Sensitive personal and health information exposed in ransomware attack. Victims may be eligible for compensation.

A class action lawsuit was recently filed against Frederick Health Medical Group, a major healthcare provider in Maryland, alleging negligence in its failure to properly protect patient information and comply with federal and industry cybersecurity standards.

What Happened?

According to information reported to the U.S. Department of Health and Human Services (HHS), Frederick Health experienced a ransomware attack on January 27, 2025. Upon discovering the incident, the healthcare provider engaged a third-party forensic firm and notified law enforcement.

The investigation revealed that an unauthorized party accessed Frederick Health’s IT systems and copied certain files from a file server on the same day. The stolen files contained sensitive personal and health information of nearly one million patients. Frederick Health began mailing breach notification letters to affected individuals on March 28, 2025.

Although the healthcare provider has described the incident as a ransomware event, no ransomware group has publicly claimed responsibility, leading to speculation that a ransom may have been paid.

What Information Was Stolen During the Breach?

According to breach notifications and disclosures, the stolen information may include:

• Names
• Dates of birth
• Addresses
• Social Security Numbers
• Medical record numbers
• Health insurance information
• Clinical information related to patient care

The breach impacted approximately 934,326 individuals, making it one of the largest healthcare data breaches reported in 2025.

What is Frederick Health Doing to Protect My Identity?

Frederick Health has stated that it has taken steps to secure its IT systems following the attack and has mailed notification letters to individuals whose information was compromised. However, specific details regarding any additional cybersecurity enhancements have not been revealed.

Frederick Health is offering complimentary credit monitoring services and identity theft protection services through IDX. Enrollment instructions and a unique code are provided in the notification letter.

What Can Hackers Do With My Information?

Stolen personal and medical information can be exploited by cybercriminals to commit identity theft, open fraudulent accounts, file false insurance claims, or engage in medical fraud. Once sensitive data is leaked, it may be sold on dark web marketplaces and used for years after the initial breach.

Victims of this breach face a heightened risk of identity theft, financial loss, and medical identity fraud. It is crucial that affected individuals closely monitor their financial accounts, health insurance statements, and credit reports for any unusual activity.

If you received a notification letter from Frederick Health, it is important to understand the serious risks associated with the exposure of your private information and to take immediate action.

Protect Your Identity. Join the Frederick Health Data Breach Class Action.

The lawsuit filed against Frederick Health allege that the organization violated its duties under common law and federal regulations by failing to implement adequate security measures, properly encrypt sensitive information, and timely notify affected patients.

If you received a notification letter, you may be eligible to join a class action lawsuit to recover damages for loss of privacy, out-of-pocket expenses, time spent mitigating identity theft risks, and more.

Please complete the form shown on this page and a data breach attorney will contact you. There is no cost to you.

Tags: cyber attack   data breach   Data Privacy   Identity Theft   personal health information   Personal Identifying Information   ransomware