Cyber Incident Victim: MJH Life Sciences

On August 11, 2022, MJH Life Sciences confirmed a cybersecurity incident by filing a breach notification with the Massachusetts Attorney General’s office. The Cranbury, New Jersey-based healthcare media company discovered it had been targeted in a cyberattack that compromised its network infrastructure. Upon detecting unauthorized access, MJH immediately initiated containment protocols by securing affected systems and engaged external cybersecurity specialists to conduct forensic analysis. The company concurrently notified law enforcement agencies about the intrusion. Investigators determined that an unauthorized actor had gained access to sensitive consumer data stored within MJH's network, though the specific intrusion vector and duration of unauthorized access remained undisclosed. The forensic review process involved comprehensive examination of compromised files to identify both the scope of exposed information and the individuals impacted. While MJH did not publicly specify the exact data types accessed, the statutory reporting obligation to Massachusetts authorities indicated potential exposure of Social Security numbers, protected health information, or financial account details. Completion of the file review triggered MJH's notification protocol, with data breach letters dispatched to affected consumers on August 11, 2022 – coinciding with the regulatory filing date. The company maintained operational continuity throughout the incident response but provided no details regarding system restoration timelines or specific security enhancements implemented post-breach.

The breach impacted MJH Life Sciences, a specialized media organization serving healthcare professionals through publications covering oncology, primary care, specialty medicine, pharmacy, and industry sciences. With over 115 employees and approximately $23 million in annual revenue, the company manages substantial volumes of practitioner-related data. The compromised information's sensitivity triggered breach notification requirements under Massachusetts law, though MJH's public communications omitted specifics regarding the number of affected individuals or particular datasets involved. No evidence suggested operational disruption to MJH's publishing activities during or after the incident. The company's response adhered to standard post-breach protocols including system containment, third-party investigation, law enforcement coordination, and consumer notifications. Massachusetts breach reporting guidelines imply the incident involved state residents' personal information meeting statutory thresholds for mandatory disclosure, but MJH did not confirm whether non-resident data was similarly affected. The cybersecurity firm's investigation confirmed data accessibility to unauthorized parties but yielded no public findings regarding attacker identity, motive, or data exploitation evidence. MJH concluded its consumer notification process on the same date as its regulatory filing, completing the incident's public disclosure phase without additional follow-up statements regarding long-term mitigation strategies or breach-related financial impacts.