Marlboro-Chesterfield data breach impacts 235,000 patients

Last updated: 23 May 2025
Hospital hacking
Image by Cybernews.

Marlboro-Chesterfield Pathology (MCP), a full-service anatomic pathology laboratory, has suffered a data breach, which resulted in threat actors stealing sensitive patient records.

MCP wrote in a breach notification that on or around January 16th, 2025, the pathology lab experienced unauthorized activity within its IT systems.

The lab investigated, employing third-party specialists, and found that threat actors had accessed its systems, stealing sensitive records.

ADVERTISEMENT

In a filing to the US Department of Health and Human Services (HHS), the institution said that over 235,000 individuals had been affected by the breach.

Hacker attacker surrounded people
Image by Cybernews.

The information stolen by hackers includes:

  • Names
  • Addresses
  • Dates of birth
  • Medical treatment information
  • Health insurance information, such as policy numbers

Health information is extremely valuable in the cybercrime world, as it usually doesn’t tend to change over time.

This kind of sensitive information could be used by threat actors to launch highly personalized and sophisticated attacks. Furthermore, cybercriminals can use it to profile patients and commit various forms of fraud, from identity theft to phishing attacks.

Threat actors searching for huge unsecured databases could use this information to open new credit accounts, make unauthorized purchases in your name, or obtain loans under false pretenses.

“As of this writing, we have not received any reports of identity theft related to this incident,” MCP assured affected individuals.

ADVERTISEMENT
Hackers, malware
Image by Cybernews.

The laboratory said that it “promptly began taking steps to secure and restore all affected systems,” suggesting that some of their systems were rendered unusable.

While MCP didn’t explicitly state what kind of attack was launched on their systems, all signs point to ransomware.

The ransomware group, SafePay, supposedly claimed the attack on MCP in late January, according to Security Week.

The cybersecurity news outlet said that MCP is no longer listed on the ransomware gangs leak site, suggesting that a ransom may have been paid.

Share
Post
Share
Share
Share
More from Cybernews
Google may drop its latest devices at the end of this summer
Modern misogyny: AI advises women to seek lower salaries than men
Meta AI leak gave access to AI prompts and answers from other users
TikTok, AliExpress, and WeChat violate EU privacy laws, data protection group claims
Three-person IVF helps prevent inherited diseases, scientists say
China-linked hackers ramp up attacks on Taiwan’s chip industry, researchers report
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked