Mainline Health and Select Medical Disclose Data Breaches Affecting Over 220,000 Individuals
Two significant healthcare data breaches have been reported by Mainline Health and Select Medical Holdings, collectively impacting more than 220,000 individuals across the United States. The incidents underscore persistent cyber risks facing the healthcare sector, with ransomware actors and third-party vendors once again at the center of the compromise.
Mainline Health Confirms Ransomware Breach Involving Over 101,000 Patients
Mainline Health Systems, a healthcare provider headquartered in Arkansas with more than 30 locations, confirmed that a network breach earlier this year resulted in the theft of sensitive personal data. The intrusion was initially detected in April 2024, but the organization only recently completed its investigation and determined that data had been exfiltrated during the breach.
According to a notification submitted to the Maine Attorney General’s Office, the breach affected approximately 101,000 individuals. The data types compromised have not been publicly detailed but are expected to include personally identifiable and health-related information.
The ransomware group Inc Ransom later claimed responsibility for the attack. In May 2024, the group published samples of the stolen data, further validating its involvement. Inc Ransom has a history of targeting U.S. healthcare entities and has been active throughout the past year.
Select Medical Impacted via Vendor Breach, Nearly 120,000 Records Exposed
Pennsylvania-based Select Medical Holdings, which operates long-term acute care hospitals, rehabilitation centers, and outpatient therapy clinics, disclosed a separate data breach involving nearly 120,000 individuals. However, in this case, the organization was not directly compromised by threat actors.
Instead, the exposure stems from a breach at its former debt collection vendor, Nationwide Recovery Services (NRS). Cybercriminals attacked NRS in a separate incident last year and stole data related to several of its healthcare clients. The fallout from that compromise has since spread, as multiple medical organizations have reported large-scale impacts as a result of NRS’s breach.
Select Medical confirmed that the attackers accessed data linked to its patients but did not offer further details on the nature of the compromised information. Unlike the Mainline Health incident, no known ransomware group has claimed responsibility for the NRS-related breach.
Healthcare Data Breaches Remain High-Impact Events
These two breaches add to the growing list of healthcare security incidents in 2024. With medical organizations frequently relying on third-party vendors and managing large volumes of sensitive records, the attack surface remains extensive.
While ransomware continues to be a primary threat vector, third-party exposures—like that involving NRS—can be just as damaging, especially when organizations entrust vendors with patient data.
