Maternal & Family Health Services, a Pennsylvania-based nonprofit health provider, has confirmed that nearly 500K people had their sensitive data accessed by cybercriminals.
MFHS announced last week that a ransomware attack had exposed the personal data of patients, employees, and vendors. The incident was discovered April 4th, but may have first occurred in August 21st of 2021.
When TechGround inquired, MFHS refused to disclose the number of people affected by the breach. The Maine attorney general’s office recently revealed that 461,070 individuals have been impacted, including 68 Mainers.
On Jan. 10, a letter was sent to affected residents notifying them that nine months prior, MFHS had been alerted of a ransomware incident. The attackers accessed personal information including names, addresses, date of birth and driver’s license numbers; Social Security numbers; usernames/passwords; health insurance and medical info; financial data and credit/debit card numbers.
The source of the ransomware attack on MFHS, whether a ransom was paid, and why the non-profit waited to disclose it remain unknown. On Wednesday, TechGround’s attempts to contact MFHS went unanswered; no major ransomware group has claimed responsibility yet.