Maternal & Family Health Services Data Breach

On or around January 10, 2023, Maternal & Family Health Services announced that a cybersecurity breach left its servers susceptible to attack. Around April 4 2022, the company learned that a ransomware incident exposed sensitive and private information. An unknown actor was able to access the company’s health organization information, potentially leaving patient data vulnerable and 460,000 individuals at risk.

Maternal & Family Health Services (MFHS) is a Pennsylvania based non-profit organization that administers health and human services to women, children, and families throughout Northeastern Pennsylvania. In early April, MFHS learned of a ransomware incident targeting its servers, but has not elaborated on this discovery. MFHS immediately engaged in an investigation, uncovering that an unauthorized actor had gain access to its systems between August 21, 2021 and April 4, 2022., but MFHS did not start notifying health organizations until January 2023. Patients remained unaware for significant period of time before hearing news of the data breach. This could have potentially left many individuals affected by fraud unaware of a likely reason.

Patient information such as names, addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account/payment card information, usernames and passwords, medical information and/or health insurance information and potentially much more has been exposed.

If you received a letter from Maternal & Family Health Services indicating that your information was involved in a data breach, fill out the this form to participate in Shub Law’s investigation.