Husain Parvez
Published on: September 15, 2025
U.S. Senator Ron Wyden has called on the Federal Trade Commission to investigate Microsoft, alleging that the company’s default security settings contributed to the massive 2024 ransomware attack on Ascension, one of the largest nonprofit health systems in the U.S.
In a letter dated September 10, Wyden accused the tech giant of “gross cybersecurity negligence” and urged regulators to “investigate Microsoft and hold the company responsible for the serious harm it has caused by delivering dangerous, insecure software.” His office found that the breach began when a contractor clicked on a malicious link surfaced through Microsoft’s Bing search engine, leading to malware infection and escalation into Ascension’s core systems.
The hackers exploited a weakness known as Kerberoasting, which takes advantage of Microsoft’s continued support for RC4, an outdated encryption protocol. Wyden noted that “this hacking technique leverages Microsoft’s continued support by default for an insecure encryption technology from the 1980s called RC4 that federal agencies and cybersecurity experts… have for more than a decade warned is dangerous.”
The fallout from the Ascension breach was severe. Nearly 5.6 million patients were affected, with stolen records including Social Security numbers, medical histories, and financial data. Hospitals in multiple states were forced to divert ambulances and cancel procedures, while Ascension later disclosed that the cyberattack contributed to a $1.8 billion operating loss.
Microsoft has pushed back on the senator’s claims. A company spokesperson acknowledged RC4’s age but said it now makes up “less than 0.1% of the company’s traffic.” The company added that fully disabling it too quickly would “break many customer systems,” though it plans to turn off RC4 by default in new Active Directory installations starting in 2026.
Wyden’s request comes after the Cyber Safety Review Board last year concluded that “Microsoft’s security culture was inadequate and requires an overhaul,” following another breach linked to Chinese state-backed actors. The FTC has not yet commented on whether it will open an investigation.
