The cyberattack that debilitated one of Wisconsin’s largest hospital systems last spring has now been determined to have affected millions of patients’ personal information.
St. Louis-based Ascension began alerting affected people in late December.
On May 8, the health care system detected the data breach. At the time, it was unclear whether hackers gained access to sensitive patient information.
Stay informed on the latest news
Sign up for WPR’s email newsletter.
“Our investigation has determined that some of these files contain an individual’s name and information in one or more of the following categories: medical information, payment information (such as credit card information or bank account number), insurance information, government identification (such as social security number, driver’s license lumber or passport number),” according to a letter sent to patients on Dec. 19.
Ascension is offering patients who have been affected a new credit monitoring package for two years.
The health care system operates 24 hospital campuses and more than 100 health care facilities in the state.
Ascension Wisconsin officials did not respond to further questions by WPR.
Nationwide, the data breach has affected an estimated 5.6 million patients, according to the health care publication the HIPPA Journal.
That makes it the third largest health care data breach of the year, behind the Change Healthcare ransomware attack, affecting 100 million records, and the Kaiser Foundation Health Plan tracking technology data breach with 13.4 million records.
Last year, a cyberattack caused a system-wide outage for Hospital Sisters Health System and Prevea.
In early 2024, Group Health Cooperative of South Central Wisconsin, a nonprofit managed health care organization, also suffered a cyberattack that resulted in patients’ personal information being released.
Data from the U.S. Department of Health and Human Services Office for Civil Rights shows there are currently 11 security breaches under investigations at health care organizations in Wisconsin.
According to the New York Times, hospital systems have increasingly been targets for hackers in recent years. The Times reports that health care is one of the economic sectors most susceptible to cyber attacks because medical records can be sold for a lot of money.
Last year, there were a record 725 data breaches of 500 or more records, up from 720 such breaches the previous year, according the HIPAA Journal.
Wisconsin Public Radio, © Copyright 2025, Board of Regents of the University of Wisconsin System and Wisconsin Educational Communications Board.