Marlboro-Chesterfield Pathology breach affected over 235,000 patients

North Carolina-based Marlboro-Chesterfield Pathology said a data security incident it suffered earlier this year compromised the sensitive personal information of more than 235,000 patients.

 

Established in 1990, Marlboro-Chesterfield Pathology is a full-service anatomic pathology laboratory specialising in gastrointestinal pathology, cytopathology, dermatopathology, urologic pathology, and surgical pathology.

 

In a data security incident notice published on its website, MCP said that on January 16, it identified suspicious activity within its internal network. The pathology center immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

MCP also took steps to contain the incident, secured the affected systems and notified relevant law enforcement authorities about the same.

 

“Based on our subsequent investigation, we determined that an unauthorised party accessed our systems and acquired certain records from our systems,” MCP said.

 

The compromised data included names, addresses, dates of birth, medical treatment information, and health insurance information, such as policy numbers. The incident was reported to the U.S. Department of Health and Human Services Office for Civil Rights where MCP said it has identified at least 235,911 individuals impacted by the incident.

 

While MCP found no evidence of the compromised information being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

 

In January, the SafePay ransomware group claimed responsibility for the cyber attack on MCP and listed it as a victim on its data leak site. However, neither the group nor the pathology center revealed any details on whether a ransom was paid.