We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Ascension Notifies Patients of Breach Involving Healthcare Data

Ascension Notifies Patients of Breach Involving Healthcare Data
Author Image Hendrik Human
Hendrik Human First published on May 04, 2025 Cybersecurity Researcher

Ascension Health has begun notifying individuals of yet another data breach that exposed their personally identifiable information (PII) and sensitive health records. Notifications were sent out to patients starting April 30, 2025 — nearly six months after Ascension discovered the breach on December 5, 2024.

An official investigation concluded on January 21, 2025. It revealed that Ascension inadvertently disclosed data to a former business partner, and some of that information was likely stolen due to a vulnerability in third-party software used by that partner.

Ascension confirmed that the stolen data included sensitive personal information, such as:

  • Name
  • Address
  • Phone number(s)
  • Email
  • Date of birth
  • Race
  • Gender
  • Social Security number (SSN)

Additionally, the stolen data included clinical information, like service locations, admission and discharge dates, diagnoses, medical record numbers, insurance, and billing codes.

“Importantly, this incident did not involve Ascension systems, networks, or electronic health records,” Ascension clarified in its official statement. The breach impacted facilities and patients in Alabama, Michigan, Indiana, Tennessee, and Texas. The company also reported the incident to the Massachusetts Attorney General’s office.

Ascension is one of the largest private healthcare systems in the US. The Catholic non-profit operates in 19 states and employs over 142,000 people across 142 hospitals and 40 senior living facilities.

Although the full scope of the leak is still unclear, Ascension is offering affected individuals two years of complimentary identity monitoring services. It is also encouraging patients to check their credit reports and place a fraud alert as a precaution.

This incident comes less than a year after a catastrophic data breach that exposed the records of over 5.6 million patients, as reported by HIPAA.

Unfortunately, incidents like these have become increasingly common among healthcare providers using third-party vendors. We recently reported on the exposure of 8 million healthcare workers’ PII by a UK-based software company. Cybersecurity researcher Jeremiah Fowler also discovered an unprotected database containing over 4.8 million records linked to Care1.

About the Author

Hendrik is a writer at vpnMentor, specializing in VPN comparisons and user guides. With 5+ years of experience as a tech and cybersecurity writer, plus a background in corporate IT, he brings a variety of perspectives to test VPN services and analyze how they address the needs of different users.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

This field must contain more than 50 characters

The field content should not exceed 1000 letters

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address