On January 27, 2025, Frederick Health Medical Group detected a ransomware attack on its IT systems. The health system immediately alerted law enforcement and retained a third-party forensic firm to assess the breach. Investigators confirmed that an unauthorized actor accessed their network and copied files from a shared server on the same day.
Personal and Health Information Compromised
Depending on each individual, the breach exposed a mix of:
- Patient names, addresses, dates of birth
- Social Security and driver’s license numbers
- Medical record numbers and health insurance details
- Clinical information related to patient care
In late March, Frederick Health began mailing letters to affected individuals for whom they had valid contact information. On March 28, 2025, the provider reported the incident to the U.S. Department of Health and Human Services. HHS’s breach portal now lists 934,326 patients impacted by the event.
Other Healthcare Breaches
Earlier this week, Blue Shield of California disclosed a data leak that exposed protected health information of 4.7 million members to Google Analytics and ad platforms. Yale New Haven Health also warned that attackers stole personal data belonging to 5.5 million patients in a separate cyberattack this month.
