March of Dimes

The Washington State Office of the Attorney General disclosed that March of Dimes suffered a ransomware attack on February 7, 2020, compromising the personal data of 446,097 individuals. The breach was detected months later, on July 16, 2020. The exposed information included highly sensitive details such as full names, dates of birth, medical records, and other unspecified personal data. The attack posed severe risks to affected individuals, given the nature of the leaked data particularly medical information, which could enable identity theft, fraud, or targeted phishing schemes. The delayed discovery of the breach further exacerbated potential harm, as malicious actors had prolonged access to the compromised systems. The incident underscored vulnerabilities in the organization’s cybersecurity defenses, leading to significant reputational damage and potential legal repercussions under data protection regulations. As a nonprofit focused on maternal and infant health, the breach eroded public trust and raised concerns about the security of sensitive health-related data handled by charitable organizations. The financial and operational costs of mitigation, notification, and regulatory compliance added to the overall impact of the attack.

Source: https://www.atg.wa.gov/data-breach-notifications | https://data.wa.gov/resource/sb4j-ca4h.json?id=10233

TPRM report: https://www.rankiteo.com/company/march-of-dimes

"id": "mar012091825",
"linkid": "march-of-dimes",
"type": "Ransomware",
"date": "2/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'customers_affected': '446,097',
                        'industry': 'healthcare',
                        'location': 'United States',
                        'name': 'March of Dimes',
                        'type': 'non-profit organization'}],
 'data_breach': {'number_of_records_exposed': '446,097',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'high',
                 'type_of_data_compromised': ['names',
                                              'full dates of birth',
                                              'medical information',
                                              'other unspecified data']},
 'date_detected': '2020-07-16',
 'description': 'The Washington State Office of the Attorney General reported '
                'that March of Dimes experienced a cybersecurity breach on '
                'February 7, 2020, due to a ransomware attack, affecting '
                '446,097 individuals. The breach was discovered on July 16, '
                '2020, with types of compromised information including names, '
                'full dates of birth, medical information, and other '
                'unspecified data.',
 'impact': {'data_compromised': ['names',
                                 'full dates of birth',
                                 'medical information',
                                 'other unspecified data'],
            'identity_theft_risk': 'high'},
 'references': [{'source': 'Washington State Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Washington State '
                                                        'Office of the '
                                                        'Attorney General']},
 'title': 'March of Dimes Ransomware Attack (2020)',
 'type': 'ransomware'}

March of Dimes

Rumpke: Rumpke settles lawsuit over employee data stolen in cyberattack

deVixor: New Android Banking Malware ‘DeVixor’ Adds Ransomware Capabilities

Kyowon Group: South Korea's Kyowon Group finds data-breach signs, reports to privacy regulator