Sandhills Medical Foundation Ransomware Attack Affects 169,000 Patients
Sandhills Medical Foundation in South Carolina and Laurel Eye Clinic in Pennsylvania have experienced security incidents that exposed patient data. The ransomware attack on Sandhills Medical Foundation affected more than 169,000 individuals.
Sandhills Medical Foundation, South Carolina
Sandhills Medical Foundation, Inc., a federally qualified community health center (FQHC) that provides primary care, behavioral health, and immunization services to residents of Chesterfield, Kershaw, Lancaster, and Sumter Counties in South Carolina, has notified 169,017 individuals that some of their personal and health information was stolen by a ransomware group that compromised its network in May 2025.
The ransomware attack was detected on May 8, 2025, when files were encrypted. Digital forensics experts were engaged to investigate the incident, who determined that the ransomware group had access to its network from May 2, 2025, to May 8, 2025. During that time, files were exfiltrated from its network. The exposed and stolen files have been reviewed and were found to contain names, dates of birth, and personal health information. Sandhills Medical Foundation has enhanced its network protocols and security partners to strengthen cybersecurity and protect against similar incidents in the future. Notification letters were mailed to the affected individuals on or around April 28, 2026, and they have been offered credit monitoring and proactive fraud assistance services for 12 months.
The INC Ransom ransomware group claimed responsibility for the attack and added Sandhills Medical Foundation to its dark web data leak site on May 30, 2025. The ransomware group proceeded to leak all of the stolen data on June 15, 2026, indicating the ransom was not paid.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Laurel Eye Clinic, Pennsylvania
Patients of Brookville, Pennsylvania, headquartered Laurel Eye Clinic, Laurel Laser & Surgery Center, and LaBrasca Plastic Surgery, are being notified about a data security incident that was identified more than a year ago on January 25, 2025. Laurel Eye Clinic engaged a third-party cybersecurity firm to investigate the incident, and on March 6, 2025, the investigation confirmed that files were obtained by the threat actor.
The files were reviewed, and that process was completed on October 30, 2025; however, it took a further five and a half months to verify the identities and obtain contact information for the 145,221 affected individuals. The finalized list of individuals to notify was obtained on April 15, 2026, and notification letters have now been sent. Laurel Eye Clinic said that at the time of issuing the notification letters, no actual or attempted misuse of patient data had been identified.
Data obtained by the threat actor included names, dates of birth, driver’s license numbers, usernames and passwords, medical information, and health insurance information. Complementary credit monitoring and identity theft protection services have been offered to the affected individuals, and Laurel Eye Clinic has confirmed that it has implemented additional security measures to prevent similar incidents from occurring in the future.
