Ascension Health disclosed in April 2025 a second security incident, separate from the May 2024 Black Basta ransomware attack. This breach involved a former business partner that had mistakenly included Ascension patient data in a file shared with a software testing vendor for development purposes. That vendor’s systems were subsequently compromised by an attacker who accessed the file. Full clinical and personal information was potentially exposed including SSNs, medical diagnoses, health insurance details, and clinical records. Ascension notified affected patients and filed notifications with HHS OCR. This was Ascension’s second significant breach within approximately one year, following the 2024 ransomware attack that disrupted care at 140 hospitals across 19 states.