Frederick Health data breach affected close to 1 million people

Maryland-based Frederick Health Medical Group said the data security incident it suffered earlier this year compromised the sensitive personal information of close to 1 million individuals.

 

Headquartered in Frederick County, Maryland, Frederick Health provides a wide range of healthcare services, including primary and specialty care, emergency services, surgical care, oncology, and more. It operates multiple facilities, including Frederick Health Hospital, outpatient clinics, and specialty centres in and around the Maryland area.

 

In a data security incident notice posted on its website, Frederick Health said that on January 27, it was a victim of a ransomware attack that involved threat actors infiltrating its internal network and encrypting certain systems and files. The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the scope of the incident.

 

Also, as a precaution, the healthcare provider took its systems offline to contain the incident and notified relevant law enforcement authorities about the same.

 

“The investigation determined that an unauthorised person gained access to our network and, on January 27, 2025, copied certain files from a file share server,” Frederick Health said.

 

The compromised data included patient names, addresses, dates of birth, Social Security numbers, drivers’ license numbers, medical record numbers, health insurance information, and clinical information related to patients’ care. 

 

In a filing with the U.S. Department of Health and Human Services Office for Civil Rights, Frederick Health said it has identified at least 934,326 individuals who were impacted by the incident.

 

“We take this incident very seriously and deeply regret any inconvenience or concern this incident may have caused. To help prevent a similar incident from occurring in the future, we have implemented, and will continue to adopt, additional safeguards to further protect and monitor our systems,” the healthcare provider added.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on Frederick Health. The healthcare provider  also did not share details on who was behind the attack, how much data was compromised, or whether it has received a ransom demand.