Data Breaches

Data Breach at Onsite Mammography Impacts 350,000

Massachusetts medical firm Onsite Mammography discloses data breach impacting the personal information of 350,000 patients.

Massachusetts medical firm Onsite Mammography discloses data breach impacting the personal information of 350,000 patients.

Massachusetts medical services provider Onsite Mammography is notifying over 350,000 people that their personal and health information was compromised in a data breach.

The incident was discovered in October 2024 and involved unauthorized access to an employee’s email account, the firm reveals in a notification letter mailed to the impacted individuals.

Some of the emails in the compromised account’s inbox, Onsite says, exposed both personally identifiable information (PII) and protected health information (PHI).

A review of the exposed information that was concluded in February 2025 determined that names, Social Security numbers, dates of birth, driver’s license numbers, credit card numbers, and medical information such as mental and physical health or condition, and received care information was compromised.

“The investigation further revealed that the actor only had access to the email account and did not have access to any other systems within our network,” Onsite says.

The medical services provider notified the Maine Attorney General’s Office that 357,265 patients were impacted and that it is providing them with 12 months of free credit monitoring and identity protection services.

Advertisement. Scroll to continue reading.

“Onsite has no reason to believe any information has been or will be misused as a result of this incident,” the healthcare organization said in a press release.

Operating under the Onsite Women’s Health brand, Onsite Mammography provides in-office breast health and imaging service nationwide, including 3D mammography, automated Whole-Breast Ultrasound, and risk assessment services.

“Onsite Women’s Health identified unauthorized access to one employee’s email account as a result of a phishing email. The incident was limited in scope, and there is no evidence that the information has been misused. We took immediate action, engaged cybersecurity experts, notified law enforcement and notified affected individuals. We remain fully committed to safeguarding patient privacy and data security,” Onsite told SecurityWeek in an emailed statement.

*Updated with statement from Onsite.

Related: 1.6 Million People Impacted by Data Breach at Laboratory Services Cooperative

Related: Two Healthcare Orgs Hit by Ransomware Confirm Data Breaches Impacting Over 100,000

Related: 170,000 Impacted by Data Breach at Chord Specialty Dental Partners

Related: 430,000 Impacted by Data Breaches at New York, Pennsylvania Healthcare Organizations

Related Content

Cybercrime

The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid. 

Data Breaches

The WorldLeaks extortion group claimed to have stolen 720 GB of data from the healthcare testing and laboratory services provider.

Data Breaches

Hackers exploited a zero-day vulnerability in a third-party system to access a KDDI email system for ISPs.

Data Breaches

Hackers accessed the institution’s internal network and deleted two drives containing employee, student, and university data.

Data Breaches

The professional services giant says it contained the incident, remediated its source, and experienced no operational or service delivery impact.

Cybercrime

In April, ShinyHunters accessed the company’s corporate IT systems and stole patients’ personal and medical information.

Data Breaches

Hackers accessed the insurance giant’s policyholder portal multiple times between June 15 and June 25.

Data Breaches

Only a handful of the 100 organizations targeted in the PeopleSoft campaign have been confirmed.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version