Marlboro-Chesterfield Pathology (MCP) a North Carolina lab was hit by a ransomware attack. MCP discovered unauthorized activity on its internal IT systems around January 16, 2025. An investigation then revealed that hackers had successfully stolen some files from their network. MCP is a full-service anatomic pathology lab providing various important diagnostic services. This cyberattack resulted in many personal information records being stolen from the organization. The lab quickly began to assess the nature and scope of this serious security incident. They took prompt action to understand what data had been unfortunately compromised.
The compromised data includes sensitive personal information such as names and current addresses. Dates of birth medical treatment information and health insurance details were also exposed. The specific type of stolen information varies for each affected individual in this breach. MCP officially informed the U.S. Department of Health and Human Services (HHS) this week. They reported the incident impacted a total of 235,911 different individuals. A ransomware group which is named SafePay has now taken credit for this attack. SafePay also recently targeted the business services provider Conduent in a separate incident. MCP no longer appears listed on SafePay’s data leak website. This could possibly indicate that a ransom payment has been made by MCP.
Marlboro-Chesterfield Pathology conducted a thorough review of all potentially affected records and systems.
Upon becoming aware of this incident they promptly began taking important security steps. They worked to secure and fully restore all of the affected IT systems. MCP also immediately began an investigation to understand the incident’s scope and impact. They engaged third-party forensic specialists to assist them in investigating this entire event. Law enforcement agencies are also aware of this incident and MCP has cooperated. MCP stated they took steps to ensure the stolen data was deleted. New measures were implemented to further strengthen the overall security of their networks.
As a direct result of this data breach MCP began mailing notification letters.
These letters were sent to all individuals who were impacted by this security incident. Based on the breach notice sent to California residents MCP is providing assistance. Affected individuals are receiving a list of their specific sensitive information impacted. Additionally complimentary credit monitoring services are being offered to all affected individuals. MCP recommends that people remain vigilant by reviewing their account statements very closely. Monitoring credit reports for any unauthorized activity is also strongly advised by the lab. The notice includes resources and details on placing fraud alerts or security freezes.
Reference:
