A ransomware attack in January at Frederick Health Medical Group, a major healthcare provider in Maryland, has led to a data breach affecting nearly one million patients. As the health system revealed in a late March notification to patients, the ransomware attack was detected on January 27, which prompted Frederick Health to notify law enforcement and hire a third-party forensic firm to investigate the incident's impact. While Frederick Health didn't share the number of individuals affected by this data breach, the healthcare provider reported the incident to the U.S. Department of Health and Human Services on March 28. While the healthcare provider tagged the incident as a ransomware attack, no ransomware operation has claimed the breach, which suggests that Frederick Health has paid the ransom demand the attackers asked for. Earlier this week, Blue Shield of California disclosed a data breach after exposing protected health information of 4.7 million members to Google's analytics and advertisement platforms. HHS has now updated its list of reported breaches, confirming that the Frederick Health data breach impacted 934,326 patients. They also exfiltrated personal health information, such as medical record numbers, health insurance information, and/or clinical information related to patients' care. Yale New Haven Health (YNHHS) has also warned that attackers stole the personal data of 5.5 million patients in a cyberattack earlier this month. Depending on the affected individuals, the attackers stole a combination of sensitive personal information, including patient names, addresses, dates of birth, Social Security numbers, and driver's license numbers.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 24 Apr 2025 16:20:11 +0000