The Austin hospital system Ascension Seton experienced a data breach of two websites earlier this year, potentially exposing the personal information of certain users.
Ascension Seton issued a statement Tuesday saying its legacy websites — Seton.net and DellChildrens.net — were breached on March 1 and 2. The hospital system said it has been working alongside Vertex, the third-party vendor that managed the sites, to understand the scope of the security violation. Vertex also alerted law enforcement and hired a forensic investigator to study the event.
Ascension Seton said it did not have specific details about what information had been affected but that some users’ personal details, such as name, address, Social Security number, credit card numbers and insurance information may be at risk if they were entered through Seton.net or DellChildrens.net. But Ascension Seton said it currently believes that no information was extracted, shared or misused. Hospital medical record systems were unaffected, according to the hospital system.
“We take the protection and safeguarding of information seriously and have taken steps to ensure this kind of incident does not happen again,” Ascension said in the statement.
The affected websites have been shut down and were replaced by new sites hosted by Ascension, according to the hospital system. Ascension also alerted individuals whose information was affected by the breach and offered them identity theft and credit protection resources. Additionally, Ascension set up a dedicated assistance line for people affected by the breach: 866-547-1504.
Cybersecurity threats targeting hospitals and other health care settings have become increasingly common in recent years. In a study published late last year, researchers at the University of Minnesota found that ransomware attacks against American health care systems doubled between 2016 and 2021. Attacks in that five-year period exposed the personal health information of some 42 million people.
President Joe Biden also named the protection of sensitive health information as a goal of the National Cybersecurity Strategy he announced in March.