Ransomware attack on Sandhills Medical impacted about 170,000 patients

Georgia-based Sandhills Medical Foundation said a major ransomware attack on its network in May 2025 compromised the personal and health information of close to 170,000 individuals. 

 

Based in Suwanee, Georgia, Sandhills Medical has been providing comprehensive medical care since 1977 to residents of Chesterfield, Kershaw, Lancaster, and Sumter Counties in the US state of Georgia. The institution operates as a Federally Qualified Community Health Centre, providing primary, pediatric, mental health, chiropractic, pharmacy and diagnostic care services.

 

The community medical centre announced last week that it suffered a major ransomware attack on May 2, 2025, that enabled threat actors to directly access its server and exfiltrate the personal information of some of its patients.

 

Sandhills Medical said that after discovering the ransomware attack, it quickly regained access to its network and launched an investigation with help from cybersecurity experts, law enforcement and an independent forensic firm. Once the investigation determined that data had been compromised during the incident, a comprehensive data mining process began to determine which individuals were affected by the incident. 

 

The medical centre notified the office of the Attorney General of Maine that the ransomware incident compromised the personal and healthcare information of 169,017 individuals. The compromised information included dates of birth, Social Security numbers, Individual Taxpayer Identification Numbers, driver’s license numbers, government issued identification, passport, financial information and personal health information. 

 

“We take our information security extremely seriously and have responded to this attack with fully updated IT safeguards and protocols,” said Amanda Duke, CEO of Sandhills Medical. “We sincerely regret any concern this incident caused and remain committed to providing quality, comprehensive, accessible care to the patients and families we serve.” 

 

The medical centre said in a press release that after the data security incident occurred, it enhanced its network protocols and engaged new information technology partners to prevent similar incidents from occurring in the future. Sandhills Medical is also offering free-of-cost credit monitoring and proactive fraud assistance services to all affected individuals to help protect their personal information from misuse.

 

Sandhills Medical did not state why it took close to a year to notify the Attorney General about the data security incident or whether it had paid a ransom to regain access to its primary server within a week after the attack occurred.