BayMark Health Services, a major addiction treatment provider, has reported a ransomware attack that potentially exposed sensitive patient information. The incident affected multiple treatment facilities across their network.
On October 11, 2024, BayMark Health Services discovered a ransomware attack that disrupted their IT systems. The investigation revealed that between September 24 and October 14, 2024, an unauthorized party accessed their network and stole sensitive patient information. The compromised data includes names, dates of birth, driver’s license numbers, Social Security numbers, insurance information, diagnostic and treatment details, and the names of treating providers.
BayMark released a notice of a data breach, stating, “We remain committed to protecting the confidentiality and security of patient information, and apologize for the concern this may cause.”
Additionally, “We take this matter very seriously. To help prevent something like this from happening again, we have implemented additional safeguards and technical security measures to further protect and monitor our systems."
The RansomHub ransomware group claimed responsibility for the attack on BayMark Health Services, stating that they had stolen approximately 1.5 terabytes of sensitive data. Despite the ransom demand, BayMark refused to pay, maintaining a stance against funding cybercriminal activities. As a consequence, RansomHub published the stolen data on their dark web leak site, exposing patient information and potentially damaging BayMark's reputation.
A data breach occurs when sensitive, protected, or confidential information is accessed or stolen without authorization. These incidents expose private data to unauthorized parties, potentially leading to identity theft and privacy violations, particularly dangerous in healthcare settings where patient information is involved.
Read more: What is a data breach?
A ransomware attack occurs when cybercriminals encrypt an organization's data and systems, demanding payment for restoration. Modern attacks often include threats to publish stolen data if payment isn't made, creating additional pressure on organizations to comply with demands.
Go deeper: Anatomy of a ransomware attack - Paubox SECURE Conference
Organizations should immediately isolate affected systems, notify law enforcement and cybersecurity experts, and assess compromised data. Quick response, documentation, and communication with affected parties are crucial while working to restore systems and prevent future attacks.