Columbia Medical Practice Hit by Qilin Ransomware Attack, Exposing Sensitive Data of 3,000 Patients
Columbia Medical Practice, a multi-specialty healthcare provider based in Howard County, Maryland, suffered a ransomware attack on November 5, 2025, orchestrated by the Qilin ransomware group. The attackers infiltrated the organization’s network, encrypted files, and exfiltrated sensitive patient data before publicly claiming responsibility on the dark web on November 24, 2025.
The breach was officially reported to the U.S. Department of Health and Human Services (HHS) on December 5, 2025, affecting approximately 3,000 individuals. Exposed information included personally identifiable data (names, addresses, Social Security numbers, driver’s license and passport details), health records (diagnoses, treatment history, prescription details, and physician assignments), and financial and insurance data (account numbers, insurance IDs, and payment information).
Columbia Medical Practice, which operates under a Patient-Centered Medical Home (PCMH) model, has established a toll-free assistance line (1-833-974-3375) for affected individuals. The law firm Shamis & Gentile P.A. is investigating potential legal claims for those impacted, citing possible compensation for damages such as identity theft or financial losses. The incident underscores the growing threat of ransomware attacks targeting healthcare providers and the exposure of highly sensitive patient data.
Source: https://www.claimdepot.com/investigations/columbia-medical-practice-data-breach-2026
Columbia University Irving Medical Center cybersecurity rating report: https://www.rankiteo.com/company/columbiamed
"id": "COL1769038385",
"linkid": "columbiamed",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '3000',
'industry': 'Healthcare',
'location': 'Howard County, Maryland, USA',
'name': 'Columbia Medical Practice',
'type': 'Healthcare Provider'}],
'customer_advisories': 'Toll-free assistance line (1-833-974-3375) '
'established for affected individuals',
'data_breach': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'number_of_records_exposed': '3000',
'personally_identifiable_information': ['Names',
'Addresses',
'Social Security '
'numbers',
'Driver’s license '
'details',
'Passport details'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally identifiable '
'information',
'Health records',
'Financial and insurance data']},
'date_detected': '2025-11-05',
'date_publicly_disclosed': '2025-11-24',
'description': 'Columbia Medical Practice, a multi-specialty healthcare '
'provider based in Howard County, Maryland, suffered a '
'ransomware attack on November 5, 2025, orchestrated by the '
'Qilin ransomware group. The attackers infiltrated the '
'organization’s network, encrypted files, and exfiltrated '
'sensitive patient data before publicly claiming '
'responsibility on the dark web on November 24, 2025. The '
'breach was officially reported to the U.S. Department of '
'Health and Human Services (HHS) on December 5, 2025, '
'affecting approximately 3,000 individuals.',
'impact': {'data_compromised': 'Personally identifiable data, health records, '
'financial and insurance data',
'identity_theft_risk': 'Yes',
'payment_information_risk': 'Yes'},
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransomware_strain': 'Qilin'},
'references': [{'source': 'Incident report'}],
'regulatory_compliance': {'legal_actions': 'Potential legal claims being '
'investigated by Shamis & Gentile '
'P.A.',
'regulations_violated': ['HIPAA'],
'regulatory_notifications': 'Reported to U.S. '
'Department of Health '
'and Human Services '
'(HHS) on December 5, '
'2025'},
'response': {'communication_strategy': 'Established a toll-free assistance '
'line (1-833-974-3375) for affected '
'individuals'},
'threat_actor': 'Qilin ransomware group',
'title': 'Columbia Medical Practice Hit by Qilin Ransomware Attack, Exposing '
'Sensitive Data of 3,000 Patients',
'type': 'Ransomware'}