Maternal & Family Health Services, a nonprofit health service based in Pennsylvania, has revealed that thieves gained access to over 500,000 people’s sensitive data using a ransomeware.
Last week, MFHS disclosed that it had been infected with ransomware, which exposed the personal information of present and former patients, workers, and vendors. The healthcare behemoth stated that it was made aware of the event on April 4, 2022, but admits that it might have been hacked as early as August 21, 2021.
When approached by Paravotti at the time, MFHS declined to confirm the number of people affected. However, according to a letter issued this week by the Maine attorney general’s office, the breach has affected 461,070 persons, including 68 Maine citizens.
MFHS stated in a letter sent to affected residents on January 10 — more than nine months after the organization was first notified of the ransomware incident — that attackers gained access to sensitive data such as names, addresses, dates of birth, driver’s license numbers, Social Security numbers, usernames and passwords, health insurance and medical information, and financial information. According to the letter, the attackers also stole credit and debit card information.
It’s unknown who was behind the ransomware attack, whether MFHS paid the ransom, and why the non-profit didn’t report the problem sooner. MFHS did not immediately react to Paravotti’s questions on Wednesday, and no big ransomware gang appears to have claimed responsibility for the event.
