Med Atlantic Data Breach Exposes Social Security Numbers & Health Information

Med Atlantic, Inc., known locally in Richmond as Virginia Urology, recently experienced a data breach involving sensitive personal and health information. On Nov. 10, 2025, the company discovered a network compromise that allowed an unauthorized individual to access certain internal systems.

The breach was traced to a ransomware attack attributed to the group MS13-089, which publicly claimed responsibility on a dark web forum on Dec. 15, 2025. The attackers reportedly obtained data from Virginia Urology’s systems and threatened to release it unless their demands were met.

‍

The compromised data included personally identifiable information (PII) such as full names, dates of birth and Social Security numbers, as well as protected health information (PHI) from medical records. For some individuals, employment information processed by human resources was also potentially exposed.

The incident affected a small number of individuals in Massachusetts (two residents) and New Hampshire (one resident), but the nature of the information involved makes the breach particularly serious.

The company reported the breach to the Massachusetts Attorney General and the New Hampshire Attorney General on Jan. 7, 2026. Virginia Urology also posted a public notice on its website.

Virginia Urology's response

In response to the breach, Virginia Urology secured its network, stopped the unauthorized access and engaged cybersecurity experts to conduct a thorough forensic investigation. The company notified law enforcement and the U.S. Department of Health and Human Services’ Office for Civil Rights.

To help protect affected individuals, Virginia Urology has partnered with Epiq Privacy Solutions ID to offer complimentary identity monitoring services for 24 months. This includes credit monitoring, credit reports at signup, identity restoration and identity theft insurance. Affected individuals have been mailed enrollment instructions and can sign up for these services online. The company has also provided detailed guidance on placing fraud alerts, requesting credit freezes and obtaining an IRS Identity Protection PIN to prevent tax-related identity theft.

Given that the breach was the result of a ransomware attack by a known cybercriminal group, those affected are strongly encouraged to take advantage of the free credit monitoring and remain vigilant for signs of identity theft. Monitoring financial accounts, reviewing credit reports and reporting any suspicious activity to authorities are critical steps.