Techly NewsGet the app

Get the latest tech news

How weak passwords and other failings led to catastrophic breach of Ascension


A deep-dive into Active Directory and how “Kerberoasting” breaks it wide open.

Last week, a prominent US senator called on the Federal Trade Commission to investigate Microsoft for cybersecurity negligence over the role it played last year in health giant Ascension's ransomware breach, which caused life-threatening disruptions at 140 hospitals and put the medical records of 5.6 million patients into the hands of the attackers. In a letter sent last week to FTC Chairman Andrew Ferguson, Sen. Ron Wyden (D-Ore.) said an investigation by his office determined that the hack began in February 2024 with the infection of a contractor's laptop after they downloaded malware from a link returned by Microsoft’s Bing search engine. Wyden blasted Microsoft for its continued support of its three-decades-old implementation of the Kerberos authentication protocol that uses an insecure cipher and, as the senator noted, exposes customers to precisely the type of breach Ascension suffered.

Get the Android app

Or read this on ArsTechnica

Read more on:

Photo of Ascension

Ascension

Photo of weak passwords

weak passwords

Photo of catastrophic breach

catastrophic breach

Related news:

News photo

Chrome's password manager will now auto-update your weak passwords

News photo

Ascension says recent data breach affects over 430,000 patients

News photo

Healthcare group Ascension discloses second cyberattack on patients' data

« iOS 26: Use AirPods as Microphone When Shooting Video
The best October Prime Day deals to shop now: Early sales on tech from Apple, Beats, Samsung, Anker and others »