Onsite Mammography data breach exposes data of 357K individuals
Learn More
Onsite Mammography, a healthcare provider based in Westfield, Massachusetts, is reporting a significant data breach affecting 357,265 individuals. The healthcare organization, which operates under the brand name Onsite Women's Health, provides in-office breast health and imaging services nationwide, including 3D mammography, automated Whole-Breast Ultrasound, and risk assessment services.
The breach occurred on October 2, 2024 and involved unauthorized access to an employee's email account through a phishing attack.
The breach was reported by Jason Cherry, a partner at Constangy, Brooks, Smith & Prophete LLP, who serves as Onsite Mammography's legal representative. Onsite Mammography secured the account and engaged cybersecurity experts and forensic investigators to determine the scope and impact of the unauthorized access.
The investigation, which concluded in February 2025, revealed that the unauthorized actor had access to the email account for "a brief window of time" and did not penetrate any other systems within Onsite's network. Emails within the compromised account contained sensitive information related to patients. The compromised data includes:
- Names
- Social Security numbers
- Dates of birth
- Driver's license numbers
- Credit card numbers
- Medical information, including:
- Mental and physical health conditions
- Details about received care
Onsite Mammography has notifyied law enforcement, is sending written notifications to all affected individuals and is offering 12 months of complimentary credit monitoring and identity protection services.
