- Frederick Health Medical Group was struck with ransomware in late January 2025
- It concluded its investigation and says almost a million people lost sensitive data
- The data includes names, SSNs, health insurance information, and more
We now know how many people are affected by a recent ransomware attack on Frederick Health Medical Group – almost a million.
The healthcare provider reported the new figures to the US Department of Health and Human Services (HHS), noting how on January 27, 2025, it experienced a “ransomware event” on its IT systems.
The information taken varies from person to person, Frederick Health Medical Group added, and while in the notice it does not discuss the number of affected individuals, it did share a figure with the US HHS – 934,326 individuals.
Second increase
The subsequent investigation determined that the threat actors managed to steal certain files from a file share server.
These files included patient names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, health insurance information, and/or clinical information related to patient care.
So far, no threat actors have assumed responsibility for the attack, and the data has not yet surfaced on the dark web, possibly suggesting Frederick Health actually paid the ransom demand.
The organization has roughly 4,000 employees and more than 25 locations. To mitigate the risk of the attack, it also offered all affected individuals free credit monitoring and identity theft protection services through IDX.
Healthcare organizations are a prime target for ransomware operators, given the sensitivity of the data they operate with. In April 2025 alone, we’ve had stories of a cybersecurity CEO who tried to install malware on hospital computers, attacks on Yale Health and DaVita, and the data leak at Logezy.
Furthermore, Blue Shield of California also recently disclosed a data breach that exposed sensitive data of 4.7 million members.
Via BleepingComputer
