The US family planning nonprofit MFHS claims a ransomware attack has stolen patient medical data. Maternal & Family Health Services, a major nonprofit healthcare provider in the US, has confirmed that hackers had months earlier gained access to private patient, financial, and medical data.
The sensitive information of current and former patients, employees, and vendors was exposed due to a "sophisticated ransomware incident," according to a warning posted on MFHS' website on Thursday. Names, addresses, dates of birth, Social Security numbers, license numbers, information from financial accounts and credit cards, usernames and passwords, and details of medical and health insurance were all included in this data.
According to a forensic incident response firm's investigation, the organization, which provides services to over 90,000 people throughout Pennsylvania, was made aware of the incident on April 4, 2022, but it may have been first compromised as early as August 21, 2021.
Then, it took MFHS an additional nine months to make the incident public.
Patrick McGloin, a partner at Gaffney Bennett, a public relations company that represents MFHS, declined to respond to our inquiries beyond offering a canned response. It is currently unknown why MFHS delayed publicly disclosing the cyberattack, who carried it out, or whether MFHS complied with a ransom demand.
According to recent data from Emsisoft, ransomware affected at least 25 healthcare providers operating 290 hospitals in 2022. Healthcare organizations are a frequent target for ransomware attacks. This includes the Chicago-based medical behemoth CommonSpirit Health, which acknowledged that a ransomware attack in October made more than 620,000 patients' personal information vulnerable.