Med Atlantic (Virginia Urology) Suffers Ransomware Attack, Exposing Sensitive Patient Data
Med Atlantic, Inc., operating as Virginia Urology in Richmond, disclosed a data breach stemming from a ransomware attack discovered on November 10, 2025. The incident, attributed to the cybercriminal group MS13-089, involved unauthorized access to internal systems, with the attackers publicly claiming responsibility on a dark web forum on December 15, 2025.
The compromised data included personally identifiable information (PII)—such as full names, dates of birth, and Social Security numbers—as well as protected health information (PHI) from medical records. In some cases, employment details processed by human resources were also exposed. While the breach impacted only two residents of Massachusetts and one in New Hampshire, the sensitivity of the data heightens the risk of identity theft and fraud.
Virginia Urology reported the breach to the Massachusetts and New Hampshire Attorneys General on January 7, 2026, and posted a public notice on its website. The company took immediate action to secure its network, halt unauthorized access, and engage cybersecurity experts for a forensic investigation. Law enforcement and the U.S. Department of Health and Human Services’ Office for Civil Rights were also notified.
To mitigate potential harm, Virginia Urology partnered with Epiq Privacy Solutions ID to offer 24 months of complimentary identity monitoring, including credit monitoring, identity restoration, and theft insurance. Affected individuals received enrollment instructions via mail, with additional guidance on fraud alerts, credit freezes, and IRS Identity Protection PINs to prevent tax-related fraud.
The breach underscores the persistent threat of ransomware attacks targeting healthcare providers, where even limited exposure of sensitive data can have severe consequences.
Source: https://www.claimdepot.com/data-breach/med-atlantic-dba-virginia-urology-2026
Virginia Urology cybersecurity rating report: https://www.rankiteo.com/company/virginia-urology
"id": "VIR1767994827",
"linkid": "virginia-urology",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Small number of individuals (2 '
'in Massachusetts, 1 in New '
'Hampshire)',
'industry': 'Healthcare',
'location': 'Richmond, Virginia, USA',
'name': 'Med Atlantic, Inc. (Virginia Urology)',
'type': 'Healthcare Provider'}],
'customer_advisories': 'Enrollment instructions for identity monitoring '
'services mailed to affected individuals; guidance on '
'fraud alerts, credit freezes, and IRS Identity '
'Protection PIN provided.',
'data_breach': {'data_exfiltration': 'Yes (threatened release by ransomware '
'group)',
'personally_identifiable_information': 'Full names, dates of '
'birth, Social '
'Security numbers',
'sensitivity_of_data': 'High (SSNs, medical records, '
'employment data)',
'type_of_data_compromised': ['Personally identifiable '
'information (PII)',
'Protected health information '
'(PHI)',
'Employment information']},
'date_detected': '2025-11-10',
'date_publicly_disclosed': '2025-12-15',
'description': 'Med Atlantic, Inc. (Virginia Urology) experienced a data '
'breach involving sensitive personal and health information '
'due to a ransomware attack by the group MS13-089. The breach '
'exposed personally identifiable information (PII) and '
'protected health information (PHI).',
'impact': {'brand_reputation_impact': 'Likely negative impact due to public '
'disclosure',
'data_compromised': 'Personally identifiable information (PII) and '
'protected health information (PHI)',
'identity_theft_risk': 'High (exposure of SSNs and PHI)',
'legal_liabilities': 'Potential regulatory fines and legal actions',
'systems_affected': 'Internal systems'},
'investigation_status': 'Ongoing (forensic investigation)',
'motivation': 'Financial gain (ransom demand)',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'MS13-089'},
'recommendations': 'Affected individuals should enroll in identity monitoring '
'services, place fraud alerts, request credit freezes, and '
'obtain an IRS Identity Protection PIN.',
'references': [{'source': 'Virginia Urology Public Notice'},
{'source': 'Dark Web Forum Post by MS13-089'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA (potential)'],
'regulatory_notifications': ['Massachusetts '
'Attorney General',
'New Hampshire '
'Attorney General',
'U.S. Department of '
'Health and Human '
'Services’ Office for '
'Civil Rights']},
'response': {'communication_strategy': 'Public notice on website, '
'notifications to affected individuals '
'and regulators',
'containment_measures': 'Secured network, stopped unauthorized '
'access',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes (local and federal authorities)',
'remediation_measures': 'Forensic investigation, identity '
'monitoring services',
'third_party_assistance': 'Cybersecurity experts, Epiq Privacy '
'Solutions ID'},
'threat_actor': 'MS13-089',
'title': 'Med Atlantic (Virginia Urology) Data Breach',
'type': 'Ransomware Attack'}