Ransomware cyber

Fort Wayne Medical Education Program (FWMEP)

Dec 12, 2024 3 min read
Fort Wayne Medical Education Program (FWMEP)

On December 17, 2024, FWMEP detected suspicious network activity, uncovering a ransomware attack by the INC RANSOM group. The breach, occurring between December 12–17, 2024, resulted in the theft of 66 GB of sensitive data, including PII (names, SSNs, driver’s licenses, passport numbers, dates of birth) and PHI (medical histories, health insurance details, billing data, and credit card numbers). The attack impacted 29,485 individuals, with the ransomware group publicly leaking sample data on the dark web. FWMEP took systems offline, engaged cybersecurity experts, and notified law enforcement and HHS. Affected individuals were offered credit monitoring and identity protection services. The breach posed severe risks of identity theft, financial fraud, and misuse of medical data, with long-term reputational and operational consequences for the organization.

Source: https://www.claimdepot.com/data-breach/fort-wayne-medical-education-program-2025

TPRM report: https://www.rankiteo.com/company/parkview-health

"id": "par2992529100425",
"linkid": "parkview-health",
"type": "Ransomware",
"date": "12/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': '29,485 individuals (including 3 '
                                              'in Maine)',
                        'industry': 'Healthcare',
                        'location': 'Fort Wayne, Indiana, USA',
                        'name': 'Fort Wayne Medical Education Program (FWMEP)',
                        'type': 'Healthcare Education Program'}],
 'customer_advisories': ['Remain vigilant for suspicious activity',
                         'Use offered credit monitoring/identity protection '
                         'services',
                         'Consider fraud alerts/credit freezes',
                         'Report identity theft to authorities'],
 'data_breach': {'data_exfiltration': 'Yes (66 GB of data claimed by INC '
                                      'RANSOM, samples posted on dark web)',
                 'number_of_records_exposed': '29,485',
                 'personally_identifiable_information': 'Yes (extensive PII '
                                                        'and PHI)',
                 'sensitivity_of_data': 'High (PII and PHI)',
                 'type_of_data_compromised': ['First and last names',
                                              'Social Security numbers',
                                              'Driver’s license/state ID '
                                              'numbers',
                                              'Passport numbers',
                                              'Government ID numbers',
                                              'Dates of birth',
                                              'Medical histories',
                                              'Health insurance information',
                                              'Medical billing details (bank '
                                              'account numbers, payment/credit '
                                              'card numbers excluding CVC '
                                              'codes)']},
 'date_detected': '2024-12-17',
 'description': 'On Dec. 17, 2024, Fort Wayne Medical Education Program '
                '(FWMEP) discovered suspicious activity within its network, '
                'leading to the uncovering of a significant data breach. The '
                'ransomware group INC RANSOM claimed responsibility, stating '
                'they obtained 66 GB of the organization’s data, including PII '
                'and PHI of 29,485 individuals. The breach involved exposure '
                'of names, Social Security numbers, driver’s license/state ID '
                'numbers, passport numbers, government ID numbers, dates of '
                'birth, medical histories, health insurance information, and '
                'financial details like bank account and payment/credit card '
                'numbers (excluding CVC codes).',
 'impact': {'brand_reputation_impact': 'High (due to exposure of sensitive '
                                       'health and financial data, public '
                                       'claim by ransomware group, and dark '
                                       'web data samples)',
            'data_compromised': ['Personally Identifiable Information (PII)',
                                 'Protected Health Information (PHI)'],
            'downtime': 'Partial network taken offline (Dec. 17, 2024 onwards)',
            'identity_theft_risk': 'High (SSNs, driver’s license numbers, '
                                   'financial details exposed)',
            'legal_liabilities': 'Potential (HIPAA violations, state AG '
                                 'notifications, and individual lawsuits)',
            'operational_impact': 'Systems secured and parts of network taken '
                                  'offline to prevent further unauthorized '
                                  'access',
            'payment_information_risk': 'High (bank account numbers, '
                                        'payment/credit card numbers exposed)'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Yes (samples posted by '
                                                    'INC RANSOM)',
                           'high_value_targets': ['PII',
                                                  'PHI',
                                                  'Financial data']},
 'investigation_status': 'Ongoing (as of Oct. 2, 2025, notifications began; '
                         'full investigation likely completed but details not '
                         'publicly shared)',
 'motivation': ['Financial Gain', 'Data Theft'],
 'post_incident_analysis': {'corrective_actions': ['Reviewing and updating '
                                                   'security policies and '
                                                   'protections']},
 'ransomware': {'data_exfiltration': 'Yes (66 GB claimed)',
                'ransomware_strain': 'INC RANSOM'},
 'recommendations': ['Monitor credit reports, financial statements, and '
                     'explanation of benefits for suspicious activity',
                     'Enroll in free credit monitoring and identity protection '
                     'services (Haystack and IDX)',
                     'Place fraud alerts or credit freezes with major credit '
                     'bureaus',
                     'Report identity theft to the Federal Trade Commission, '
                     'law enforcement, and state attorneys general',
                     'Review and update security policies and protections to '
                     'prevent future threats'],
 'references': [{'source': 'Fort Wayne Medical Education Program (FWMEP) '
                           'Notice of Data Privacy Incident'},
                {'source': 'Maine Attorney General Data Breach Notification'},
                {'source': 'INC RANSOM dark web portal claim'}],
 'regulatory_compliance': {'regulations_violated': ['Likely HIPAA (Health '
                                                    'Insurance Portability and '
                                                    'Accountability Act)'],
                           'regulatory_notifications': ['Maine Attorney '
                                                        'General',
                                                        'HHS Office for Civil '
                                                        'Rights',
                                                        'Federal law '
                                                        'enforcement']},
 'response': {'communication_strategy': ['Written notifications to affected '
                                         'individuals',
                                         'Dedicated assistance line '
                                         '(1-833-809-4990)',
                                         'Public Notice of Data Privacy '
                                         'Incident on FWMEP website'],
              'containment_measures': ['Secured systems',
                                       'Took parts of network offline'],
              'enhanced_monitoring': 'Likely (as part of reviewing and '
                                     'updating security policies)',
              'incident_response_plan_activated': 'Yes',
              'law_enforcement_notified': 'Yes (federal law enforcement and '
                                          'HHS Office for Civil Rights)',
              'recovery_measures': ['Notification of impacted individuals '
                                    '(begun Oct. 2, 2025)',
                                    'Offered credit monitoring and identity '
                                    'protection services (Haystack and IDX)'],
              'remediation_measures': ['Detailed review of compromised data',
                                       'Identification of affected '
                                       'individuals'],
              'third_party_assistance': 'Cybersecurity professionals engaged '
                                        'for investigation'},
 'stakeholder_advisories': ['Written notifications to affected individuals',
                            'Public notice on FWMEP website',
                            'Dedicated assistance line'],
 'threat_actor': 'INC RANSOM',
 'title': 'Fort Wayne Medical Education Program (FWMEP) Ransomware and Data '
          'Breach',
 'type': ['Data Breach', 'Ransomware Attack']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.