Goshen Medical Center, Inc. suffered a ransomware attack in February 2025, discovered on March 4, 2025, when suspicious network activity was detected. The BianLian ransomware gang claimed responsibility, alleging the theft of personal records, financial data, and databases, including names, addresses, dates of birth, Social Security numbers, driver’s license numbers, and medical record numbers. The breach impacted 456,385 individuals, making it the third-largest ransomware attack on a US healthcare provider in 2025.The center initiated an investigation with cybersecurity specialists but has not confirmed whether a ransom was demanded or paid. BianLian posted Goshen Medical Center on its data leak site on March 22, 2025, suggesting exfiltration of sensitive patient data. The attack highlights the growing threat of ransomware in healthcare, where delayed disclosures and large-scale data exposure pose severe risks to patient privacy and organizational stability.Given the scale of compromised personally identifiable information (PII) and medical records, the breach carries high legal, financial, and reputational repercussions, particularly in a sector already under intense regulatory scrutiny (e.g., HIPAA). The incident underscores vulnerabilities in healthcare cybersecurity defenses against sophisticated ransomware operators like BianLian, which has targeted the sector in 37 confirmed attacks, breaching over 3.5 million records since 2021.
TPRM report: https://www.rankiteo.com/company/goshen-medical-center-inc
"id": "gos2632626091825",
"linkid": "goshen-medical-center-inc",
"type": "Ransomware",
"date": "6/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 456385,
'industry': 'healthcare',
'location': 'eastern North Carolina, USA',
'name': 'Goshen Medical Center, Inc.',
'size': '35+ locations, ~53,000 patients served',
'type': 'healthcare provider'}],
'customer_advisories': '456,385 individuals notified',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 456385,
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (PII, PHI, financial data)',
'type_of_data_compromised': ['names',
'addresses',
'dates of birth',
'Social Security numbers',
'driver’s license numbers',
'medical record numbers',
'financial data',
'databases']},
'date_detected': '2025-03-04',
'date_publicly_disclosed': '2025-03-22',
'description': 'Goshen Medical Center, Inc. experienced a ransomware attack '
'in February 2025, with the BianLian gang claiming '
'responsibility in late March. The breach exposed sensitive '
'personal and medical data of 456,385 individuals, including '
'names, addresses, Social Security numbers, driver’s license '
'numbers, and medical record numbers. The incident was '
'detected on March 4, 2025, with unauthorized access traced '
'back to February 15, 2025. BianLian allegedly stole and '
'leaked personal records, financial data, and databases on its '
'data leak site on March 22, 2025.',
'impact': {'brand_reputation_impact': True,
'data_compromised': True,
'identity_theft_risk': True},
'initial_access_broker': {'high_value_targets': ['patient records',
'financial data',
'databases']},
'investigation_status': 'ongoing (as of report date)',
'motivation': ['financial gain', 'data theft'],
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'BianLian'},
'references': [{'source': 'Comparitech'},
{'source': 'Goshen Medical Center Breach Notification'}],
'response': {'communication_strategy': 'public notification to affected '
'individuals',
'incident_response_plan_activated': True,
'third_party_assistance': True},
'threat_actor': 'BianLian',
'title': 'Goshen Medical Center Ransomware Attack and Data Breach (2025)',
'type': ['ransomware', 'data breach']}