Insights / Blog
Insights / Blog

BreachWatch™: Ascension

Turning vendor chaos into clarity - Perimeter’s VRM perspective.

September 24, 2025

BreachWatch Ascension cybersecurity analytics platform logo with sleek modern design and technology-themed background.

Snapshot

  • Incident type: Ransomware originating via a third‑party contractor (a former business partner).
  • Operational impact: Core systems- including electronic health records (EHR) were disrupted; teams shifted to manual processes.
  • Data exposure risk: Scope under investigation; patient data and operational integrity potentially affected.
  • Underlying control gap: Vendor offboarding– access and data custody were not fully closed out with the former partner (FBP), including assurance of secure data destruction.

Why it matters: This is not only a “cyber” event, it’s a vendor lifecycle failure. Offboarding is a legal and operational safeguard, not a formality.

What happened

A former business partner (FBP) tied to Ascension was compromised by a cybercriminal group using ransomware. Based on available information, the FBP appears to have maintained outdated security practices, creating an entry point. The incident disrupted critical operations across clinical systems, labs, and patient services, and forced a temporary reversion to manual workflows while the scope of potential patient‑data exposure was evaluated.

VRM takeaways

  1. Offboarding is a control, not a courtesy. Every asset and data flow must be revoked, returned, or destroyed – and documented.
  2. Former partners still create current risk. Residual credentials, data copies, and shadow integrations often linger.
  3. Trust the proof, not the promise. Vendor self‑attestations aren’t enough; you need continuous validation and correlation to prove controls are operating.

How Perimeter would have helped

Perimeter delivers Painless VRM: end‑to‑end, continuous, and real‑time. Here’s how the platform addresses the specific failure modes in this incident:

1) Close the loop on vendor offboarding

  • Assess: Policy‑driven workflows to initiate offboarding when a relationship ends or risk changes.
  • Share: Collect attestations and evidence from the FBP (e.g., certificate of destruction, access‑termination confirmations) with an auditable trail.
  • Respond: Prebuilt playbooks to orchestrate the offboarding tasks across security, legal, and operations.

2) Validate vendor claims continuously

  • Verify: Ongoing checks that flag weak vendor hygiene and correlate findings to stated controls- so gaps surface before they become incidents.
  • Monitor: Breach and threat signals tied to specific vendors to trigger reassessment or offboarding workflows automatically.

3) Turn contracts and documents into action

  • Extract: Parse BAAs, MSAs, and SOWs to surface data‑retention and destruction obligations, then auto‑create offboarding tasks with cited clauses.
See Verify and Extract in action

Control checklist (use now)

  • Revoke all credentials, integrations, and network paths for former vendors (FBPs).
  • Confirm and file proof of data deletion/destruction in the vendor record.
  • Track residual data custody (backups, test environments, analytics copies) to closure.
  • Validate ongoing control adherence with automated checks; don’t rely on static questionnaires.
  • Trigger reassessment or offboarding when breach signals appear- automatically, not ad hoc.

Bottom line

This incident underscores a simple principle: If you can’t prove it, it didn’t happen. Perimeter helps organizations prove offboarding, validation, and data‑custody controls- so third‑party risk doesn’t become a patient‑care crisis.

Talk to an expert
See a demo

Award-Winning VRM

Want to see what G2 High Performer support looks like in action?

Schedule a Demo

FAQ

A ransomware event linked to a former business partner disrupted operations and led teams to use manual processes while potential patient-data exposure was evaluated.
Offboarding is a control - not a courtesy. Credentials, integrations, and any vendor-held copies of data must be revoked, returned, or destroyed - with auditable proof.
Assess, Share, and Respond close the loop on offboarding. Verify and Monitor provide continuous validation and breach signals. Extract turns contract obligations into tasks.
Revoke vendor access, confirm and file deletion or destruction proof, track residual data custody to closure, validate control adherence with automated checks, and trigger reassessment or offboarding when breach signals appear.

You May Also Like

Bright city lights and fast-moving traffic at night with a dynamic blur effect, showcasing urban transportation and modern infrastructure. Perfect for illustrating smart city solutions and advanced mobility concepts.
Learn more
Learn more
Stressed office worker working on laptop at a modern desk with flowers and plants in a bright, professional workspace.
Learn more

What Users Say

Yan S.
Manager of Cybersecurity Operations
Customer Experience is Great!

The Perimeter team has been incredibly receptive to feedback and requests for help. Perimeter has been essential to us being able to track and be able to complete security assessments.

Jaimin P.
Senior Risk Manager
Best Vendor Management Tool!

Perimeter was very fast for our team to implement and start using. They also have an unlimited user model, which works in our favor, and the platform is straightforward to use.

Ryan K.
Principal Consultant
GREAT ASSESSMENT PLATFORM

Perimeter is an extremely easy-to-use and flexible assessment platform. The tool is agnostic to any one methodology. It can be customized to your company’s specific rule sets to measure vendor’s risk or leverage one of Perimeter’s templates. Their support team is super helpful if you want to get more detailed, and the team is always willing to help walk you through something.

Bella R.
Senior Cybersecurity Risk Manager
Perimeter has great features!

Perimeter provides a user-friendly interface, customizable workflows, integration capabilities with other systems, and its ability to centralize and manage vendor information effectively.

Danny F.
Account Executive
I consider Perimeter experts!

Perimeter is intuitive and the knowledge base helps a ton with responding to RFP's and client assessments that we receive. As a salesperson, it is super helpful to have pre-approved responses that we can leverage to respond to questions.

Robert P.
Director of Security
Vendor Risk Management made simple

Perimeter ensures we are answering questions from different clients the same, and also saves us a lot of time to do it.

Omar C.
Information Systems Security Manager
Great tool for our company

The integration with Excel sheets and the ability to work with websites seamlessly has been a tremendous asset for me on audits.

Nupur V.
System Security Analyst
Excellent with Data Processing

The Perimeter team was really proactive in engaging with requirements. I would say very comitted and positive team. They were also flexible with the changing requirements and delivered the product within the project timeline.

Derek P.
Information Security Analyst
I didn't know I needed it, now I have to have it

If you want a tool that comes pre-populated and you can start using day one, get this one. If you want a tool and is highly customizable and can quickly be modified to suit your needs. If you want a tool that has excellent support, use this one. I'm certain there are things that Perimeter doesn't do excellently, but I haven't found them yet.