Frederick Health Recovering from Ransomware Attack
Frederick Health in Maryland is investigating a ransomware attack, Holdrege Memorial Homes in Nebraska has mailed notification letters to individuals affected by a 2023 data breach, and Square Medical Group in Massachusetts has identified an email breach at an IT vendor.
Frederick Health Recovering from Ransomware Attack
Frederick Health Medical Group in Maryland announced on January 27, 2025, that it is currently dealing with a ransomware attack that forced it to take its systems offline. The attack is disrupting patient services due to the lack of access to IT systems, resulting in delays to certain services. Frederick Health has confirmed that all its facilities remain open with care provided using established backup and other downtime processes. Most appointments are continuing as scheduled.
Frederick Health is working with third-party cybersecurity experts to investigate the breach, determine the extent of unauthorized access, and bring its IT systems back online quickly and safely while prioritizing patient care. The primary focus is restoring its IT systems; however, the incident is being investigated to determine if the threat actor accessed or stole patient data. At this early stage of the investigation, it is too early to tell to what extent, if any, patient data has been compromised.
Update: Frederick Health Medical Group has confirmed that the protected health information of 934,326 individuals was stolen in the attack. Read more…
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Holdrege Memorial Homes Sends Notification Letters About 2023 Data Breach
Holdrege Memorial Homes, a Holdrege, NE-based assisted living/skilled nursing facility operator, has notified 1,446 residents and employees about a network security incident that occurred in the fall of 2023. The forensic investigation confirmed that a threat actor had access to its network from October 9, 2023, to November 27, 2023, and during that time, may have accessed or acquired sensitive employee and resident data. The forensic investigation and manual document review were completed on January 6, 2025, 15 months after its network was first breached. Notification letters have now been mailed to the affected individuals.
The information exposed and potentially stolen varied from individual to individual and may have included names in addition to one or more of the following: date of birth, Social Security number, medical treatment, procedure, and/or diagnosis information, medical record number, medical provider information, medical prescription information, Medicaid and/or Medicare number, dates of service, health insurance claim and/or policy information. Holdrege Memorial Homes said the incident has been reported to law enforcement and additional security measures have been implemented to prevent similar incidents in the future.
Square Medical Group Discovers Email Privacy Breach at IT Vendor
Square Medical Group, a Massachusetts-based behavioral health and substance use disorder treatment service provider, has announced a data security incident at an IT vendor. Square Medical Group learned on November 22, 2024, that the IT vendor sent an administrative email message to a group of recipients, where the email recipients had their email addresses added to the cc rather than the bcc field. The email contained general information related to invoice delivery.
The error was immediately identified, and a follow-up email was sent to all recipients warning them about the privacy breach, which was attributed to human error. The email error resulted in email recipients having their email addresses exposed to other recipients of the message. The IT vendor was instructed to counsel the employee responsible and provide further training for all staff members to prevent similar incidents in the future. The email breach was reported to the HHS’ Office for Civil Rights as affecting 2,363 individuals.
