Sandhills Medical Foundation, a healthcare provider based in South Carolina, has reported a significant data breach impacting approximately 170,000 individuals. The breach, caused by a ransomware attack, highlights ongoing concerns about cybersecurity in the healthcare sector.
Discovery of the Ransomware Attack
On May 8, 2025, Sandhills Medical Foundation identified a ransomware attack that compromised its data security. In response, the organization collaborated with law enforcement, cybersecurity professionals, and a forensic analysis team to probe the extent of the breach and understand its ramifications.
After nearly a year of investigation, Sandhills Medical has now made the breach public and is in the process of notifying those affected. The breach underscores the persistent threat of cyberattacks targeting sensitive healthcare data.
Extent of the Data Compromise
According to a notice sent to the Maine Attorney General’s Office, the breach affected the personal information of around 170,000 individuals. Although the company initially mentioned that only specific patients were impacted, the scale of the breach is significant.
The compromised data includes names, birth dates, Social Security numbers, taxpayer identification numbers, driver’s licenses, government-issued IDs, passports, financial details, and personal health information. This extensive range of data highlights the potential risks individuals face following such breaches.
Cybercriminal Activity and Response
The Inc Ransom ransomware group claimed responsibility for the attack, listing Sandhills Medical on its leak site in June 2025. The group has allegedly made the stolen files available for download, exacerbating the potential damage.
As the investigation continues, Sandhills Medical is focusing on strengthening its cybersecurity measures to prevent future incidents. The breach serves as a critical reminder for healthcare institutions to prioritize data protection and robust security protocols.
In conclusion, the Sandhills Medical data breach has significant implications for patient privacy and cybersecurity within healthcare. Ongoing efforts to secure data and mitigate risks are crucial as the organization addresses this breach and its aftermath.
