The incident may have compromised patient’s and employee’s Social Security numbers, driver's license numbers, and financial information between August 21, 2021, and April 4, 2022.
On January 5, 2023, Maternal & Family Health Services (MFHS) — a private non-profit that serves women, children, and families of Northeastern Pennsylvania — announced the organization was a target of a ransomware attack that may have exposed sensitive data to an unauthorized individual.
In a statement, MFHS said they were made aware of the cybersecurity incident on April 4, 2022, and immediately called in third-party forensic teams to assist in securing the organization’s systems.
Results of an investigation revealed that hackers may have accessed the personal information of current and former employees, patients, and vendors between August 21, 2021, and April 4, 2022.
Sensitive data included, but may not be limited to, names, addresses, date of birth, driver’s license numbers, Social Security numbers, financial account/payment card information, usernames and passwords, health insurance information, and medical information.
However, MFHS reports no evidence that any compromised personal information was misused due to the attack.
The organization began sending letters on January 3, 2023 via U.S. mail to individuals who the data breach may have impacted — almost nine months after first becoming aware of the attack. The letter relayed information about the incident and steps individuals can take to protect their personal data.
These steps include monitoring personal accounts through credit reporting bureaus like Equifax, Experian, or TransUnion and placing fraud alerts on accounts if necessary. MFHS also recommends that individuals contact the Federal Trade Commission or their state Attorney General to learn more about protecting personal information, identity theft, or filing a complaint.
In addition, the non-profit created a phone hotline for people with questions concerning the ransomware attack. Call center agents are available at (833) 896-7339, Monday through Friday, from 9:00 am –9:00 pm Eastern Time.
In a news release, Maria Montoro Edwards, Ph.D., President & CEO of MFHS, said, “Maternal & Family Health Services takes the protection of our patients' and employees' personal information seriously. We understand the inconvenience or concern this incident may cause and are committed to strengthening our systems' security to prevent this kind of incident from happening again.”
MFHS serves the health and nutrition needs of over 90,000 women, men, and children annually in 17 Pennsylvania counties.