Cyber Incident Victim: Northeastern Rural Health Services

Maternal & Family Health Services (MFHS) discovered a ransomware incident on April 4, 2022, prompting immediate engagement of third-party forensic investigators to secure systems and assess unauthorized activity. Forensic analysis determined unauthorized actors accessed MFHS systems between August 21, 2021, and April 4, 2022, with potential compromise of sensitive personal information. Exposed data included names, addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account/payment card details, usernames/passwords, medical records, and health insurance information. The investigation found no evidence of actual misuse of compromised data. MFHS confirmed the incident affected certain current and former employees, patients, and vendors, though specific counts of affected individuals or internal systems were not disclosed.

MFHS initiated mailed notifications to potentially impacted parties on January 3, 2023—over nine months after detecting the breach—detailing the incident timeline and types of exposed data. The organization offered complimentary credit monitoring and identity theft protection to individuals whose Social Security numbers or financial data were involved. A dedicated call center ((833) 896-7339) operated weekdays from 9:00 AM to 9:00 PM Eastern Time to address inquiries. MFHS emphasized ongoing system security enhancements but provided no technical specifics regarding containment measures or ransomware variant identification. No operational disruptions or financial demands related to the ransomware event were reported, and law enforcement did not delay breach notifications. The organization reiterated its commitment to safeguarding personal information while acknowledging potential inconveniences caused by the incident.