Monarch filed notice of a data breach with the Massachusetts Attorney General as well as the U.S. Department of Health and Human Services Office for Civil Rights after a ransomware attack resulted in confidential patient information being exposed to an unauthorized party. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ full names, protected health information and Social Security numbers.