Sandhills Medical Says Ransomware Breach Affects 170,000

Summary

South Carolina healthcare provider Sandhills Medical Foundation disclosed a ransomware attack discovered on May 8, 2025, affecting approximately 170,000 individuals. The Inc Ransom cybercrime group claimed responsibility and listed the organization on its leak site in early June 2025. Compromised data includes names, SSNs, driver's licenses, passports, financial information, and personal health records.

Full text

South Carolina-based healthcare provider Sandhills Medical Foundation has disclosed a data breach affecting nearly 170,000 individuals. Sandhills Medical said in a data security incident notice on its website that it discovered a ransomware attack on May 8, 2025. It has since been working with law enforcement, cybersecurity experts, and a forensics firm to investigate the intrusion and determine its impact. Now, nearly one year later, the healthcare organization has publicly disclosed the incident and notified affected individuals. The company said the hackers obtained the personal information of “select patients”, but told the Maine Attorney General’s Office that nearly 170,000 people are affected. Compromised information includes name, date of birth, SSN, Taxpayer Identification Numbers, driver’s licenses, government-issued identification, passports, financial information, and personal health information.Advertisement. Scroll to continue reading. The Inc Ransom ransomware group listed Sandhills Medical on its leak website in early June 2025. The cybercrime group has since made the files allegedly stolen from the healthcare organization available for download. Sandhills Medical listed on Inc Ransom website Related: More healthcare data breaches Related: Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000 Related: 38 Vulnerabilities Found in OpenEMR Medical Software Related: Data Breach at Tennessee Hospital Affects 337,000 Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs Vimeo Confirms User and Customer Data BreachRobinhood Vulnerability Exploited for Phishing AttacksElectric Motorcycles and Scooters Face Hacking Risks to Security and Rider SafetyMedtronic Hack Confirmed After ShinyHunters Threatens Data LeakMalicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: GoogleEnergy and Water Management Firm Itron HackedFirefox Vulnerability Allows Tor User FingerprintingLocked Shields 2026: 41 Nations Strengthen Cyber Resilience in World’s Biggest Exercise Latest News ‘Copy Fail’ Logic Flaw in Linux Kernel Enables System TakeoverFresh LiteLLM Vulnerability Exploited Shortly After DisclosureHundreds of Internet-Facing VNC Servers Expose ICS/OTCheckmarx Confirms Data Stolen in Supply Chain AttackIranian Cyber Group Handala Targets US Troops in Bahrain38 Vulnerabilities Found in OpenEMR Medical SoftwareChrome 147, Firefox 150 Security Updates Rolling OutCritical GitHub Vulnerability Exposed Millions of Repositories Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: A Step-by-Step Approach to AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the MoveMongoDB has appointed Doug Bowers as Chief Information Security Officer.Ben Wilkens has been promoted to Director of Cybersecurity at NMFTA.Cato Networks has appointed Meital Koren as Chief Legal Officer.More People On The MoveExpert Insights The Mythos Moment: Enterprises Must Fight Agents with Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase. (Torsten George) Government Can’t Win the Cyber War Without the Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

• malware — Inc Ransom

Entities