Central Jersey Medical Center (CJMC), a Federally Qualified Health Center (FQHC) serving communities in New Jersey since 2001, suffered a ransomware attack on August 25, 2025, orchestrated by the Sinobi ransomware group. The breach targeted CJMC’s dental servers’ network, leading to unauthorized access and encryption of files containing highly sensitive patient data. The stolen information, later posted on the dark web on October 10, 2025, included names, dates of birth, Social Security numbers, addresses, health insurance details, dental records, diagnoses, treatment histories, and billing information.The exposure of such data poses severe risks, including identity theft, insurance fraud, and long-term financial harm to affected individuals. CJMC issued a public notice and began notifying victims via mail, urging them to enroll in credit monitoring and legal recourse. The breach’s scale affecting personal, financial, and medical records underscores its critical impact on patient privacy and trust in the healthcare provider. Legal firms are actively investigating claims for compensation, highlighting the breach’s destructive potential for both individuals and the organization’s reputation.
Source: https://www.claimdepot.com/investigations/centrastate-medical-center-data-breach-2025
Central Jersey Medical Center cybersecurity rating report: https://www.rankiteo.com/company/centraljerseymedicalcenter
"id": "cen1903019110825",
"linkid": "centraljerseymedicalcenter",
"type": "Ransomware",
"date": "6/2001",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'healthcare',
'location': ['Perth Amboy, New Jersey (main site)',
'Carteret, New Jersey',
'Newark, New Jersey (school-based health '
'centers)'],
'name': 'Central Jersey Medical Center (CJMC)',
'type': 'Federally Qualified Health Center (FQHC)'}],
'attack_vector': 'network intrusion (dental servers)',
'customer_advisories': ['Review and save notification letters.',
'Enroll in credit monitoring services.',
'Monitor accounts for fraud.',
'Consider fraud alerts or credit freezes.',
'Seek legal help for compensation eligibility.'],
'data_breach': {'data_encryption': 'yes (ransomware encryption)',
'data_exfiltration': 'yes (posted on dark web on 2025-10-10)',
'file_types_exposed': ['patient records',
'dental records',
'billing files'],
'personally_identifiable_information': ['name',
'date of birth',
'address',
'telephone number',
'email address',
'race or ethnicity',
'Social Security '
'number',
'health insurance '
'information'],
'sensitivity_of_data': 'high (includes SSN, health records, '
'insurance info)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'protected health information '
'(PHI)']},
'date_detected': '2025-08-25',
'description': 'Central Jersey Medical Center (CJMC), a Federally Qualified '
'Health Center (FQHC), suffered a ransomware attack on Aug. '
'25, 2025, targeting its dental servers’ network. The Sinobi '
'ransomware group encrypted files containing sensitive patient '
'data, which was later posted on the dark web on Oct. 10, '
'2025. Exposed data includes names, Social Security numbers, '
'health insurance information, dental records, and other '
'personally identifiable information (PII). CJMC is notifying '
'affected individuals and offering credit monitoring services. '
'Legal investigations are underway for potential compensation '
'claims.',
'impact': {'brand_reputation_impact': 'potential damage (ongoing '
'investigation)',
'data_compromised': ['name',
'date of birth',
'address',
'telephone number',
'email address',
'race or ethnicity',
'Social Security number',
'dental record number',
'health insurance information',
'dental diagnoses',
'treatment history',
'billing information'],
'identity_theft_risk': 'high (PII and health data exposed)',
'legal_liabilities': 'potential lawsuits for compensation (e.g., '
'reimbursement for out-of-pocket expenses, '
'emotional distress)',
'payment_information_risk': 'moderate (billing information '
'exposed)',
'systems_affected': ['dental servers’ network']},
'initial_access_broker': {'data_sold_on_dark_web': 'yes (posted on '
'2025-10-10)',
'high_value_targets': ['dental servers’ network',
'patient data']},
'investigation_status': 'ongoing (legal investigation by Shamis & Gentile '
'P.A.)',
'motivation': 'financial (ransomware)',
'ransomware': {'data_encryption': 'yes',
'data_exfiltration': 'yes',
'ransomware_strain': 'Sinobi'},
'recommendations': ['Enroll in free credit monitoring and identity protection '
'services if offered.',
'Monitor financial statements for suspicious activity.',
'Place a fraud alert on credit reports.',
'Request free annual credit reports from major bureaus.',
'Seek legal counsel for potential compensation claims.'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'}],
'regulatory_compliance': {'legal_actions': 'potential class-action lawsuits '
'(investigation by Shamis & '
'Gentile P.A.)'},
'response': {'communication_strategy': ['website notice',
'mail notifications to affected '
'individuals',
'credit monitoring services offered'],
'incident_response_plan_activated': 'yes (data security incident '
'notice published)'},
'stakeholder_advisories': ['Data security incident notice on CJMC website',
'Mail notifications to affected individuals'],
'threat_actor': 'Sinobi ransomware group',
'title': 'Central Jersey Medical Center Ransomware Attack and Data Breach',
'type': ['ransomware', 'data breach']}