Hackers claim to have stolen several terabytes of sensitive data from Maryland’s largest community health network.
Baltimore Medical System (BMS), a Federally Qualified Health Center (FQHC) serving underserved communities in Maryland, has been listed as a victim on the data leak site of ransomware group Brain Cipher. The attackers allege they exfiltrated several terabytes of data, and Cybernews researchers confirmed that sample files posted online suggest full server dumps, including file system and database backups.
BMS has not yet commented publicly on the incident. The presence of the data on the group’s dark website suggests that BMS either refused or was unable to meet ransom demands.
BMS operates several community-based health centers across Baltimore and reportedly serves around 90,000 patients. As an FQHC, it is federally funded and handles a large volume of protected health information (PHI). Cybernews analysis of the leaked data indicates that the attackers accessed large-scale internal backups, likely containing sensitive patient data, internal documents, and operational systems.
Because medical data cannot be “reset” like a password or credit card number, breaches like this carry long-term implications. If the stolen data includes patient histories or insurance information, victims could be at risk of identity theft, prescription fraud, or even blackmail.
Cybernews investigators noted that some leaked data samples exceeded 800GB and appeared to be server-level backups. The naming conventions matched what would typically be found in healthcare IT systems, including database and file storage snapshots.
Brain Cipher, the group behind the attack, is a relatively new ransomware operation that emerged in 2024. The group uses LockBit-based malware and is known for multi-layered extortion tactics. Their previous targets include major consultancies and critical infrastructure organizations.
FQHCs are community-based healthcare providers that receive federal funding to offer primary care services in underserved areas, regardless of a patient's ability to pay.
Brain Cipher is a ransomware group that surfaced in mid-2024. They use LockBit-derived malware and run a dark web leak site where they publish stolen data to pressure victims into paying ransoms.
Healthcare data is rich in personal identifiers, insurance details, and medical histories, making it highly valuable for fraud, identity theft, or extortion. It also cannot be easily replaced or reset.
Affected patients may consider placing fraud alerts or credit freezes, monitoring insurance claims, and checking with healthcare providers for support services or breach response resources.
Cybercriminals can use stolen medical data to submit false insurance claims, obtain prescription drugs, or impersonate individuals for medical treatment, sometimes leading to serious legal or financial consequences for victims.