MDLand International Corporation, an electronic medical record vendor, suffered a ransomware attack that enabled the attacker to encrypt some files in its computer systems. The vendor detected the ransomware attack on May 2, 2025 after noticing that some systems were inaccessible. It took immediate action to secure its network, and started a forensic investigation with the help of third-party cybersecurity experts.
The forensic investigation report revealed that an unidentified actor encrypted some of MDLand’s systems on May 1, 2025, and possibly acquired access to patient data kept in one particular database on its system. The attacker did not breach its clients’ networks or systems. There was no proof suggesting data access or exfiltration in the affected database during the attack, though it cannot be guaranteed that no unauthorized data access or theft occurred.
The attacker encrypted certain data files and made them inaccessible. Some of the affected data can be restored, while other records are not recoverable despite MDLand’s efforts. The affected records were associated with records between April 1, 2025 and May 1, 2025. Data entered into the patients’ medical records in that period were lost, such as patient names, treatment plan data, and providers’ notes concerning patients.
The affected database consists of these information: name, birth date, address, telephone number, gender, marital status, and prescription details. The unauthorized access did not affect financial account details, health benefits data, and Social Security numbers.
In compliance with HIPAA Breach notification laws, MDLand International reported the data breach to the HHS’ Office for Civil Rights indicating that 22,586 individuals were affected. The vendor also implemented extra security measures and reviewed security guidelines and procedures to determine any areas that need enhancement. At the period of sending breach notifications, there was no proof of patient data misuse identified; nevertheless, as a safety measure, the impacted individuals were provided free credit monitoring and identity theft protection services for 12 months.
Image credit: Karthick, AdobeStock.com
