In this episode, we take a deep dive into the recent Marlboro-Chesterfield Pathology (MCP) ransomware attack—one of the most significant healthcare breaches of 2025. On January 16th, MCP detected unauthorized activity on its internal systems. Just days later, the SAFEPAY ransomware group claimed responsibility, posting stolen data—over 30GB of sensitive information affecting 235,911 individuals—on the dark web.
We examine what data was exposed, the organization’s response, and the broader implications for cybersecurity in the healthcare sector. From PII and PHI leakage to the potential legal fallout and reputational damage, this breach underscores persistent vulnerabilities in outdated infrastructure, third-party integrations, and underfunded security protocols.
We also explore the critical role of the Cybersecurity and Infrastructure Security Agency (CISA), how organizations can adopt “secure by design” principles, and what proactive steps healthcare providers can take to protect their patients and operations. Was a ransom paid? What lessons can other providers learn from this breach? Tune in to find out.
