Frederick Health Medical Group is under significant legal pressure following a ransomware attack that compromised the personal data of over 900,000 patients. Announced in January 2025 and detailed in a March 28th notice, the breach involved the theft of sensitive information including names, Social Security numbers, health insurance details, and clinical care information.

The healthcare group has since offered affected individuals complimentary credit monitoring. However, the ransomware group behind the attack remains unidentified, and it is unclear whether a ransom was paid.

In the wake of the breach, at least five class action lawsuits have now been filed, alleging that Frederick Health Medical Group failed to implement reasonable cybersecurity protections and provided insufficient transparency in their breach notifications. Plaintiffs argue that the healthcare provider’s negligence exposed them to ongoing risks of identity theft and financial harm. These lawsuits seek jury trials, legal fees, and both compensatory and punitive damages.

This event underscores the critical need for robust cybersecurity in healthcare, where the stakes for protecting patient trust and personal information a Read more about this story on our LinkedIn page