Data Breach at Marlboro-Chesterfield Pathology Exposes Information of Over 235,000 Individuals

A ransomware incident at Marlboro-Chesterfield Pathology compromised personal and medical information of more than 235,000 individuals.

Sensitive health information leaked in January cyberattack

Threat actors hit Marlboro-Chesterfield Pathology (MCP) with a major data breach, compromising the personal information of more than 235,000 people.

The SafePay ransomware group reportedly launched the attack against the North Carolina-based diagnostic laboratory on Jan. 16.

Founded in 1990, MCP provides a broad range of laboratory services, including pathology and molecular diagnostics, in both South and North Carolina.

Critical data accessed despite swift response

Following the breach, MCP launched an internal investigation, enlisting third-party cybersecurity experts to contain the incident and assess its impact. Police were promptly informed and efforts were made to delete the exfiltrated data.

In a notification sent to affected individuals, the company confirmed that the attackers were able to steal personal records from its internal systems. The review of compromised data concluded March 31, and notifications have since been issued.

Various types of data stolen

During the attack, perpetrators stole a range of sensitive information, including names, dates of birth, home addresses, medical treatment details, and health insurance policy numbers, which varied by individual.

MCP has emphasized that no evidence found to date suggest that threat actors have used the stolen data for crimes such as fraud or identity theft.

Ongoing investigation

MCP has since reinforced its network security and is monitoring for suspicious activity.

The company also informed the US Department of Health and Human Services of the scale of the breach, which affected 235,911 people.

Although the SafePay threat group has not yet publicized the stolen data on its Dark Web leak site, affected individuals are advised to monitor for suspicious activity and freeze their credit if they detect any signs of potential fraud.

Being prepared for data breaches

While individuals can’t stop data breaches once they hand their data to a company, they can take steps to limit the damage in the event of a breach.

Tools like Bitdefender Digital Identity Protection provide a critical line of defense by tracking your digital footprint, alerting you to breaches and enabling you to respond swiftly to incidents involving your data.