Hacker gang claims breach of Baltimore Medical System, leaks patient data

Baltimore Medical System, a federally funded health provider serving tens of thousands of patients in Maryland, has been listed as a victim by the Brain Cipher ransomware group, which claims to have stolen several terabytes of sensitive data. The disclosure appeared on the gang’s dark web blog, a platform it uses to showcase organizations that it says have been breached.

The attackers published portions of the stolen data online, suggesting that Baltimore Medical System, known as BMS, either declined to pay a ransom or was unable to meet the group’s demands. Cybernews researchers who reviewed the leak found data samples exceeding 800 gigabytes in size. File names and structures indicated that multiple BMS servers had been compromised, likely exposing user information, system backups, and databases.

BMS, the largest Federally Qualified Health Center in Maryland, operates community health centers that provide care primarily to underserved populations. The nonprofit serves roughly 90,000 patients annually through its facilities and outreach programs. The organization has been contacted for comment on the incident.

Experts warn that the nature of the stolen data poses significant risks. Medical and biometric information cannot be changed like passwords or credit card numbers, leaving victims permanently exposed. If attackers gained access to patient histories, they could attempt identity theft, commit insurance fraud, or even use sensitive medical details as leverage for blackmail.

Brain Cipher, the group claiming responsibility, surfaced in mid-2024 and has quickly gained attention for targeting high-profile organizations, including global consultancy Deloitte. The gang has attacked multiple critical industries and government entities, often employing multi-layered extortion tactics. Its ransomware payloads are believed to derive from the LockBit strain, one of the most notorious malware families in circulation.

Cybernews’ dark web monitoring tool Ransomlooker reports that Brain Cipher has already listed more than 30 organizations as victims since its emergence. Security analysts note that its tactics align with a broader trend of cybercriminal groups exploiting healthcare networks, which often have limited resources to defend against advanced ransomware attacks.