Cyber Incident Victim: Maternal & Family Health Services
Date:
Aug 2021
Location:
United States of America
Summary
Maternal & Family Health Services experienced a ransomware incident involving unauthorized access to its systems over several months, potentially exposing sensitive personal information of current and former employees, patients, and vendors. The compromised data included names, addresses, Social Security numbers, financial details, medical records, and health insurance information. The organization engaged forensic experts to secure systems and investigate the breach, finding no evidence of data misuse. Notifications were sent to potentially affected individuals, accompanied by offers of complimentary credit monitoring and identity theft protection services for those with exposed Social Security or financial data. A dedicated hotline was established to address inquiries related to the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Maternal & Family Health Services (MFHS) detected a ransomware incident on April 4, 2022, which involved unauthorized access to its systems between August 21, 2021, and April 4, 2022. The organization engaged third-party forensic incident response firms immediately upon discovery to secure systems and investigate the breach. Forensic analysis confirmed that an unauthorized individual potentially accessed sensitive personal information during this nearly eight-month period. The compromised data included names, addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account and payment card information, usernames and passwords, medical records, and health insurance details. The breach affected certain current and former employees, patients, and vendors associated with MFHS. No evidence of actual misuse of the exposed information was identified during the investigation. The attackers employed ransomware, though specific technical details about the malware variant or attack vector were not disclosed in public notifications. MFHS maintained operations throughout the investigation and remediation process while working to contain the incident.
MFHS initiated mailed notifications to potentially affected individuals on January 3, 2023 – approximately nine months after detecting the breach and completing forensic analysis. The notifications described the nature of the incident and offered complimentary credit monitoring and identity theft protection services to those whose Social Security numbers or financial information was potentially compromised. A dedicated call center ((833) 896-7339) became operational with representatives available during extended weekday hours to address inquiries. While no instances of fraud stemming from the breach had been reported at the time of notification, MFHS advised vigilance regarding account activity and provided guidance on obtaining free credit reports through AnnualCreditReport.com. The organization outlined legal rights concerning fraud alerts and credit freezes with the three major credit bureaus but did not implement these measures on behalf of affected individuals. Internal response efforts focused on strengthening system security to prevent recurrence, though specific technical or procedural changes were not detailed publicly. The incident exposed vulnerabilities in MFHS's cybersecurity defenses over an extended period prior to detection, resulting in potential compromise of highly sensitive personal and health information across multiple stakeholder groups.