A ransomware assault in January at Frederick Well being Medical Group, a significant healthcare supplier in Maryland, has led to a knowledge breach affecting practically a million sufferers.
With nearly 4,000 staff and over 25 areas, Frederick Well being is one in all Frederick County’s largest employers.
Because the well being system revealed in a late March notification to sufferers, the ransomware assault was detected on January 27, which prompted Frederick Well being to inform regulation enforcement and rent a third-party forensic agency to analyze the incident’s influence.
“On January 27, 2025, we skilled a ransomware occasion affecting our IT methods,” the well being system mentioned. “The investigation decided that an unauthorized individual gained entry to our community and, on January 27, 2025, copied sure information from a file share server.”
“We’re mailing letters to people whose info might have been concerned and for whom we have now enough contact info,” it added.
Relying on the affected people, the attackers stole a mix of delicate private info, together with affected person names, addresses, dates of delivery, Social Safety numbers, and driver’s license numbers. In addition they exfiltrated private well being info, resembling medical file numbers, medical insurance info, and/or medical info associated to sufferers’ care.
Whereas Frederick Well being did not share the variety of people affected by this knowledge breach, the healthcare supplier reported the incident to the U.S. Division of Well being and Human Providers on March 28. HHS has now up to date its listing of reported breaches, confirming that the Frederick Well being knowledge breach impacted 934,326 sufferers.
Whereas the healthcare supplier tagged the incident as a ransomware assault, no ransomware operation has claimed the breach, which means that Frederick Well being has paid the ransom demand the attackers requested for.
A Frederick Well being spokesperson was not instantly obtainable when BleepingComputer reached out for extra particulars.
Earlier this week, Blue Defend of California disclosed a knowledge breach after exposing protected well being info of 4.7 million members to Google’s analytics and commercial platforms.
Yale New Haven Well being (YNHHS) has additionally warned that attackers stole the non-public knowledge of 5.5 million sufferers in a cyberattack earlier this month.
