Ft Wayne Medical Education Program Data Breach Affects 29k People: SSNs Exposed

On Dec. 17, 2024, Fort Wayne Medical Education Program (FWMEP) discovered suspicious activity within its network, leading to the uncovering of a significant data breach. According to the official disclosure to the Maine Attorney General, an unauthorized actor accessed or acquired data from FWMEP’s systems between Dec. 12 and Dec. 17, 2024.

The ransomware group INC RANSOM claimed responsibility for the attack, stating on their dark web portal that they obtained 66 GB of the organization’s data and provided sample screenshots as evidence.

The breach affected a reported 29,485 individuals in the United States, including three in Maine, 16 in Massachusetts and two in New Hampshire. The cybersecurity incident was also disclosed to the New Hampshire Attorney General on Oct. 3, 2025, the Vermont Attorney General's office on Oct. 6, 2025 and the Massachusetts Attorney General on Oct. 7, 2025.

The compromised information varied by individual and included both personally identifiable information (PII) and protected health information (PHI). According to the Notice of Data Privacy Incident posted on FWMEP’s website, the exposed data included first and last names, Social Security numbers, driver’s license or state ID numbers, passport numbers, government ID numbers, dates of birth, medical histories, health insurance information, and medical billing details such as bank account numbers and payment or credit card numbers (excluding CVC codes).

The incident’s severity is underscored by the breadth of sensitive data involved and the nature of the ransomware attack. INC RANSOM’s public claim and the posting of data samples on the Tor network further heighten concerns about potential misuse of the stolen information.

Fort Wayne Medical Education Program's response

Upon discovering the breach, FWMEP immediately secured its systems and took parts of its network offline to prevent further unauthorized access. The organization engaged cybersecurity professionals to conduct a thorough investigation and notified federal law enforcement and the Department of Health and Human Services, Office for Civil Rights. FWMEP performed a detailed review of the compromised data to identify affected individuals.

On Oct. 2, 2025, FWMEP began notifying impacted individuals in writing. Those whose Social Security numbers were involved are being offered complimentary credit monitoring and identity protection services through Haystack and IDX, with enrollment instructions provided in the notification letters. A dedicated assistance line (1-833-809-4990) has been established for questions or concerns.

Given the ransomware nature of the attack and the exposure of both PII and PHI, affected individuals are strongly encouraged to:

• Remain vigilant by monitoring credit reports, financial account statements, and explanation of benefits forms for suspicious activity
• Take advantage of the free credit monitoring and identity protection services offered
• Consider placing fraud alerts or credit freezes on credit files with the major bureaus
• Report any signs of identity theft to the Federal Trade Commission, law enforcement, and state attorneys general

FWMEP is also reviewing and updating its existing security policies and protections to guard against future threats.