5.6 million people. That event occurred in May 2024 due to a BlackBasta ransomware attack.