Marlboro-Chesterfield Pathology, P.C., a pathology laboratory based in Pinehurst, North Carolina, has disclosed a data breach affecting the sensitive personal and protected health information (PHI) of 235,911 individuals. The incident involved unauthorized access to its internal IT systems and data exfiltration attributed to the "SAFEPAY" ransomware group.
What happened
On or around January 16, 2025, Marlboro-Chesterfield Pathology detected unauthorized activity on certain internal IT systems. A subsequent investigation, conducted with the assistance of third-party forensic specialists, determined that an unauthorized party had gained access to their systems and acquired certain records. Law enforcement was informed and has cooperated with the investigation, which did not delay notification. The extensive review of impacted data concluded on March 31, 2025.
Going deeper
Marlboro-Chesterfield Pathology officially reported the breach to the HHS OCR on May 9, 2025, confirming 235,911 individuals were affected. The compromised information varies by individual but may include:
- Full names
- Addresses
- Dates of birth
- Medical treatment information
- Health insurance information (such as policy numbers)
The pathology practice has stated it has implemented measures to contain the unauthorized access and further strengthen network security. A dedicated call center has been established for affected individuals. The law firm Shamis & Gentile P.A. has announced an investigation into the data breach.
The intrigue
The SAFEPAY ransomware group has reportedly claimed responsibility for this attack. The group posted about the incident on the dark web on January 25, 2025, asserting they had obtained approximately 30 GB of sensitive data. Interestingly, the group also claimed to have later deleted the stolen data. Marlboro-Chesterfield Pathology's notice letter mentions they "took steps, to the best of our ability and knowledge, to ensure that the data taken by the unauthorized party was deleted."
Why it matters
This breach is significant due to the large number of individuals impacted and the sensitive nature of the combined PII and PHI. The exposure of medical treatment details and health insurance policy numbers, alongside personal identifiers, puts affected individuals at risk of identity theft, medical fraud, and targeted phishing scams.
What they're saying
In a notice signed by Dr. Dell Dembosky, M.D., Marlboro-Chesterfield Pathology stated, "We take the privacy of your information very seriously." They further added, "As of this writing, we have not received any reports of identity theft related to this incident."
Shamis & Gentile P.A., investigating the breach, emphasized that affected individuals' sensitive PII may have been exposed, and they may be eligible for compensation.
Looking ahead
Affected individuals are strongly advised to review the "Additional Resources" section provided with their notification letter, which includes recommendations from the Federal Trade Commission regarding identity theft protection and details on placing fraud alerts or security freezes on credit files. Monitoring account statements and credit reports for unauthorized activity is crucial.
FAQs
What is a ransomware attack?
A type of malicious software that encrypts a victim's files or entire computer systems, making them inaccessible. Attackers then demand a ransom payment, often in cryptocurrency, in exchange for the decryption key.
What is PII and PHI?
PII stands for personally identifiable information, which is any data that could potentially identify a specific individual (e.g., name, address, date of birth). PHI stands for protected health information, which is PII that is combined with health or medical information (e.g., diagnosis, treatment, insurance details) and is protected under HIPAA.
What should individuals affected by the Marlboro-Chesterfield Pathology breach do?
Affected individuals should carefully review their notification letter, monitor their credit reports and financial statements for any suspicious activity, and consider placing a fraud alert or security freeze on their credit files with the three major credit bureaus (Equifax, Experian, TransUnion). They can also contact the dedicated call center with questions.
