Maternal & Family Health Services (MFHS), a Pennsylvania-based nonprofit health provider, confirmed that a ransomware attack exposed sensitive data of nearly half a million people. The data breach affected current and former patients, employees, and vendors.
MFHS became aware of the incident on April 4, 2022. However, they suspect the initial compromise might have occurred as early as August 21, 2021. The Maine attorney general’s office reported that a total of 461,070 people were affected.
Sensitive data accessed by the attackers included names, addresses, birth dates, driver’s license numbers, Social Security numbers, usernames, passwords, health insurance and medical information, financial information, and credit/debit card numbers. This was confirmed in a letter sent by MFHS to affected individuals on January 10.
Details about the attackers and their possible ransom demands remain unclear. MFHS hasn’t disclosed why it didn’t report the incident earlier. There’s also no claim of responsibility for the incident by any major ransomware group as of yet.