Baltimore Medical System Data Breach Exposes Sensitive PII and PHI

Baltimore Medical System, the largest Federally Qualified Health Center (FQHC) in Maryland, experienced a major cyberattack.

On Sept. 16, 2025, the organization was listed as a victim of the Brain Cipher ransomware group on the dark web. According to the threat actor’s posting, sensitive data belonging to the organization was exfiltrated and published on the group’s Tor-based leak site.

This type of data breach often exposes both personally identifiable information (PII) and protected health information (PHI). Compromised information may include names, contact information, dates of birth, Social Security numbers, driver's license copies or state identification numbers, health insurance information, medical information including diagnosis/treatment information, lab results, medications, payment information, and financial account information.

The total number of affected individuals has not been released but is believed to include several thousand patients. This type of cybersecurity incident increases the risk of identity theft, fraud, and other malicious uses of the leaked information.

The institution has posted a notice of the incident on its website. The U.S. Department of Health and Human Services also released a disclosure of the incident.

Baltimore Medical System's response

Baltimore Medical System is working to identify all impacted individuals and the scope of data involved in the data breach.

Those who may be affected by this breach should remain vigilant for signs of identity theft or fraud. It is recommended to:

• Carefully review any notice or communication you receive from IMDataCenter or a company that does business with IMDataCenter.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.