Columbia Medical Practice confirms November ransomware attack exposed patient data

Columbia Medical Practice, a multispecialty healthcare provider based in Columbia, Maryland, has confirmed that patient information was compromised during a ransomware attack that occurred in November 2025, exposing sensitive personal and medical data of up to 3,000 individuals.

The incident involved unauthorized access to the organization’s network on Nov. 5, 2025, when an unidentified threat actor deployed malware that encrypted files on certain systems. Before the encryption occurred, files were exfiltrated, including documents containing patient information. Columbia Medical Practice later recovered the encrypted files and launched a detailed review to identify which individuals were affected and what specific data was involved.

The attack has been claimed by the Qilin ransomware group, a cybercriminal organization known for targeting healthcare and other critical infrastructure entities. Columbia Medical Practice confirmed that its electronic medical record system was not accessed during the incident. However, files stored on compromised portions of the network contained a wide range of sensitive information.

The affected data may include patient names, addresses, telephone numbers, dates of birth, passport numbers, Social Security numbers, driver’s license numbers and other government-issued identifiers. Financial account information was also involved, though it did not include security codes or credentials that would permit direct account access. Additional information may include health insurance details, patient account numbers and health-related data such as diagnoses, diagnosis codes, treatment or condition information, prescription details, medical history, dates and locations of service, assigned physician names and health services payment information. The specific combination of data elements varied by individual.