• Home
  • cyber
  • Medstar Health Data Breach Lawsuit Investigation
cyber Ransomware

Medstar Health Data Breach Lawsuit Investigation

Dec 10, 2025 2 min read
Medstar Health Data Breach Lawsuit Investigation

MedStar Health Hit by RHYSIDA Ransomware Attack, Exposing Sensitive Patient Data

MedStar Health, the largest healthcare provider in Maryland and the Washington, D.C. region, disclosed a significant data breach involving the RHYSIDA ransomware group. The incident, detected on October 4, 2025, occurred between September 12 and 16, 2025, when unauthorized actors accessed systems containing patient information.

The nonprofit healthcare network—operating 10 hospitals, 300+ care locations, and employing 35,000+ staff, including 4,000 physicians—reported that exposed data included names, Social Security numbers, dates of birth, medical diagnoses, test results, insurance details, and treatment records. The RHYSIDA group claimed responsibility, threatening to leak the stolen data on the dark web.

MedStar Health secured its systems, engaged third-party forensic experts, and notified law enforcement. By November 12, 2025, the organization confirmed the breach’s scope and began mailing notifications to affected patients on December 3, 2025.

The incident underscores the growing threat of ransomware attacks on healthcare providers, where sensitive patient data remains a prime target for cybercriminals. MedStar Health, which serves over six million outpatient visits annually, is now facing potential legal action as affected individuals explore compensation for damages.

Source: https://www.claimdepot.com/investigations/medstar-health-data-breach-2025

MedStar Health cybersecurity rating report: https://www.rankiteo.com/company/medstar-health

"id": "MED1765390208",
"linkid": "medstar-health",
"type": "Ransomware",
"date": "10/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Patients whose data was exposed',
                        'industry': 'Healthcare',
                        'location': 'Columbia, Maryland, USA',
                        'name': 'Medstar Health',
                        'size': '35,000+ employees, 10 hospitals, 300+ care '
                                'locations',
                        'type': 'Healthcare Provider'}],
 'attack_vector': 'Unauthorized access',
 'customer_advisories': 'Notification letters mailed to affected patients on '
                        '2025-12-03',
 'data_breach': {'data_exfiltration': 'Yes (threatened to publish on dark web)',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (Personally Identifiable '
                                        'Information and Protected Health '
                                        'Information)',
                 'type_of_data_compromised': ['Names',
                                              'Dates of birth',
                                              'Social Security numbers',
                                              'Diagnoses',
                                              'Medications',
                                              'Test results',
                                              'Images',
                                              'Health insurance information',
                                              'Treatment information']},
 'date_detected': '2025-10-04',
 'date_publicly_disclosed': '2025-12-03',
 'description': 'Medstar Health discovered a cybersecurity incident where an '
                'outside party gained unauthorized access to its systems '
                'containing patient information. The breach was linked to the '
                'RHYSIDA ransomware group, which claimed responsibility and '
                'threatened to publish the stolen data on the dark web.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'data exposure',
            'data_compromised': 'Sensitive patient information',
            'identity_theft_risk': 'High',
            'legal_liabilities': 'Potential legal actions and compensation '
                                 'claims',
            'operational_impact': 'Secured systems and launched investigation',
            'systems_affected': 'Healthcare systems containing patient data'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Threatened'},
 'investigation_status': 'Ongoing',
 'motivation': 'Data exfiltration, Ransom demand',
 'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'RHYSIDA'},
 'recommendations': ['Sign up for free identity theft protection services if '
                     'offered',
                     'Monitor financial statements for suspicious activity',
                     'Place a fraud alert and request credit reports',
                     'Seek legal help to understand rights and pursue '
                     'compensation'],
 'references': [{'source': 'Shamis & Gentile P.A.'}],
 'regulatory_compliance': {'legal_actions': 'Potential lawsuits for '
                                            'compensation'},
 'response': {'communication_strategy': 'Mailed notification letters to '
                                        'affected patients',
              'containment_measures': 'Secured systems',
              'incident_response_plan_activated': 'Yes',
              'law_enforcement_notified': 'Yes',
              'third_party_assistance': 'Forensic experts'},
 'threat_actor': 'RHYSIDA ransomware group',
 'title': 'Medstar Health Data Breach Investigation',
 'type': 'Data Breach, Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.