25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Anne Arundel County Department of Health Confirms February Ransomware Attack

Posted By on May 21, 2025

The Anne Arundel County Department of Health in Maryland has confirmed that health data was compromised in a February ransomware attack, and a phishing attack on Salus Group has exposed the PHI of 40,000 individuals.

Anne Arundel County Department of Health, Maryland

The Anne Arundel County Department of Health in Maryland has shared further information on a February 2025 cyberattack that forced government buildings in the county to temporarily close. Government officials had previously announced that it was dealing with “an ongoing cyber incident of external origin impacting public services”, and that officials were working around the clock to get critical services back online as quickly as possible.

County officials have provided an update, confirming that they first became aware of the security incident on February 22, 2025, and launched an investigation to determine the nature and scope of the unauthorized computer activity, with assistance provided by third-party cybersecurity professionals, law enforcement partners, and state agencies. It has now been confirmed that this was a ransomware attack, and that its network was accessed by unauthorized individuals between January 28, 2025, and February 22, 2025.

During that time, a limited subset of the county’s network was accessed, and files were copied from its network. Some of those files contained the protected health information of individuals who received treatment and related services at the Department of Health. It is currently unclear which threat actor was behind the ransomware attack.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

In the May 15, 2025, website breach notice, county officials said they are not yet able to confirm how many individuals have been affected or the specific types of information involved for each individual, but said the information likely compromised includes full names, addresses, and medical diagnoses and conditions. Financial information does not appear to have been involved.  The county will mail notification letters to the affected individuals when the file review is concluded, and privacy and security safeguards will be updated to enhance existing protections. The breach was reported the the HHS’ Office for Civil Rights on May 15, 2025, using a placeholder figure of 500 affected individuals. The total will be updated when the data review is concluded.

Benefits Partner, LLC (Salus Group)

Benefits Partner, LLC, an independent insurance agency doing business as Salus Group, has notified 40,177 individuals about a security incident identified in October 2024. Salus Group was provided with information by or on behalf of an individual’s current or former employer and/or insurance carrier in connection with the services it provides. That information was contained in an employee’s email account that was accessed by an unauthorized third party for a short period on October 9, 2024. It was not possible to determine which emails in the account had been accessed or if they had been copied, so all individuals whose information was potentially compromised have been notified.

The review of emails and attachments was completed in late February 2025, and Salus Group notified the affected plan sponsors, employers, and insurance carriers on or around March 27, 2025. The types of information involved varied from individual to individual and may have included names, dates of birth, Social Security numbers, drivers’ license numbers, financial account information, health insurance information, and/or clinical/treatment information. Notification letters are now being mailed to the affected individuals. Salus Group is unaware of any misuse of the affected information; however, complimentary credit monitoring and identity theft protection services have been offered to the affected individuals as a precaution.

Additional email security measures are being implemented to prevent similar incidents in the future, and further training has been provided to employees on how to identify and avoid phishing and other malicious emails.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist