Frederick Health Medical Group, one of Frederick County’s largest employers with nearly 4,000 staff and over 25 locations, experienced a ransomware incident on January 27, 2025, when an unauthorized actor infiltrated its IT network and copied files from a shared server. The attack prompted immediate notification to law enforcement and the engagement of a third-party forensic firm to investigate and contain the breach. Investigators determined that the adversaries exfiltrated sensitive personal and protected health information for 934,326 patients, including names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical record identifiers, health insurance details, and clinical care data. Frederick Health began mailing breach notifications in late March and filed a report with the U.S. Department of Health and Human Services on March 28, 2025. Although no ransomware group has publicly claimed responsibility, the lack of public extortion demands suggests a ransom payment may have been made. Beyond privacy concerns, the incident caused operational disruptions as systems were taken offline for remediation, underscoring the critical cybersecurity challenges faced by healthcare providers and the potential long-term risks to patient trust, identity security, and data integrity.
"id": "fre740042525",
"linkid": "frederick-health",
"type": "Ransomware",
"date": "4/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"