For HomeFor BusinessFor Partners
Industry News Data Breach Digital Privacy
3 min read

Phished Email at Mammography Service Exposes Records of 350,000 Customers

Filip TRUȚĂ

April 25, 2025

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Phished Email at Mammography Service Exposes Records of 350,000 Customers

Onsite Mammography, which provides medical imaging services to hospitals across the United States, has suffered a data breach potentially affecting more than 350,000 people.

Based in Westfield, Massachusetts, Onsite Mammography does business as Onsite Women’s Health, offering in-office breast health and imaging services. The services include 3D mammography, automated Whole-Breast Ultrasound (ABUS), and personalized risk assessments.

The health provider has 150 locations across the United States and some 200 employees.

The company has issued a security incident notice informing authorities and customers that personal and health information of 357,265 individuals was likely caught up in a breach.

One employee to blame

In October 2024, Onsite Mammography noticed “unusual activity associated with one employee’s email account.”

The notice, submitted in PDF format to the Maine Attorney General's Office, also serves as the letter sent to affected customers.

“After taking immediate steps to ensure our email environment was secure, we enlisted independent cybersecurity experts to conduct an investigation to determine what happened and whether sensitive information may have been impacted,” the notice reads.

Investigators found that “an unauthorized actor gained access to the individual’s email account for a brief window of time.”

A phishing attack

While the notice doesn’t disclose the exact type of attack on this staffer’s workstation, the wording suggests a phishing or credential stuffing attack.

Responding to an inquiry by SecurityWeek, Onsite said the incident was indeed the result of a successful phishing attack. In an emailed statement to the news site, the health provider said:

“Onsite Women’s Health identified unauthorized access to one employee’s email account as a result of a phishing email. The incident was limited in scope, and there is no evidence that the information has been misused. We took immediate action, engaged cybersecurity experts, notified law enforcement and notified affected individuals. We remain fully committed to safeguarding patient privacy and data security.”

Clients’ personal info and health data exposed

“Due to the nature of some of the emails in this employee’s inbox, we engaged the services of an outside data analytics vendor, that conducted a comprehensive review of the impacted files to determine whether any PHI was involved,” the letter to affected customers continues.

Investigators found that the unauthorized actor only had access to the email account and not to any other systems within the Onsite network.

Onsite stops short of disclosing the actual data types caught up in the breach. However, in a press release, the company confirms that the compromised email included specific health data about patients.

“Onsite engaged the services of an outside data analytics vendor, that conducted a comprehensive review of the impacted files to determine whether any PHI was involved. The review concluded on February 21, 2025 and revealed that the compromised information included specific health-related information about patients.”

According to the letter template submitted to the Maine Attorney General's Office, affected individuals are offered complementary credit monitoring and identity protection services.

Lawyers investigating potential compensation to those affected

A quick internet search about the breach reveals that several law firms are investigating to determine whether affected individuals are entitled to compensation.

“Data breaches are serious matters that can cause long-term damage,” said Levi & Korsinsky, a New York consumer advocacy law firm. “Hackers may use stolen information to commit identity theft, financial fraud, or other crimes. Companies that fail to secure your personal data may be held liable for the resulting harm.”

What to do if your data is caught up in a breach

Anyone affected by a breach should consider a data monitoring service. Bitdefender Digital Identity Protection lets you know if your data has been caught up in a breach or has been compromised or leaked online, as well as what risks you face and how to protect yourself.

Data stolen in breaches fuels socially engineered scams and fraud. When in doubt about a suspicious text, phone call, or social media interaction, Bitdefender recommends using Scamio, our free, scam-fighting AI bot. You can share with Scamio the exact thing you want to check, such as a screenshot, link, or QR code – or simply describe the situation to our chatbot in your own words. Scamio lets you know in seconds if it’s a sham.

For peace of mind, consider using a security solution on all your personal devices.

You may also want to read:

US Clinical Lab Tells 1.6 Million Customers to 'Protect' Their Data Following Cyberattack

‘Termite’ Claims Attack on Australian IVF Clinic Genea

Hackers Threaten to Leak Highly Sensitive Files from Lee Enterprises Breach

tags

Industry News Data Breach Digital Privacy

Author

Filip TRUȚĂ

Filip TRUȚĂ

Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.

View all posts

Right now Top posts

How to Protect Your WhatsApp from Hackers and Scammers – 8 Key Settings and Best Practices
How to Tips and Tricks

How to Protect Your WhatsApp from Hackers and Scammers – 8 Key Settings and Best Practices

April 03, 2025

8 min read
Outpacing Cyberthreats: Bitdefender Together with Scuderia Ferrari HP in 2025
Industry News

Outpacing Cyberthreats: Bitdefender Together with Scuderia Ferrari HP in 2025

March 12, 2025

1 min read
Streamjacking Scams On YouTube Leverage CS2 Pro Player Championships to Defraud Gamers
Scam

Streamjacking Scams On YouTube Leverage CS2 Pro Player Championships to Defraud Gamers

February 20, 2025

5 min read
How to Identify and Protect Yourself from Gaming Laptop Scams
Scam Tips and Tricks The Safe Nomad

How to Identify and Protect Yourself from Gaming Laptop Scams

February 11, 2025

5 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

Yale New Haven Health Warns 5.5 Million Patients of Possible Data Theft
Industry News Data Breach Digital Privacy

Yale New Haven Health Warns 5.5 Million Patients of Possible Data Theft
Vlad CONSTANTINESCU

April 25, 2025

2 min read
Hackers Injected Horrific and Epilepsy-Inducing Videos During StarCraft II Matches
Industry News

Hackers Injected Horrific and Epilepsy-Inducing Videos During StarCraft II Matches
Silviu STAHIE

April 25, 2025

1 min read
He Hacked Walt Disney World Menus, Now He's Doing Three Years in Federal Prison
Industry News

He Hacked Walt Disney World Menus, Now He's Doing Three Years in Federal Prison
Silviu STAHIE

April 25, 2025

2 min read

Bookmarks

loader