Pennsylvania-based nonprofit Maternal and Family Health Services this week revealed a ransomware attack in April 2022 that compromised patient medical and financial data.
Threat actors targeted the organization, which supports a network of health and nutrition centers in 17 Pennsylvania counties, on April 4, 2022, but only began notifying customers and vendors in January 2023.
After the incident, MFHS says it immediately engaged a third-party forensic incident response firm to secure its systems and conduct investigations to determine the extent of the compromise.
A spokesperson for MFHS was not immediately available to provide additional information.
The investigation found that unauthorized access to MFHS systems occurred sometime between Aug. 21, 2021, and April 4, 2022. Personal information accessed in the breach includes names, addresses, birthdates, Social Security and driver’s license numbers, financial account/payment card information, usernames and passwords, medical information and/or health insurance information.