HQ/EMEAFind out how we can help your business
Frederick Health Medical Group, one of Maryland’s largest healthcare providers, allegedly was the subject of a ransomware attack in January. Based on reports, the cyberattack resulted in a data breach involving almost 1 million patients.
With nearly 4,000 employees and over 25 locations, Frederick Health stands as one of the most prominent employers in Frederick County.
In a notification to patients in late March, the health system reported that the ransomware attack was detected in January. This discovery has prompted it to alert law enforcement and employ an external security provider to assess the situation’s impact.
Specifically, the health system stated that it experienced a ransomware event on January 27, 2025, which affected its IT systems. The investigation revealed that an unauthorised individual accessed their network and copied specific files from a file share server on that date.
The statement added that it immediately disseminated letters to those whose information may have been compromised and for whom they possess sufficient contact information.
The Frederick Health data breach may have exposed various data.
Investigations show that the Frederick Health data breach could compromise various data types depending on the individuals affected.
The initial assessment uncovered that the attackers acquired a mix of sensitive personal details, including patient names, complete addresses, dates of birth, Social Security numbers, and driver’s license numbers.
Additionally, they extracted personal health information such as medical record numbers, health insurance details, and/or clinical data related to patients’ care.
Although Frederick Health did not disclose the exact number of individuals impacted by this data breach, the healthcare provider reported the incident to the United States Department of Health and Human Services on March 28.
HHS has since updated its list of reported breaches, confirming that the Frederick Health data breach has affected approximately 930,000 patients.
Despite labelling the incident a ransomware attack, no ransomware group has claimed credit for the breach, implying that Frederick Health may have met the attackers’ ransom demands.
As of now, the company has yet to reveal further comments about the incident, and inquiries are still pending.
