Senator Urges FTC Probe Into Microsoft After Ascension Ransomware Attack

US Senator Ron Wyden urges the FTC to investigate Microsoft after its software contributed to a major ransomware attack on Ascension Hospital, exposing 5.6 million patient records.

A US senator is pushing for a formal investigation into Microsoft, claiming the company’s software enabled a massive ransomware attack on a major hospital system. In a letter (PDF) dated September 10, 2025, Senator Ron Wyden urged the Federal Trade Commission (FTC) to hold Microsoft accountable for “dangerous, insecure software” that compromised the records of millions of patients from Ascension, one of the largest non-profit health care systems in the country.

An FTC spokesperson confirmed the agency had received the letter but wouldn’t comment further.

New details from the senator’s office reveal how the 2024 hack began. A contractor’s laptop became infected with malware after they clicked a malicious link from a Bing search. Due to insecure default settings in Microsoft‘s software, the hackers were able to gain highly privileged access to Ascension’s network.

For your information, the hackers exploited a weakness using a technique called Kerberoasting. This method took advantage of a very old encryption technology from the 1980s called RC4, which Microsoft’s software still includes in its default settings.

This allowed the hackers to take control of the Active Directory server, essentially giving them master control of the entire network. They then used this access to push ransomware to thousands of computers, ultimately stealing sensitive data from 5.6 million patients.

It’s worth noting that government groups like the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the NSA had already issued warnings about these exact security weaknesses.

This isn’t the first time Microsoft has been at the centre of such a security controversy. Wyden noted that the company has a long history of security issues, including a 2023 Chinese hack of US government agencies. A review board formed to analyse this hack, which Wyden had requested, concluded that “Microsoft’s security culture was inadequate and requires an overhaul.”

Wyden’s letter also highlighted Microsoft’s slow response. Even after his staff had warned company officials about the Kerberoasting threat in July 2024, it took Microsoft until October to publish a technical blog post, and it has yet to release a promised software update to fix the vulnerability.

The senator argues that, given Microsoft’s market dominance, it has little incentive to fix its problems because many companies and government agencies have no choice but to use its products. Wyden concluded that “Microsoft has become like an arsonist selling firefighting services to their victims,” adding that the company’s current security approach poses a substantial risk to national security.