Cyber attack on Onsite Mammography impacted over 350,000 patients

Massachusetts-based Onsite Mammography said the data security incident it suffered last year compromised the sensitive personal information of more than 350,000 individuals.

 

Headquartered in Westfield, Massachusetts, Onsite Mammography provides in-office breast health and imaging services, including mammography, with a focus on making it more convenient and accessible for patients. 

 

In a data security incident notice, Onsite said that on October 4, it detected unusual activity in its internal network. The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“According to the investigation, an unauthorised actor gained access to the individual’s email account for a brief window of time. The investigation further revealed that the unauthorised actor only had access to the email account and did not have access to any other systems within Onsite’s network. 

 

“The data analytics vendor’s review concluded on February 21, 2025 and revealed that the compromised email contained specific health-related information about patients,” Onsite said.

 

The compromised data includes names and other personal identifiers including Social Security Numbers. The healthcare provider reported the incident to the Maine state regulator, stating that it identified at least 357,265 individuals who were impacted by the incident.

 

“In response to this incident, Onsite implemented additional security measures to further minimize the risk of a similar incident occurring in the future. Onsite also notified law enforcement and is reviewing its policies and procedures related to data protection,” the healthcare provider added.

 

While Onsite found no evidence of the compromise data being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

It has also offered one year of complimentary identity protection and credit monitoring services through Equifax to all affected individuals.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on Onsite. The healthcare provider also did not share details on who was behind the attack or whether it has received a ransom demand.