What happened to Marlboro-Chesterfield Pathology and how many patients were affected?

Marlboro-Chesterfield Pathology, P.C. (MCP), an anatomic pathology laboratory based in Pinehurst, North Carolina, suffered a ransomware attack that compromised sensitive personal and medical information belonging to 235,911 patients.

When was the MCP ransomware attack discovered?

MCP discovered unauthorized activity on some internal IT systems on January 16, 2025. An investigation revealed that hackers had stolen files and disrupted the laboratory's internal IT systems.

Which ransomware group was responsible for the MCP attack?

The SafePay ransomware group claimed responsibility for the attack on Marlboro-Chesterfield Pathology in a darkweb post on January 25, 2025, nine days after the attack was discovered.

What types of patient information were exposed in the MCP breach?

The exposed data includes names, addresses, dates of birth, medical treatment information, and health insurance information including policy numbers of the affected patients.

Did MCP report the ransomware attack to authorities?

Yes, MCP informed the US Department of Health and Human Services (HHS) that the incident impacted 235,911 individuals, as required for healthcare data breaches affecting 500 or more individuals.

When were patients notified about the MCP data breach?

MCP began sending individual notification letters to affected patients around May 23, 2025, approximately four months after the attack was discovered. The company stated it took steps to ensure that the stolen data was deleted.

What is Marlboro-Chesterfield Pathology and what services do they provide?

Marlboro-Chesterfield Pathology, P.C. (MCP) is an anatomic pathology laboratory based in Pinehurst, North Carolina, that provides medical testing and diagnostic services for patients, handling sensitive medical and personal information as part of their healthcare operations.

Incident

Marlboro-Chesterfield Pathology hit by SafePay ransomware, compromises 235K patients

Q: How much data was stolen in the MCP ransomware attack?

According to investigators, an outside actor gained access to and exfiltrated approximately 30 GB of sensitive data from Marlboro-Chesterfield Pathology's systems.

Q: Did Marlboro-Chesterfield Pathology pay the ransom?

While not officially confirmed, MCP no longer appears to be listed on SafePay's leak website, which could indicate that a ransom has been paid to prevent the public release of stolen patient data.

published: May 27, 2025

Learn More

Marlboro-Chesterfield Pathology, P.C. (MCP), an anatomic pathology laboratory based in Pinehurst, North Carolina, is reporting a ransomware attack that compromised sensitive personal and medical information belonging to 235,911 patients.

MCP discovered unauthorized activity on some internal IT systems on January 16, 2025, and an investigation revealed that the hackers had stolen some files. The attack disrupted the laboratory's internal IT systems. The SafePay ransomware group claimed responsibility for the attack on a darkweb post on January 25, 2025.

According to investigators, "an outside actor gained access to and exfiltrated approximately 30 GB of sensitive data." The exposed data includes:

Names
Addresses
Dates of birth
Medical treatment information
Health insurance information (including policy numbers)

MCP informed the US Department of Health and Human Services (HHS) that the incident impacted 235,911 individuals.

MCP no longer appears to be listed on SafePay's leak website, which could indicate that a ransom has been paid. MCP stated that it took "steps, to the best of our ability and knowledge, to ensure that the data taken by the unauthorized party was deleted."

MCP began sending individual notification letters to affected patients around May 23, 2025.

Marlboro-Chesterfield Pathology hit by SafePay ransomware, compromises 235K patients

Read More
Akumin radiology delays diagnostic and clinical ops due …
Tampa Bay zoo targeted in ransomware cyberattack
Air Canada reports data breach, exposed employee data
OnePoint patient care reports data breach
Bloom Hearing hit by ransomware, exposes sensitive data …