SOUTH CAROLINA – A major data breach involving Sandhills Medical Foundation, a federally qualified health center based in South Carolina, may have exposed the sensitive information of more than 169,000 patients.
Ransomware Attack Discovered
According to information released by the Office of the Maine Attorney General, Sandhills Medical Foundation discovered the cybersecurity breach on May 8, 2025. Officials said the incident itself occurred nearly a week earlier, on May 2.
In a notice sent to affected individuals, Sandhills confirmed the organization was targeted in a ransomware attack. These attacks usually involve hackers using malicious software to lock or encrypt data systems until a ransom is paid.
The healthcare provider said it quickly regained control of its network and began working with cybersecurity experts, law enforcement, and an independent forensic investigation team.
Personal and Medical Information Potentially Exposed
During the investigation, officials discovered that an unauthorized third party directly accessed company servers and obtained patient information.
Sandhills Medical Foundation stated that the exposed data varied from person to person but may have included:
- Personal health information
- Dates of birth
- Medical-related records
- Other sensitive patient information
The organization said investigators then carried out a detailed data review process to identify which individuals were affected by the breach.
More Than 169,000 People Impacted
The Office of the Maine Attorney General reported that approximately 169,017 individuals may have been impacted by the cyberattack.
Healthcare data breaches have become increasingly common in recent years, with cybercriminals often targeting hospitals, clinics, and healthcare organizations due to the valuable personal and medical information they store.
Investigation and Response Ongoing
Sandhills Medical Foundation said it continues working with cybersecurity professionals and law enforcement agencies as the investigation moves forward.
The healthcare provider has not publicly shared whether a ransom was paid or if the stolen data has been misused.
Patients affected by the breach are encouraged to monitor their financial and medical records closely for suspicious activity and follow any additional guidance provided by the healthcare organization.
