Sandhills Medical Foundation discloses ransomware breach impacting nearly 170,000 individuals

Sandhills Medical Foundation, a South Carolina-based healthcare provider operating multiple clinics across the state, has disclosed a ransomware attack that compromised sensitive personal and health information of nearly 170,000 individuals, nearly a year after the intrusion was first detected.

The organization identified the cyberattack on May 8, 2025, and initiated an internal investigation with support from cybersecurity specialists, forensic analysts, and law enforcement agencies. The breach has now been formally disclosed, with affected individuals receiving notification letters outlining the scope of the incident and available support services.

Sandhills Medical confirmed that unauthorized actors accessed data belonging to select patients. Information exposed in the breach varies by individual but may include names, dates of birth, Social Security numbers, taxpayer identification numbers, driver’s license details, government-issued identification, passport information, financial records, and personal health information.

The healthcare provider has been listed on the South Carolina Department of Consumer Affairs’ registry of security breaches. State officials indicate that more than 78,000 South Carolina residents may be among those affected. Filings with the Maine Attorney General’s Office place the total number of impacted individuals at close to 170,000.

The organization stated that it regained control of its network shortly after detecting the intrusion and conducted a comprehensive forensic review to determine the extent of unauthorized access. Individuals identified as potentially affected are being notified by mail.

The ransomware group known as Inc Ransom claimed responsibility for the attack in early June 2025, listing Sandhills Medical on its leak site and later publishing files allegedly taken during the breach.

Sandhills Medical is offering complimentary credit monitoring and fraud assistance services to those impacted. Affected individuals can obtain additional information through a dedicated support line available on weekdays.