Woodfords Family Services, a mental health and social services provider, notified patients and families in March 2026 about a ransomware attack that occurred in 2024. The Portland, Maine based organization disclosed the incident after completing a forensic investigation to determine the scope of compromised information.
The attack exposed patient records including names, dates of birth, Social Security numbers, health insurance information, medical record numbers, and treatment details. The delayed notification reflects the extended timeline often required to analyze affected systems and identify impacted individuals in healthcare-related breaches.
Attack timeline and investigation findings
Woodfords detected unauthorized network activity in 2024 and immediately engaged cybersecurity experts to contain the incident and assess its impact. The investigation determined that attackers accessed systems containing protected health information prior to the deployment of ransomware encryption.
No ransomware group has publicly claimed responsibility for the attack, and the organization has not disclosed the specific intrusion method or how long attackers maintained access before detection.
Patient notification and response measures
The organization is notifying affected individuals by mail and offering complimentary credit monitoring and identity theft protection services. Woodfords stated it has implemented additional security measures following the incident, including enhanced network monitoring, employee security awareness training, and improved system segmentation.
These measures are intended to reduce the likelihood of similar incidents and improve detection of unauthorized activity across its environment.
Sensitive healthcare data increases risk exposure
Breaches involving mental health and treatment records present elevated risk due to the sensitive nature of the information involved. In addition to identity theft concerns, exposed treatment details could be used in targeted social engineering or coercion attempts.
Woodfords stated that it has not identified evidence suggesting the compromised data has been misused or publicly disclosed at this time. The situation remains under review as the organization continues monitoring for potential downstream impacts.
