Mainline Health Systems has disclosed a data breach that exposed the personal and medical information of more than 100,000 patients. The incident is linked to the INC RANSOM ransomware group.
Mainline Health Systems, which operates more than 30 clinics in Arkansas, disclosed that a network breach detected in April 2024 resulted in the theft of sensitive personal files. The breach was officially reported this week to the Maine Attorney General’s office and has been confirmed to impact 101,104 individuals.
Mainline Health first discovered the breach in April 2024, but it wasn’t until an internal investigation concluded on May 21, 2025, that the organization confirmed sensitive data had been stolen. The INC RANSOM ransomware group claimed responsibility for the attack as early as May 2024, going so far as to leak sample files on their site. This incident appears to be part of the group's broader campaign targeting U.S. healthcare providers.
In its official notice, Mainline Health Systems stated: “Upon learning of this issue,
Mainline immediately commenced a prompt and thorough investigation. As part of the investigation, Mainline notified federal law enforcement of the incident, engaged external cybersecurity professionals who regularly investigate and analyze these types of situations to help determine the extent of any compromise of the information on the Mainline network and conducted a manual review. Based on that review, we discovered on May 21, 2025, that certain files containing your protected personal information were subject to unauthorized access or acquisition as a result of the incident.”
Mainline Health has begun notifying affected individuals and is offering free credit monitoring services. The organization has also initiated steps to strengthen its cybersecurity measures. Patients are advised to monitor their medical and financial records for unusual activity and remain alert to potential phishing attempts or scams.
Read more: Investing in cybersecurity
See also: HIPAA Compliant Email: The Definitive Guide (2025 Update)
INC RANSOM is a cybercriminal group known for targeting multiple industries, including healthcare organizations, with ransomware attacks, often stealing data and threatening to leak it publicly.
Yes, enrollment in the service is voluntary, but it is strongly recommended for those affected by the breach.
You can contact Mainline Health Systems directly to inquire about your status and ask whether your data was involved in the breach.
HIPAA requires covered entities to notify affected individuals, the U.S. Department of Health and Human Services (HHS), and in some cases the media, within 60 days of discovering a breach involving protected health information (PHI).
Read also: What are the HIPAA breach notification requirements