MedStar Health has disclosed a massive data breach affecting 4.2 million patients across its network of hospitals and clinics in the Mid-Atlantic region. The breach, discovered on April 10, involved unauthorized access to systems containing names, Social Security numbers, medical records, and insurance information.
The attack is attributed to a ransomware group known as BlackSuit, which has been increasingly targeting healthcare organizations in 2026. MedStar says it refused to pay the ransom demand and is working with the FBI and CISA to investigate the incident.
Affected patients will receive two years of free credit monitoring and identity theft protection. MedStar has also established a dedicated call center to answer patient questions about the breach.
