Data of 460,000 People Exposed in MFHS Ransomware Attack

The healthcare giant said it was made aware of the incident on April 4, 2022, but we are only now learning about the scale of the attack...


Pennsylvania-based nonprofit health provider Maternal & Family Health Services (MFHS) has confirmed hackers managed to access the sensitive data of close to half a million people.

According to MFHS, the ransomware exposed the personal data of current and former patients, as well as employees and vendors. The healthcare giant said it was made aware of the incident on April 4, 2022, but admitted that might have been initially compromised as far back as August 21, 2021.

However, at the time of the incident – MFHS declined to confirm how many individuals were affected. Thanks to the notification from the Maine attorney general’s office, we know that 461,070 people, including 68 Maine residents, are affected by the breach.

In a letter sent to affected residents on January 10, which is more than nine months after the organization was first alerted to the incident, MFHS said that attackers accessed sensitive data — including names, addresses, date of birth, driver’s license numbers, Social Security numbers, usernames and passwords, health insurance and medical information, and financial information. Moreover, the attackers took credit and debit card numbers.

It is unclear who was behind the ransomware attack, if MFHS paid a ransom demand and why they didn’t disclose the incident sooner. At the time of this writing, no ransomware group has claimed responsibility for the incident.