Central Jersey Medical Center, a Federally Qualified Health Center based in Perth Amboy, New Jersey, suffered a ransomware attack on August 25, 2025 in which an external threat actor accessed the medical center's dental servers' network and deployed ransomware to encrypt files. The Sinobi ransomware-as-a-service group claimed responsibility on October 10, 2025 by listing CJMC on its dark-web leak site and asserting it had exfiltrated approximately 930 gigabytes of data. CJMC posted a public notice on October 23, 2025 and began notifying affected individuals.

The breach affected approximately 131,000 individuals based on records indexed by breach-tracking services. Compromised fields included names, dates of birth, addresses, telephone numbers, email addresses, race or ethnicity, Social Security numbers, dental record numbers, health insurance information, dental diagnoses, treatment history, and billing information. The breach was specifically limited to CJMC's dental servers' network; the general electronic medical record system, financial accounts, and payment information were not affected. As an FQHC providing primary, dental, and mental-health services in school-based health centers across Newark, the affected dental-records archive may include records for both adult patients and minors who received dental care through school-based programs.

For affected patients, the practical risk profile is severe and combines identity-fraud exposure with healthcare-program and minor-specific risks. The combination of name, date of birth, address, and Social Security number is a strong base for synthetic identity fraud and fraudulent credit applications. Inclusion of race or ethnicity may support targeted discrimination-themed phishing or scams. Patients in school-based programs may have had records exposed for minor children, raising concerns about child-identity fraud that can go undetected for years. Affected patients and parents should freeze credit at all three U.S. bureaus including for any minor children who received dental services through CJMC, monitor health-insurance and Medicaid statements closely, and treat unsolicited contact referencing CJMC or related dental services with caution.

Federally Qualified Health Centers collect patient identity, contact, insurance, billing, appointment, and clinical records across primary, dental, and preventive care services.

Central Jersey Medical Center experienced a ransomware attack on August 25, 2025 in which an external threat actor gained unauthorized access to its dental servers' network and deployed ransomware to encrypt files. The Sinobi ransomware-as-a-service group claimed responsibility on October 10, 2025 by listing CJMC on its dark-web leak site and asserting it had exfiltrated approximately 930 gigabytes of data. CJMC posted a public notice on its website on October 23, 2025 and began notifying affected individuals. The organization engaged outside cybersecurity experts, notified law enforcement, and reported the matter to state and federal regulators. Class-action investigations by U.S. plaintiff law firms began organizing in late October 2025. CJMC has stated that its general electronic medical record system was not involved, and that no financial accounts or payment information was affected.