Rhysida ransomware gang claims MedStar Health, steals 3.7TB of patient data
Learn More
MedStar Health, the largest healthcare provider in Maryland and the Washington, D.C. region, reports a data breach claimed by the Rhysida ransomware group.
The attack resulted in the theft of approximately 3.7 terabytes of patient information, affecting an undisclosed number of individuals.
The incident occurred between September 12 and September 16, 2025. The breach was discovered on October 4, 2025. The investigation, confirmed on November 12, 2025, that the stolen files contained protected patient information.
The compromised data includes:
- Names
- Dates of birth
- Social Security numbers
- Driver's license numbers
- Diagnoses
- Medications
- Test results
- Medical images
- Health insurance information
- Treatment information
The Rhysida ransomware group publicly claimed responsibility for the attack on their dark web leak site on October 4, 2025, advertising the stolen data for sale at a price of 25 bitcoin. According to the gang's posting, they exfiltrated over 1.8 million files containing "over 7 million pieces of patients' personal data," including SQL databases, diagnoses, pharmaceuticals, and other medical records.
When the ransom demand were not met, Rhysida uploaded all files to public access with the message "data hunters, enjoy".
The number of affected individuals is not disclosed. The organization began mailing notification letters to affected patients on December 3, 2025. MedStar Health has offered complimentary identity monitoring services to patients whose Social Security numbers or driver's license numbers were potentially compromised.
