• Home
  • cyber
  • Marquis Companies Data Breach Exposes SSNs & Medical Info
cyber Ransomware

Marquis Companies Data Breach Exposes SSNs & Medical Info

Dec 15, 2025 2 min read
Marquis Companies Data Breach Exposes SSNs & Medical Info

Marquis Companies Hit by LYNX Ransomware Attack, Exposing Sensitive Health and Personal Data

Marquis Companies, a major provider of hospital and healthcare services, suffered a ransomware attack between August 9 and September 10, 2025, resulting in the theft of personally identifiable information (PII) and protected health information (PHI) belonging to current and former residents. The breach was detected on August 17, 2025, though the Oregon Attorney General’s office was not notified until November 21, 2025.

The attack was attributed to the LYNX ransomware group, which claimed responsibility and later posted about the breach on the dark web on October 21, 2025. The stolen data included names, addresses, dates of birth, Social Security numbers, medical records, and health insurance details, with potential exposure of additional personal records tied to senior care services.

LYNX infiltrated Marquis Companies’ network, exfiltrating sensitive data before encrypting systems—a tactic increasingly used to pressure victims into paying ransoms. The group threatened to release or sell the stolen information if demands were not met. Affected individuals were formally notified by mail on November 21, 2025.

In response, Marquis Companies initiated an internal investigation and enlisted cybersecurity experts to assess the breach’s scope and reinforce system security. The incident highlights the growing threat of ransomware attacks targeting healthcare providers, where the compromise of PHI and PII can have severe consequences for affected individuals.

Source: https://www.claimdepot.com/data-breach/marquis-companies-2025

Marquis Companies cybersecurity rating report: https://www.rankiteo.com/company/marquis-companies

"id": "MAR1765824544",
"linkid": "marquis-companies",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 'Current and former residents',
                        'industry': 'Hospital & Health Care',
                        'name': 'Marquis Companies',
                        'type': 'Healthcare Provider'}],
 'customer_advisories': 'Formal notification to impacted individuals by mail '
                        'on Nov. 21, 2025',
 'data_breach': {'data_encryption': 'Yes (by attackers)',
                 'data_exfiltration': 'Yes',
                 'personally_identifiable_information': ['Names',
                                                         'Addresses',
                                                         'Dates of birth',
                                                         'Social Security '
                                                         'numbers',
                                                         'Medical information',
                                                         'Health insurance '
                                                         'details'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally identifiable '
                                              'information (PII)',
                                              'Protected health information '
                                              '(PHI)']},
 'date_detected': '2025-08-17',
 'date_publicly_disclosed': '2025-11-21',
 'description': 'Marquis Companies, a leading provider in the hospital and '
                'health care industry, experienced a significant data breach '
                'involving personally identifiable information (PII) and '
                'protected health information (PHI) of current and former '
                'residents. The breach was caused by a ransomware attack '
                'carried out by the LYNX group.',
 'impact': {'brand_reputation_impact': 'Likely significant',
            'data_compromised': 'Personally identifiable information (PII) and '
                                'protected health information (PHI)',
            'identity_theft_risk': 'High',
            'legal_liabilities': 'Potential'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Threatened'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain, data extortion',
 'ransomware': {'data_encryption': 'Yes',
                'data_exfiltration': 'Yes',
                'ransomware_strain': 'LYNX'},
 'references': [{'source': 'Oregon Attorney General’s office disclosure'},
                {'source': 'Dark web post by LYNX group'}],
 'regulatory_compliance': {'regulations_violated': ['HIPAA (likely)'],
                           'regulatory_notifications': 'Oregon Attorney '
                                                       'General’s office (Nov. '
                                                       '21, 2025)'},
 'response': {'communication_strategy': 'Formal notification to impacted '
                                        'individuals by mail on Nov. 21, 2025',
              'incident_response_plan_activated': 'Yes',
              'remediation_measures': 'Internal investigation and system '
                                      'security assessment',
              'third_party_assistance': 'Cybersecurity professionals'},
 'threat_actor': 'LYNX ransomware group',
 'title': 'Marquis Companies Data Breach and Ransomware Attack',
 'type': 'Ransomware Attack'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.