Marlboro-Chesterfield Pathology (MCP), a North Carolina-based medical lab, has confirmed a major data breach following a ransomware attack that exposed sensitive patient data. The breach, which has been attributed to the SafePay ransomware group, affected nearly 236,000 individuals.
The lab first discovered unusual activity on its internal systems on January 16, 2025. After a full investigation, it confirmed that cybercriminals had accessed and stolen confidential files. The stolen data includes personal details such as full names, addresses, birthdates, medical histories, and health insurance records. However, the exact data taken may vary from one patient to another.
In a notice posted to its website, MCP revealed that the attackers managed to breach specific IT systems. The lab has since notified the U.S. Department of Health and Human Services, reporting that 235,911 individuals were impacted by the incident.
The group behind the attack, SafePay, had also claimed responsibility for a recent ransomware hit on business services provider Conduent. They took credit for the MCP attack in late January, and briefly listed the lab on their leak site—a move ransomware gangs often use to pressure victims into paying. Notably, MCP’s name no longer appears on the site, which may suggest that negotiations or even a ransom payment occurred, although the company hasn’t confirmed any such details.
SecurityWeek has contacted MCP for comment, but as of now, there has been no official response.
Unfortunately, this isn’t an isolated case. Healthcare organizations continue to be prime targets for cybercriminals. With vast amounts of sensitive data stored digitally, a single breach can expose the personal information of hundreds of thousands—or even millions—of patients.
