A North Carolina-based pathology lab, Marlboro-Chesterfield Pathology (MCP), has confirmed a major data breach after falling victim to a ransomware attack earlier this year. The incident compromised sensitive personal and medical information of nearly a quarter-million individuals, making it one of the more serious healthcare data breaches of 2025.
MCP disclosed the breach in a public notice on its website, revealing that it first detected unauthorized access to its internal systems on January 16. Following a forensic investigation, the lab confirmed that hackers had accessed and exfiltrated a portion of its files.
The stolen data varies by person but may include full names, home addresses, dates of birth, health insurance information, and details about medical treatments. This type of data is especially valuable to cybercriminals, making the healthcare sector a frequent target for ransomware groups.
This week, MCP informed the U.S. Department of Health and Human Services (HHS) that 235,911 individuals were impacted. The ransomware group SafePay later claimed responsibility for the attack. SafePay had previously targeted Conduent, a well-known business services provider.
Notably, MCP was initially listed on SafePay’s dark web leak site, but that listing has since been removed. While MCP has not confirmed if a ransom was paid, the removal often suggests that some form of negotiation or settlement occurred behind the scenes.
SecurityWeek reached out to MCP for comment, but the company has not yet responded. Updates will be shared if and when new information becomes available.
Healthcare breaches continue to pose serious privacy risks. Incidents involving medical providers frequently affect hundreds of thousands—and in some cases, millions—of patients. With threat actors constantly evolving their tactics, healthcare institutions remain under growing pressure to strengthen their cybersecurity defenses.
