Sandhills Medical Foundation experienced a ransomware attack by the Inc Ransom group on May 8, 2025, which resulted in unauthorized access to sensitive personal and health information of about 170,000 individuals. The breach was publicly disclosed nearly a year later. The attackers published stolen data on their leak site. The healthcare provider has engaged law enforcement and forensic experts to assess the impact. There is no information about a specific exploited vulnerability or available patch. The incident highlights risks associated with ransomware attacks on healthcare organizations and the exposure of sensitive patient data.

The breach compromised sensitive personal and health information of approximately 170,000 individuals, including names, dates of birth, Social Security numbers, taxpayer identification numbers, government-issued IDs, financial data, and personal health information. This exposure can lead to identity theft, financial fraud, and privacy violations for affected individuals. The delayed public disclosure may have impacted timely mitigation by those affected. The ransomware attack disrupted the healthcare provider's operations and resulted in data leakage on a criminal leak site.

No patch or technical remediation details are provided for this incident. The healthcare organization has been working with law enforcement, cybersecurity experts, and forensic firms to investigate and respond to the breach. Organizations should ensure robust ransomware defenses, incident response plans, and timely breach disclosures. Affected individuals should be notified and offered appropriate identity protection services. Since this is a ransomware incident rather than a software vulnerability, standard patching guidance does not apply. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.