Baltimore Medical System Data Breach Lawsuit Investigation

Shamis & Gentile P.A., one of the nation's premier class action law firms specializing in data breach cases, is investigating the Baltimore Medical System data breach.

If you were affected by the data breach, your sensitive personally identifiable information may have been exposed, and you may be eligible for compensation.

About Baltimore Medical System

Baltimore Medical System is the largest Federally Qualified Health Center in Maryland. Founded in 1984, it operates as an independent, community-based nonprofit organization and serves nearly 90,000 patients across Greater Baltimore.

BMS operates six health centers, four pharmacies and eight school-based health sites. The organization offers primary care, behavioral health, pharmacy services, substance use disorder treatment and school-based healthcare.

What happened?

In September 2025, Baltimore Medical System was targeted by a ransomware attack. The hacking group known as Brain Cipher claimed responsibility for the breach and announced on the dark web that they had published the organization’s data. The incident was posted on a Tor network site on Sept. 16, 2025.

Ransomware attacks on healthcare providers often target sensitive data, including personal and protected health information. The total number of impacted patients has not been released.

Possible Exposed Information

• Name
• Contact information
• Date of birth
• Social Security number
• Driver's license copy
• Health insurance information
• Medical records
• Payment information, including card number, CVV code and expiration date

Your rights and next steps

If you were a patient or had dealings with Baltimore Medical System, you have important rights and options. You may be entitled to seek compensation for any harm or inconvenience caused by this cybersecurity incident.

• Communication and credit monitoring services: Review and save any notification letters you receive. Enroll in free credit monitoring and identity protection services, if offered.
• Monitor your accounts carefully: Check your financial statements regularly for suspicious activity or unauthorized transactions. If you notice anything unusual, contact your financial institution immediately.
• Fraud alert and credit reports: A fraud alert informs creditors to take extra steps to verify your identity before opening new accounts in your name. Consumers are also entitled to one free credit report annually from each credit bureau. You can request a fraud alert or a credit report by contacting any one of the three major credit bureaus.
• Seek legal help: Lawyers are ready to help you understand your rights and pursue compensation.

Participating in a class action lawsuit may help recover losses and hold organizations accountable for failing to protect sensitive information.

You May Be Entitled to Compensation

If your information was exposed in the Baltimore Medical System data breach, you may have legal rights to compensation. Lawyers are investigating claims and are ready to assist.

To find out if you qualify, complete the form below to join the lawsuit and protect your rights.

Sources

• Baltimore Medical System
• Dark web