On Oct. 24, 2025, Physicians to Children & Adolescents, a long-standing pediatric healthcare provider in Bardstown, Kentucky, reported a significant data breach. The data security incident may have exposed personally identifiable information (PII) and protected health information (PHI) of at least 9,536 current and former patients across the U.S.
According to reports, the breach was the result of a ransomware attack orchestrated by a group known as Cactus. The attackers claimed responsibility for the incident on the dark web, stating they had accessed and exfiltrated approximately 902 GB of sensitive data from the organization. The exposed information may include names, dates of birth, addresses, phone numbers, medical information and health insurance information.
The potential exposure of PII and PHI put individuals at risk of identity theft and medical fraud. The data breach was disclosed to the U.S. Department of Health and Human Services on Oct. 24, 2025.
Physicians to Children & Adolescents' response
In response to the ransomware attack, Physicians to Children & Adolescents took steps to notify affected individuals and comply with federal reporting requirements. While specific details about their internal response and any offered resources have not been publicly detailed, organizations in the healthcare sector typically review and enhance their cybersecurity measures following such incidents. They may also work with cybersecurity experts to investigate the breach and
Source: https://www.claimdepot.com/data-breach/pediatric-associates-2025
Mid City Pediatrics cybersecurity rating report: https://www.rankiteo.com/company/mid-city-pediatrics
"id": "MID1765232944",
"linkid": "mid-city-pediatrics",
"type": "Ransomware",
"date": "10/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '9,536',
'industry': 'Healthcare',
'location': 'Bardstown, Kentucky, USA',
'name': 'Physicians to Children & '
'Adolescents',
'size': None,
'type': 'Healthcare Provider'}],
'data_breach': {'data_encryption': None,
'data_exfiltration': '902 GB of sensitive data',
'file_types_exposed': None,
'number_of_records_exposed': '9,536',
'personally_identifiable_information': ['Names',
'Dates '
'of '
'birth',
'Addresses',
'Phone '
'numbers',
'Medical '
'information',
'Health '
'insurance '
'information'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally '
'Identifiable '
'Information (PII)',
'Protected Health '
'Information '
'(PHI)']},
'date_publicly_disclosed': '2025-10-24',
'description': 'Physicians to Children & Adolescents, a '
'pediatric healthcare provider in Bardstown, '
'Kentucky, reported a significant data breach '
'resulting from a ransomware attack by the Cactus '
'group. The incident exposed personally '
'identifiable information (PII) and protected '
'health information (PHI) of at least 9,536 '
'current and former patients.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'PII and PHI of 9,536 individuals',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': 'Claimed by '
'threat actor',
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': 'Yes',
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': 'Cactus'},
'references': [{'date_accessed': None,
'source': 'Cyber Incident Report',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': ['U.S. '
'Department '
'of '
'Health '
'and '
'Human '
'Services']},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Notified affected '
'individuals and complied '
'with federal reporting '
'requirements',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': 'Cactus',
'title': 'Physicians to Children & Adolescents Data Breach via '
'Cactus Ransomware',
'type': 'Ransomware'}