A ransomware assault in January at Frederick Well being Medical Group, a serious healthcare supplier in Maryland, has led to a data breach affecting practically a million sufferers.
With virtually 4,000 workers and over 25 places, Frederick Well being is considered one of Frederick County’s largest employers.
Because the well being system revealed in a late March notification to sufferers, the ransomware assault was detected on January 27, which prompted Frederick Well being to inform regulation enforcement and rent a third-party forensic agency to research the incident’s impression.
“On January 27, 2025, we skilled a ransomware occasion affecting our IT programs,” the well being system mentioned. “The investigation decided that an unauthorized individual gained entry to our community and, on January 27, 2025, copied sure information from a file share server.”
“We’re mailing letters to people whose data might have been concerned and for whom we’ve got ample contact data,” it added.
Relying on the affected people, the attackers stole a mix of delicate private data, together with affected person names, addresses, dates of start, Social Safety numbers, and driver’s license numbers. In addition they exfiltrated private well being data, similar to medical file numbers, medical health insurance data, and/or scientific data associated to sufferers’ care.
Whereas Frederick Well being did not share the variety of people affected by this data breach, the healthcare supplier reported the incident to the U.S. Division of Well being and Human Companies on March 28. HHS has now up to date its record of reported breaches, confirming that the Frederick Well being data breach impacted 934,326 sufferers.
Whereas the healthcare supplier tagged the incident as a ransomware assault, no ransomware operation has claimed the breach, which means that Frederick Well being has paid the ransom demand the attackers requested for.
A Frederick Well being spokesperson was not instantly out there when BleepingComputer reached out for extra particulars.
Earlier this week, Blue Protect of California disclosed a data breach after exposing protected well being data of 4.7 million members to Google’s analytics and commercial platforms.
Yale New Haven Well being (YNHHS) has additionally warned that attackers stole the non-public information of 5.5 million sufferers in a cyberattack earlier this month.
