Onsite Mammography, a Massachusetts-based medical services provider, has disclosed a data breach affecting over 350,000 individuals. The breach, which occurred in October 2024, was traced back to unauthorized access to an employee’s email account. Some of the emails in this compromised account contained both personally identifiable information (PII) and protected health information (PHI). Upon investigation, Onsite confirmed that data such as names, Social Security numbers, birth dates, and medical information were exposed.
The review of the compromised data concluded in February 2025, revealing a significant breach of sensitive information. Onsite assured affected individuals that the attacker only accessed the employee’s email account and not other systems within the network. This breach led to the compromise of a range of information, including credit card numbers, health conditions, and medical treatment details. Onsite Mammography has provided free credit monitoring and identity protection services to all impacted individuals for 12 months.
Despite the exposure of sensitive data, Onsite has stated there is no evidence suggesting that the stolen information will be misused.
The company has taken precautionary steps by notifying the Maine Attorney General’s Office about the breach and working to mitigate its impact. It emphasized that the breach was limited to the email account and did not affect other critical systems within their infrastructure.
Onsite Mammography, which provides nationwide breast health and imaging services under its Onsite Women’s Health brand, has yet to reveal specific details about how the breach occurred or whether it involved any extortion attempts. The company is continuing its investigation into the incident and has been in communication with the affected individuals. Security experts are awaiting more information to understand the full scope of the breach.
Reference: