Yesterday, Mainline Health Systems started notifying 101,104 people of a data breach following a cyber attack back in April 2024. Data affected includes Social Security numbers, payment card numbers, Medicaid numbers, financial account information, and medical data.
Ransomware gang INC claimed this attack when it added Mainline to its data leak site in early May, uploading various documents as proof of its claim.
Mainline doesn’t provide many details into the nature of its cyber attack, simply stating that it: “experienced a data security incident on or about April 10, 2024.” Comparitech has contacted the company for more information, including whether or not a ransom was demanded and/or paid, how hackers infiltrated its systems, and why it has taken so long to notify victims. We will update this article if we receive a response.
In the meantime, Mainline is offering those affected free access to 12 months of Credit and CyberScan Monitoring via IDX.
Who is INC?
Since August 2023, INC has claimed 338 victims with 97 of these attacks being confirmed. So far this year, we’ve seen 16 confirmed attacks and 109 unconfirmed.
38 of its confirmed victims are healthcare companies, with other recently confirmed attacks including:
- Saint James Hospital Group, Malta – targeted in April 2025
- Mount Rogers Community Services, US – also hit in April 2025
- The Vascular Experts (Southern Connecticut Vascular Center), US – suffered an attack in May 2025
- Waiwhetu Medical Centre, New Zealand – also impacted in May 2025
McLaren Health Care also confirmed this week that 743,131 people had their data breached in a ransomware attack via INC in August 2024. This isn’t the first attack for McLaren. It was previously hit by ALPHV/BlackCat in July 2023. Here, 2,192,515 people were affected.
Ransomware attacks on US hospitals and clinics
We tracked 163 confirmed attacks on US healthcare companies in 2024, affecting 28,121,243 records in total and with an average ransom of $1.05 million. So far this year, we’ve seen 32 confirmed attacks affecting 1,942,644 records.
Other recently confirmed attacks include:
- Rural Health Services, Inc. – issuing letters to nearly 33,000 people regarding a breach in January 2025. Medusa claimed this attack, demanding $200K
- Shelby Dermatology, PC d/b/a Dermatologists of Birmingham – notifying 86,000 about a March 2025 attack which was claimed by Qilin
- Covenant Health – targeted at the end of May 2025 with Qilin also coming forward to claim this attack today
We are also monitoring a further 105 unconfirmed attacks on this sector this year so far.
As we can see with this attack on Mainline Health Systems, ransomware attacks on healthcare companies not only have the potential to cause widespread disruption through the encryption of systems but also have ongoing consequences for months–and even years–after the attack due to data theft.
On average, it takes US healthcare organizations 3.7 months to report a breach following a ransomware attack. Mainline’s delay of over a year is well above this average and puts patients’ data at significant risk, especially due to the nature of information involved. Those affected should take up the offer of free credit monitoring and identity theft protection services as soon as possible.
About Mainline Health Systems
First established in 1978, Mainline specializes in treating patients who don’t have insurance or don’t have adequate insurance to cover essential health services. It is located in Southeast Arkansas.
