OB-GYN Associates Suffers Major Ransomware Attack Affecting 62,000 People

On Aug. 7, 2025, OB-GYN Associates detected a significant network security incident involving unauthorized access to its systems. The attack was later confirmed to be a ransomware incident attributed to the threat actor INC RANSOM, who publicly claimed responsibility on the dark web on Aug. 30, 2025.

According to disclosures filed with the Maine Attorney General, the breach resulted in the compromise of sensitive personal information of 62,238 individuals.

The types of information exposed include first and last names, Social Security numbers, driver’s license numbers, bank account numbers and routing numbers. This is all considered personally identifiable information (PII). The exposed data is highly sensitive and could be used for identity theft or financial fraud.

The severity of the breach is heightened by the nature of the attack, a ransomware event in which files were acquired by an unauthorized third party. The attackers not only accessed but also exfiltrated sensitive information, increasing the risk to affected current and former employees and patients.

OB-GYN Associates's response

Upon discovery of the incident, OB-GYN Associates immediately engaged third-party forensic specialists to investigate and secure their network. The company wiped and rebuilt affected systems, implemented stronger password requirements, and enabled multi-factor authentication to bolster security. They also notified the FBI and are cooperating with the ongoing investigation.

For those affected, OB-GYN Associates is offering 12 months of free credit monitoring, credit reports, and credit score services through Cyberscout, a TransUnion company. This includes proactive fraud assistance and identity theft recovery support. Impacted individuals are encouraged to enroll in these services within 90 days of receiving their notification letter. The company’s notification letters provide detailed instructions for enrollment and a dedicated helpline for questions.

Given the nature of the breach and the information involved, affected individuals should remain vigilant by regularly monitoring their credit reports and financial accounts for suspicious activity. It is also advisable to consider placing a security freeze or fraud alert on credit files. Additional information about these protective measures is included in the consumer notice and available from the major credit bureaus.