Maternal & Family Health Services, a non-profit healthcare organization based in Pennsylvania, has confirmed that cybercriminals have accessed the sensitive data of nearly half a million people.
MFHS revealed last week that it was hit by ransomware that exposed the personal data of current and former patients, employees and vendors. The healthcare giant said it became aware of the incident on April 4, 2022, but acknowledged that it may have been first compromised as far back as August 21, 2021.
When asked by TechCrunch at the time, MFHS declined to confirm the number of individuals affected. A person is affected by a breach.
In a letter MFHS sent to affected residents on January 10 — more than nine months after the organization was first alerted to the ransomware incident — MFHS said the attackers had provided names, addresses, It said it accessed sensitive data such as dates of birth, driver’s license numbers, and social security numbers. Usernames and passwords, health insurance and medical information, and financial information. According to the notification, the attackers also obtained credit and debit card numbers.
It remains unclear who was behind the ransomware attack, whether MFHS paid the ransom demand, or why the nonprofit didn’t go public with the incident sooner. MFHS did not immediately respond to his TechCrunch question on Wednesday. Also, it seems that no major ransomware group has yet claimed responsibility for this incident.
