Frederick Health Data Breach Affects 934,326 Individuals

On January 27, 2025, Frederick Health was the victim of a ransomware attack that directly impacted its IT systems and exposed sensitive patient data. The breach affected a staggering 934,326 individuals, making it one of the largest healthcare data incidents reported so far this year.

According to official disclosures, an unauthorized individual gained access to Frederick Health’s network and copied files from a file share server. This incident did not involve the Electronic Medical Record system, but the compromised files included a wide range of both personally identifiable information (PII) and protected health information (PHI).

The exposed information varies by individual but may include patient names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, health insurance details, and clinical information related to patient care.

The breach was first reported to the U.S. Department of Health and Human Services on March 28, 2025, and further details can be found on the HHS Breach Portal.

The severity of this breach lies in the breadth and sensitivity of the information involved. With both PII and PHI at risk, affected individuals face the potential for identity theft, insurance fraud, and other forms of misuse. The attack was carried out by an unauthorized party who managed to bypass Frederick Health’s network security, highlighting the ongoing risks healthcare organizations face from sophisticated cyber threats.

Frederick Health's response

Following the discovery of the ransomware event, Frederick Health immediately implemented its incident response protocols. The organization secured its systems, notified law enforcement, and engaged a third-party forensic firm to investigate the extent of the breach. As a precaution, Frederick Health began sending notification letters to individuals whose information may have been involved, provided they had sufficient contact details.

To support those affected, Frederick Health is offering complimentary credit monitoring and identity theft protection services through IDX. Impacted individuals can enroll in these services by following instructions provided in their notification letters or by visiting the IDX enrollment page. Additionally, Frederick Health has set up a dedicated, toll-free call center at 1-877-780-7840, available Monday through Friday from 9:00 a.m. to 9:00 p.m. Eastern Time, to address questions and concerns.

Given the nature of the information exposed, it is recommended that affected individuals:

• Enroll in the offered credit monitoring and identity theft protection services as soon as possible.
• Monitor financial accounts, insurance statements, and credit reports for suspicious activity.
• Be cautious of unsolicited communications that request personal information or reference the breach.

For more details and ongoing updates, visit Frederick Health’s official notice page.

For more information about the organization and its services, visit the Frederick Health website.