Baltimore Medical System, Maryland’s largest Federally Qualified Health Center (FQHC), fell victim to a Brain Cipher ransomware attack on September 16, 2025, with sensitive patient data exfiltrated and published on the dark web. The breach exposed personally identifiable information (PII) and protected health information (PHI), including names, contact details, Social Security numbers, driver’s licenses, health insurance data, medical records, and payment information. While the exact number of affected individuals remains undisclosed, estimates suggest thousands of patients are at risk of identity theft, fraud, and malicious exploitation of their leaked data. The incident underscores severe vulnerabilities in healthcare cybersecurity, with potential long-term repercussions for patient trust and operational integrity. Baltimore Medical System is actively investigating the breach’s scope and advising affected individuals to monitor financial accounts, place fraud alerts, and exercise caution against phishing attempts.
Source: https://www.claimdepot.com/data-breach/baltimore-medical-system-2025
TPRM report: https://www.rankiteo.com/company/baltimore-medical-system
"id": "bal3902639091925",
"linkid": "baltimore-medical-system",
"type": "Ransomware",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'several thousand patients '
'(exact number unreleased)',
'industry': 'Healthcare',
'location': 'Maryland, USA',
'name': 'Baltimore Medical System',
'size': 'large (largest FQHC in Maryland)',
'type': 'Federally Qualified Health Center (FQHC)'}],
'customer_advisories': ['Review notices from Baltimore Medical System.',
'Monitor for identity theft or fraud.',
'Exercise caution with unsolicited requests for '
'personal information.'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 'several thousand (exact number '
'unreleased)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (includes health and financial '
'data)',
'type_of_data_compromised': ['PII',
'PHI',
'names',
'contact information',
'dates of birth',
'Social Security numbers',
"driver's license copies",
'health insurance information',
'medical records',
'payment information']},
'date_publicly_disclosed': '2025-09-16',
'description': 'Baltimore Medical System, the largest Federally Qualified '
'Health Center (FQHC) in Maryland, experienced a major '
'cyberattack by the Brain Cipher ransomware group. Sensitive '
'data, including PII and PHI, was exfiltrated and published on '
'the group’s Tor-based leak site. The breach poses risks of '
'identity theft, fraud, and malicious use of leaked '
'information, affecting several thousand patients.',
'impact': {'brand_reputation_impact': 'high (potential loss of trust due to '
'exposure of sensitive health data)',
'data_compromised': ['personally identifiable information (PII)',
'protected health information (PHI)',
'names',
'contact information',
'dates of birth',
'Social Security numbers',
"driver's license copies",
'health insurance information',
'medical records',
'payment information'],
'identity_theft_risk': 'high',
'payment_information_risk': 'high'},
'initial_access_broker': {'data_sold_on_dark_web': True,
'high_value_targets': ['patient PII',
'PHI',
'financial data']},
'investigation_status': 'ongoing (identifying impacted individuals and scope '
'of data)',
'motivation': ['financial gain', 'data theft', 'extortion'],
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'Brain Cipher'},
'recommendations': ['Monitor financial accounts and credit reports for signs '
'of identity theft.',
'Consider placing fraud alerts or credit freezes with '
'major credit bureaus.',
'Be cautious of unsolicited emails or phone calls '
'requesting personal information.',
'Review notices or communications from Baltimore Medical '
'System or associated entities.'],
'references': [{'source': 'Claim Depot (via dark web posting by Brain Cipher '
'ransomware group)'}],
'response': {'communication_strategy': {'patient_advisories': ['monitor '
'financial '
'accounts and '
'credit '
'reports',
'place fraud '
'alerts or '
'credit '
'freezes',
'beware of '
'unsolicited '
'emails/phone '
'calls '
'requesting '
'personal '
'information'],
'public_statement': 'Working to '
'identify all '
'impacted '
'individuals and '
'the scope of '
'data involved in '
'the breach.'},
'incident_response_plan_activated': True,
'remediation_measures': ['identifying impacted individuals',
'determining scope of data involved']},
'threat_actor': 'Brain Cipher ransomware group',
'title': 'Baltimore Medical System Ransomware Attack and Data Breach',
'type': ['ransomware', 'data breach', 'data exfiltration']}