Pierluigi Paganini May 26, 2025

SafePay ransomware hit Marlboro-Chesterfield Pathology, stealing personal data of 235,000 people in a major breach.

SafePay ransomware hit Marlboro-Chesterfield Pathology, stealing personal data of 235,000 people in a major breach at the North Carolina-based lab.

Marlboro-Chesterfield Pathology (MCP), founded in 1990 in Pinehurst, NC, is a full-service lab offering molecular, cytology, and pathology testing. Known for its advanced digital and molecular facilities, MCP provides FDA-approved diagnostics to support physicians and patients across the Carolinas.

The security breach occurred on January 16, 2025, threat actors gained unauthorized access to internal systems. The company launched an investigation into the incident and steps were taken to secure systems. The company notified law enforcement and attempted to delete the stolen personal information, suggesting that the organization suffered a ransomware attack. According to the data breach notification, the company identified affected individuals by March 31, 2025.

“On or around January 16, 2025, we experienced unauthorized activity on certain of our internal IT systems. Based on our subsequent investigation, we determined that an unauthorized party accessed our systems and acquired certain records from our systems. We took prompt action and quickly engaged third-party specialists to assist us in securing our systems and investigating the incident. Law enforcement is aware of the incident and we have cooperated with their investigation. The involvement of law enforcement did not delay this notification.” reads the data breach notification sent to the impacted individuals. “Through a thorough investigation and extensive review of the impacted data, which concluded on March 31, 2025, we determined that some of your personal information was contained in the affected records. We took steps, to the best of our ability and knowledge, to ensure that the data taken by the unauthorized party was deleted.”

Marlboro-Chesterfield Pathology disclosed that the breach exposed personal details such as names, addresses, birth dates, medical treatment information, and health insurance data, including policy numbers. The stolen information varies by individual. The company emphasized that, so far, there have been no reports of identity theft. In response, they secured their systems, brought in forensic experts to investigate, and strengthened their network defenses.

The company notified the US Department of Health and Human Services (HHS) that the data breach impacted 235,911 individuals.

As of now, the ransomware group has not added the healthcare organization to its leak site.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)