Baltimore Medical System 2025 Data Breach

Baltimore Medical System Community Clinic Breach (2025): 638K Patient SSN & Home Address Records Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Brain CipherMedicalEmail AddressFull NamePhone NumberPhysical AddressSocial Security Number
High SeverityWebsite / service breach

Baltimore Medical System Community Clinic Breach (2025): 638K Patient SSN & Home Address Records Exposed

Community healthcare provider delivering primary and preventive care.

Verified by ObscureIQ Intelligence
100/100Breach Risk Index
30Data Value
60Market Recency
175dSince Breach

Breach Intelligence Summary

Entity: Baltimore Medical System · Actor: Brain Cipher · Sources: 2 references
Attack: Unknown
Profile: Healthcare provider · Community-based healthcare services · Regional clinic network · USA
Timeline: Breach (2025-07-02) · Indexed (Nov 03, 2025) · Year (2025)
Exposure: 638K records · 5 fields: Email Address, Full Name, Phone Number, Physical Address, Social Security Number
Status: Reported

Executive Summary

Baltimore Medical System, the largest Federally Qualified Health Center in Maryland, suffered a ransomware attack between July 2 and July 20, 2025. The Brain Cipher ransomware group claimed responsibility on September 16, 2025 by listing BMS on its dark-web leak site and posting data samples reportedly exceeding 800 GB, including what appeared to be database and file-system backups from BMS servers. BMS publicly disclosed the incident on September 26, 2025 and began notifying affected individuals.\n\nThe breach affected approximately 638,000 records across the BMS network. Compromised fields include names, contact details, dates of birth, Social Security numbers, medical record and patient identification numbers, medical and treatment information, lab results, Medicare and Medicaid identifiers, health insurance and claims details, and financial account information. The high record count reflects the scope of stored data on affected systems, which includes current and former patients, family contacts, and historical records, beyond the approximately 90,000 patients BMS actively serves at any given time.\n\nFor affected individuals, the practical risk is unusually severe because of the combination of identity, financial, medical, and federal-program identifiers. The pairing of name, address, date of birth, and Social Security number is a strong base for synthetic identity fraud and fraudulent credit applications. Medicare and Medicaid identifiers create additional risk of healthcare-program fraud, including fraudulent claims billed under affected patients' identities. Affected individuals should freeze credit at all three U.S. bureaus, monitor health-insurance and Medicare summary notices closely for unfamiliar charges, and treat unsolicited contact referencing BMS, healthcare benefits, or insurance verification with caution. Patients in vulnerable populations who use FQHCs are particular targets for healthcare-fraud and emotional-manipulation scams, and should rely on calls back to verified BMS phone numbers rather than responding to inbound contact.

ObscureIQ assessment: Severe risk. Combines identity theft, insurance fraud, and medical privacy exposure. Community-health settings may also affect vulnerable populations who are easier to target with convincing scams.

Breach Impact

BMS faces substantial institutional exposure given its position as Maryland's largest FQHC. Federal HIPAA notification obligations, an active Office for Civil Rights review, federal grant-recipient compliance obligations, and a class-action litigation pipeline are all underway. The reputational impact is concentrated within Maryland's underserved patient population, where FQHCs are often the only available provider, making patient retention and trust unusually consequential. The Brain Cipher group's leak-site posting of large server-backup samples adds direct evidence of broad-scale data exfiltration that strengthens future litigation. Operationally, BMS engaged cybersecurity specialists, reviewed its security policies, and began offering credit-monitoring services to affected individuals.

About Baltimore Medical System

Baltimore Medical System (BMS) is the largest Federally Qualified Health Center (FQHC) in the state of Maryland, headquartered in Baltimore. The nonprofit healthcare provider operates a network of community-based health centers across Baltimore City and Baltimore County, providing comprehensive primary care, pediatrics, women's health, dental services, and behavioral health to underserved and low-income residents. As an FQHC, BMS receives federal funding to deliver care regardless of patients' ability to pay, and serves approximately 90,000 patients across its facilities. The organization handles substantial volumes of protected health information including patient identity, insurance, billing, and treatment records, alongside Medicare and Medicaid identifiers used for federal-program billing.

Why They Hold Your Data

Community clinic networks collect patient identity, contact, insurance, billing, and treatment records across primary and specialty care services.

Recent Developments

Baltimore Medical System discovered suspicious network activity in late summer 2025 and engaged third-party cybersecurity specialists to investigate. The forensic review concluded that an unauthorized actor accessed and copied files between July 2 and July 20, 2025. BMS issued an initial public notice on September 26, 2025 and began an extended file-review process to identify affected individuals. Notification letters were mailed in two waves, with the second beginning on or around April 2, 2026. The Brain Cipher ransomware group publicly claimed responsibility on September 16, 2025 by listing BMS on its dark-web leak site and posting samples reportedly exceeding 800 GB. Class-action investigations by U.S. plaintiff law firms began following the September disclosure.

Data Points Exposed

5 verified field types
Email Address
Full Name High
Phone Number
Physical Address High
Social Security Number Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Identity theft and synthetic identity construction using government-issued IDs
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat
  • Full identity theft & synthetic identity fraud

Threat Actor: Brain Cipher

Brain Cipher
Unknown

Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
IdentityTheft.gov
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Baltimore Medical System breach?

Baltimore Medical System, the largest Federally Qualified Health Center in Maryland, suffered a ransomware attack between July 2 and July 20, 2025. The Brain Cipher ransomware group claimed responsibility on September 16, 2025 by listing BMS on its dark-web leak site and posting data samples…

What data was exposed?

Verified fields include Email Address, Full Name, Phone Number, Physical Address, Social Security Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation