The Middlesex Sheriff’s Office on Tuesday said a data breach compromised the private health information of inmates and anyone else who may have received medical care at its facilities last year.
People were notified Tuesday of the breach , officials said in a statement.
A year-long investigation found that unauthorized access was granted in January of 2025 to names, home addresses, dates of birth, and diagnoses of people who may have previously received medical care from the sheriff’s department, officials said.
The statement did not say how many people were impacted by the breach. The federal Health Insurance Portability and Accountability Act (HIPAA) protects people’s private medical information.
The scope of the information accessed varied by individual, and officials said they have seen no evidence that the compromised data was misused.
Officials said the affected systems have since been secured and additional safeguards implemented. Following the breach, the sheriff’s office “proactively” disconnected certain internet systems “out of an abundance of caution” and worked with public safety experts to investigate the incident, according to a statement released last year.
On Tuesday, the office urged those whose information may have been accessed to monitor their credit reports and review their bank statements and insurance records for signs of fraud. Officials also advised potential victims to consider placing a fraud alert on their credit reports.
Multiple agencies worked over the past year with the Middlesex Sheriff’s Office to investigate the breach, including the FBI, the state’s lead enterprise technology organization, and two private cybersecurity firms. Anyone concerned about whether their information may have been accessed can contact the sheriff’s office by email.
Lila Hempel-Edgers can be reached at lila.hempeledgers@globe.com. Follow her on X @hempeledgers and on Instagram @lila_hempel_edgers.