South Carolina Healthcare Providers Report Hacking Incidents
Rural Health Services and HopeHealth in South Carolina have announced data breaches, and Artivion has started issuing notification letters to individuals affected by its November 2024 ransomware attack.
Rural Health Services, South Carolina
Rural Health Services (RHS), a South Carolina healthcare provider serving patients in Aiken County, has experienced a sizeable data breach that has affected up to 36,542 patients. A network intrusion was detected on February 13, 2025, immediate action was taken to secure its systems, and law enforcement was notified. Assisted by third-party cybersecurity experts, RHS investigated the incident to determine the nature and scope of the unauthorized activity.
The investigation confirmed that an unauthorized third party had access to its network for almost a month between January 15, 2025, and February 13, 2025. During that time, files containing patient information may have been viewed or copied from the network. The information potentially obtained in the incident varies from individual to individual and includes names in combination with one or more of the following: date of birth, Social Security number, driver’s license number, passport number, financial account number, medical history, mental and physical treatment information, diagnosis information, prescription information, treating/referring physician, patient number, Medicare/Medicaid information, and health insurance information including policy number, member ID, and/or group number. At the time of issuing notification letters, RHS was unaware of any misuse of patient data.
HopeHealth Inc., South Carolina
HopeHealth Inc., a Federally-Qualified Health Center serving patients in Florence, Clarendon, Darlington, Williamsburg, Aiken, & Orangeburg Counties in South Carolina, has recently started issuing notification letters to individuals affected by a March 2025 security incident. A network intrusion was identified on or around March 20, 2025, and the forensic investigation confirmed that an unauthorized third party had access to its network from March 19, 2025, to March 20, 2025.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The review of the exposed files was completed on July 2, 2025, when it was confirmed that the exposed information included names, addresses, dates of birth, Social Security numbers, medical information, health insurance information, financial account information, driver’s license numbers, passport numbers, and credit card information.
The total number of affected individuals has yet to be confirmed; however, the South Carolina Attorney General was informed that 1,625 state residents had been affected. Single bureau credit monitoring, credit report, and credit score services have been offered to the affected individuals for 12 months.
Artivion, Georgia
The Kennesaw, GA-based medical device manufacturer, Artivion, has started notifying individuals whose protected health information was compromised in a November 2024 ransomware attack. As a publicly traded company, Artivion was required to report the incident to the U.S. Securities and Exchange Commission (SEC) and did so shortly after the attack; however, it has taken several months to investigate the incident and determine the extent to which sensitive data was compromised.
Artivion confirmed in its breach notification letters that an unauthorized actor had access to its network between November 20, 2024, and November 21, 2024, during which time files were copied from the network. The file review was completed on June 9, 2025, when it was confirmed that the stolen data included names, birth dates, Social Security numbers, driver’s license numbers, passport numbers, direct deposit information, and health insurance information. Artivion has confirmed that it has implemented additional safeguards to further protect and monitor its systems.
Notification letters started to be mailed to the affected individuals on July 9, 2025, and complimentary credit monitoring and identity theft protection services have been made available. The data breach has been reported to the Maine Attorney General, although the notice only states the number of Maine residents affected (3). The Texas Attorney General has been informed that the information of 5,608 Texas residents was compromised. The total number of affected individuals is not currently known, as the breach is not yet shown on the HHS’ Office for Civil Rights website.
