Chickasaw Nation Department of Health: South Florida Injury Centers; Chickasaw Nation Department of Health Report Data Breaches

Chickasaw Nation Department of Health: South Florida Injury Centers; Chickasaw Nation Department of Health Report Data Breaches

South Florida Injury Centers and Chickasaw Nation Department of Health Report Separate Data Breaches

Two healthcare organizations South Florida Injury Centers (SFIC) and the Chickasaw Nation Department of Health (CNDH) have disclosed recent data breaches, each stemming from distinct security incidents.

South Florida Injury Centers: Ransomware Attack by Kairos

SFIC, a medical practice specializing in auto accident injuries with locations in Tamarac and Port Saint Lucie, Florida, reported a hacking-related breach affecting 1,525 patients. The attack, attributed to the financially motivated threat group Kairos, occurred in early April 2026. Kairos, known for data theft and extortion, claimed to have exfiltrated 45 GB of sensitive data, including:

  • Patient names
  • Contact details
  • Driver’s license numbers
  • Social Security numbers
  • Medical histories

On April 7, 2026, SFIC was listed on Kairos’ dark web leak site, with samples of the stolen data published after the ransom demand went unpaid.

Chickasaw Nation Department of Health: Insider Breach

The Chickasaw Nation Department of Health in Oklahoma detected an insider breach on April 22, 2026, involving unauthorized access to patient records by a single employee. The investigation revealed the employee had accessed records between December 1, 2025, and April 22, 2026, potentially exposing data from 1,607 patients, including:

  • Names and ages
  • Dates of service
  • Tribal affiliations
  • Visit reasons
  • Clinical details (lab/radiology orders)

While Social Security numbers were not accessed, the breach highlights risks from internal threats. The organization has not disclosed disciplinary actions taken against the employee.

Both incidents underscore ongoing cybersecurity challenges in healthcare, from external ransomware threats to insider risks.

Source: https://www.hipaajournal.com/south-florida-injury-centers-chackasaw-bation-doh-data-breach/

The Chickasaw Nation cybersecurity rating report: https://www.rankiteo.com/company/chickasaw-nation

"id": "CHI1782751972",
"linkid": "chickasaw-nation",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '1525',
                        'industry': 'medical',
                        'location': 'Tamarac and Port Saint Lucie, Florida, '
                                    'USA',
                        'name': 'South Florida Injury Centers (SFIC)',
                        'type': 'healthcare'},
                       {'customers_affected': '1607',
                        'industry': 'medical',
                        'location': 'Oklahoma, USA',
                        'name': 'Chickasaw Nation Department of Health (CNDH)',
                        'type': 'healthcare'}],
 'attack_vector': ['hacking', 'unauthorized access'],
 'data_breach': {'data_exfiltration': '45 GB of sensitive data',
                 'number_of_records_exposed': ['1525', '1607'],
                 'personally_identifiable_information': ['Patient names',
                                                         'Contact details',
                                                         'Driver’s license '
                                                         'numbers',
                                                         'Social Security '
                                                         'numbers',
                                                         'Tribal affiliations'],
                 'sensitivity_of_data': 'high',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Protected Health Information '
                                              '(PHI)']},
 'date_detected': '2026-04-22',
 'description': 'Two healthcare organizations, South Florida Injury Centers '
                '(SFIC) and the Chickasaw Nation Department of Health (CNDH), '
                'have disclosed recent data breaches stemming from distinct '
                'security incidents. SFIC suffered a ransomware attack by the '
                'threat group Kairos, while CNDH experienced an insider breach '
                'involving unauthorized access to patient records by an '
                'employee.',
 'impact': {'data_compromised': ['Patient names',
                                 'Contact details',
                                 'Driver’s license numbers',
                                 'Social Security numbers',
                                 'Medical histories',
                                 'Dates of service',
                                 'Tribal affiliations',
                                 'Visit reasons',
                                 'Clinical details (lab/radiology orders)'],
            'identity_theft_risk': 'high'},
 'motivation': 'financial',
 'ransomware': {'data_exfiltration': 'true', 'ransom_paid': 'false'},
 'threat_actor': 'Kairos',
 'title': 'South Florida Injury Centers and Chickasaw Nation Department of '
          'Health Data Breaches',
 'type': ['ransomware', 'insider breach']}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.