MedStar Health Data Breach Exposes Sensitive PII and PHI

On Oct. 4, 2025, MedStar Health, the largest healthcare provider in Maryland and the Washington, D.C., region, discovered a significant cybersecurity incident affecting its systems. The cybersecurity breach exposed both personally identifiable information (PII) and protected health information (PHI) of current and former patients.

According to the company’s official data incident notice, an unauthorized party gained access to MedStar Health’s networks between Sept. 12 and Sept. 16, 2025. The breach was linked to a ransomware attack by the RHYSIDA group, which claimed responsibility on the dark web and threatened to publish stolen data within a week of the incident.

The files accessed during this period contained sensitive information, including patients’ names, dates of birth, Social Security numbers, and potentially other protected health information such as diagnoses, medications, test results, images, health insurance details and treatment information. The severity of the breach is heightened by the nature of the data involved and the fact that a well-known ransomware group was able to infiltrate MedStar Health’s systems, exfiltrate data, and attempt extortion.

MedStar Health began notifying affected patients by mail on Dec. 3, 2025. The company’s investigation, conducted with third-party forensic experts, confirmed the scope of the unauthorized access and the types of information involved. Law enforcement was also notified to assist with the response and investigation.

MedStar Health's response

In response to the incident, MedStar Health took immediate steps to secure its systems and launched a comprehensive investigation with assistance from cybersecurity experts. The company has continued to review and enhance its cybersecurity protections to help prevent future incidents. For those whose Social Security numbers or driver’s license numbers may have been involved, MedStar Health is offering complimentary identity monitoring services.

If you receive notification from Medstar Health or your provider about this breach, you may want to:

• Sign up for the free identity theft protection services, if offered by Medstar Health.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

To support affected individuals, MedStar Health has established a dedicated, toll-free call center at 855-403-1763, available Monday through Friday, 9 a.m. to 9 p.m. ET, except holidays.