Over the course of the last year, Ascension Health has been affected by several third-party data breaches impacting its patients across multiple states. TechTarget reports:
Ascension Health, a Missouri-based Catholic health system, has disclosed several third-party data breaches in 2025, impacting patients across its network of hospitals and care facilities.
While Ascension posted notices for each third-party data breach in 2025 on its website, including one for the Change Healthcare cyberattack, the incidents all occurred in 2024 or prior.
Ascension, which serves patients across 16 states and Washington, D.C., also suffered an unrelated 5.6-million-record data breach in May 2024 due to a ransomware attack on its own systems.
Read about the third-party incidents at TechTarget.
Although the accountability buck may stop with the covered entities, two reports released in early 2025 emphasize the significant impact of business associate breaches. A report by Ponemon Institute and Imprivata revealed that 44% of healthcare survey respondents experienced a data breach or cyberattack involving third-party network access in the prior months. The Bluesight 2025 Breach Barometer Report, based on health data incidents reported to HHS and other sources, found that 77% of all breached health or medical records were attributable to breaches at business associates or vendors.
