An electronic health record vendor has disclosed a ransomware attack that resulted in the loss of medical records for over 22,000 patients.
What happened
MDLand International Corporation, a provider of electronic medical records software, suffered a ransomware attack that encrypted parts of its network on May 1, 2025. The breach was discovered the following day when certain systems became inaccessible. The company immediately isolated its network and launched a forensic investigation with external cybersecurity experts.
The investigation determined that an unauthorized actor had encrypted a portion of MDLand’s systems and may have accessed a specific database containing patient information. While no conclusive evidence was found that the database was viewed or exfiltrated, unauthorized access could not be ruled out.
Going deeper
The affected data includes patient names, birth dates, gender, marital status, addresses, phone numbers, prescription data, and provider notes.
Any information entered between April 1 and May 1, 2025, was lost due to the ransomware encryption. MDLand was able to restore some of the data, but records created within that one-month window could not be recovered or recreated.
No client systems were compromised in the attack. Sensitive information such as Social Security numbers, financial account details, and health insurance data were not part of the impacted database.
The breach affected 22,586 individuals, and the company reported the incident to the U.S. Department of Health and Human Services’ Office for Civil Rights. At the time of disclosure, there was no evidence of data misuse. Affected individuals were offered one year of complimentary credit monitoring and identity theft protection services.
What was said
MDLand has not publicly commented beyond the notification letter and regulatory filings. The company has implemented additional security measures and is reviewing its internal protocols to strengthen future breach prevention and response efforts.
FAQs
What should patients do if their medical records were lost in the breach?
Patients should contact their provider to review the completeness of their medical records and, if needed, assist in reconstructing treatment notes from memory or related documentation.
How does credit monitoring help if the lost data didn’t include Social Security numbers?
While highly sensitive data like SSNs weren't involved, identity thieves can still misuse names, addresses, and prescription histories in phishing schemes or to access pharmacy services fraudulently.
Can providers legally reconstruct lost patient records after a breach?
Yes, providers are permitted to reconstruct records using any available documentation, such as printed notes or memory, though reconstructed records should be clearly documented as such.
What are the best practices for preventing this type of data loss in the future?
Frequent, encrypted backups stored off-network, combined with ransomware-specific response planning and network segmentation, are the main safeguards against permanent data loss.
Will this breach lead to enforcement action from regulators?
Not necessarily. The Office for Civil Rights may investigate, but outcomes often depend on whether the company followed HIPAA security requirements before and after the breach.
Farah Amod
%20(6).jpg)
