More than 460,000 patients, employees, and vendors had their data compromised following a ransomware attack against Pennsylvania-based nonprofit health provider Maternal & Family Health Services, according to TechCrunch.
Such a ransomware attack was initially disclosed by MFHS only last week even after being aware of the incident since April and noting that compromise may have begun as early as August 2021, with a newly released Maine Attorney General's Office notification stating that 461,070 individuals have been impacted.
Data breach notification letters sent by MFHS to affected individuals detailed that sensitive data including names, birthdates, addresses, Social Security numbers, driver's license numbers, usernames and passwords, health insurance and medical details, and credit and debit card numbers have been accessed by still unknown attackers.
MFHS has not confirmed whether it paid any demanded ransoms, as well as disclosed the reason why it put off an earlier disclosure of the cyber incident.
No ransomware operation has also admitted to being behind the attack.
