Cedar Valley Services Hit by Qilin Ransomware Attack, Exposing Sensitive Data
On February 13, 2026, Cedar Valley Services a Southern Minnesota-based nonprofit reported a ransomware attack to the U.S. Department of Health and Human Services (HHS). The breach, attributed to the Qilin ransomware group, was first disclosed by the threat actors on December 21, 2025, via the Tor network, where they claimed to have exfiltrated data from the organization.
While Cedar Valley Services has not publicly specified the types of compromised data, nonprofits in its sector typically handle sensitive information, including personally identifiable information (PII) such as names, addresses, and Social Security numbers, as well as protected health information (PHI). The incident was listed on the HHS breach portal, confirming its ransomware origin and the number of affected individuals.
Following the discovery, Cedar Valley Services notified federal authorities and launched an investigation. Though the organization has not detailed its containment efforts, standard responses in such cases include system isolation, collaboration with cybersecurity experts, and notifications to impacted parties. The breach underscores the risks of ransomware targeting healthcare-adjacent organizations, where the exposure of PII and PHI can lead to identity theft and medical fraud.
Source: https://www.claimdepot.com/data-breach/cedar-valley-services-2026
Cedar Valley Services cybersecurity rating report: https://www.rankiteo.com/company/cedar-valley-services
"id": "CED1773247866",
"linkid": "cedar-valley-services",
"type": "Ransomware",
"date": "2/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare-adjacent',
'location': 'Southern Minnesota, USA',
'name': 'Cedar Valley Services',
'type': 'Nonprofit'}],
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Names, addresses, '
'Social Security '
'numbers (assumed)',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally identifiable '
'information (PII)',
'Protected health information '
'(PHI)']},
'date_detected': '2026-02-13',
'date_publicly_disclosed': '2025-12-21',
'description': 'On February 13, 2026, Cedar Valley Services, a Southern '
'Minnesota-based nonprofit, reported a ransomware attack to '
'the U.S. Department of Health and Human Services (HHS). The '
'breach, attributed to the Qilin ransomware group, was first '
'disclosed by the threat actors on December 21, 2025, via the '
'Tor network, where they claimed to have exfiltrated data from '
'the organization. The incident underscores the risks of '
'ransomware targeting healthcare-adjacent organizations, where '
'the exposure of PII and PHI can lead to identity theft and '
'medical fraud.',
'impact': {'data_compromised': 'Personally identifiable information (PII), '
'Protected health information (PHI)',
'identity_theft_risk': 'High'},
'investigation_status': 'Ongoing',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Qilin'},
'references': [{'source': 'HHS Breach Portal'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to U.S. '
'Department of Health '
'and Human Services '
'(HHS)'},
'response': {'containment_measures': 'System isolation (assumed)',
'law_enforcement_notified': 'Federal authorities'},
'threat_actor': 'Qilin ransomware group',
'title': 'Cedar Valley Services Hit by Qilin Ransomware Attack, Exposing '
'Sensitive Data',
'type': 'Ransomware'}