Goshen Medical Center Confirms Data Breach Involving Hundreds of Thousands

Goshen Medical Center, located in North Carolina, recently reported a data security breach affecting the personal information of more than 450,000 individuals.

 

Goshen Medical Center, headquartered in Faison, North Carolina, operates more than 35 facilities throughout eastern North Carolina, providing care to approximately 53,000 patients.

 

In a data security incident notice submitted to the Office of the Maine Attorney General, Goshen Medical Center said that on March 4, it identified unauthorised activity within its internal network. The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected network and notified relevant law enforcement authorities about the incident.

 

“As a result, we determined that certain files may have been accessed or acquired without authorisation on February 15, 2025. We then undertook a comprehensive review of the affected data and, on or about September 12, 2025, learned that some personal health information was involved,” Goshen Medical Center said.

 

The compromised data included names, addresses, dates of birth, Social Security numbers, driver’s license numbers, and medical record numbers. The filing with the Maine state regulator’s office also states that Goshen Medical Center has identified 456,385 individuals affected by the incident.

 

While the healthcare provider found no evidence of the compromise data being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

It has also offered one year of complimentary identity protection and credit monitoring services through Equifax to all affected individuals.

 

 

The notorious BianLian ransomware group claimed responsibility for the cyber attack on Goshen Medical Center, listing it as a victim on its data leak site. The group said it had obtained confidential data from the healthcare provider including personal records, financial data, various databases and threatened to release the entire database unless its ransom demands are met.