Fraud Management & Cybercrime , Ransomware

Women's Health Clinic Suffers Breach in Ransomware Attack

Pennsylvania Nonprofit Says Patient Medical, Financial Data Breached in 2022 Attack
Women's Health Clinic Suffers Breach in Ransomware Attack
Image: Shutterstock

Pennsylvania-based nonprofit Maternal and Family Health Services this week revealed a ransomware attack in April 2022 that compromised patient medical and financial data.

See Also: Live Webinar | Navigating the Difficulties of Patching OT

Threat actors targeted the organization, which supports a network of health and nutrition centers in 17 Pennsylvania counties, on April 4, 2022, but only began notifying customers and vendors in January 2023.

After the incident, MFHS says it immediately engaged a third-party forensic incident response firm to secure its systems and conduct investigations to determine the extent of the compromise.

A spokesperson for MFHS was not immediately available to provide additional information.

Investigation Details

The investigation found that unauthorized access to MFHS systems occurred sometime between Aug. 21, 2021, and April 4, 2022. Personal information accessed in the breach includes names, addresses, birthdates, Social Security and driver's license numbers, financial account/payment card information, usernames and passwords, medical information and/or health insurance information.

"MFHS does not have evidence that any personal information has been misused as a result of this incident," the company said. "MFHS began notifying via U.S. mail potentially affected individuals, including certain current and former employees, patients and vendors, on January 3, 2023."

These letters notify customers of the breach and provide protective measures, such as implementing fraud alerts and security freezes.

The firm is also offering complimentary credit monitoring and identity theft protection services to individuals whose Social Security number or financial account/payment card information may have been involved in the incident.

"At this time, we are not aware of anyone experiencing fraud as a result of this incident. We encourage you to remain vigilant, monitor your accounts and immediately report any suspicious activity or suspected misuse of your personal information," the statement says.


About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair is assistant editor for Information Security Media Group's global news desk. He has previously worked at TechCircle, IDG, Times Group and other publications where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.