Mt. Spokane Pediatrics Suffers Major Data Breach, Exposing Sensitive Patient Information
Mt. Spokane Pediatrics, a Spokane-based pediatric healthcare provider serving children from birth to young adulthood, disclosed a significant data breach affecting nearly 30,000 individuals. The incident, first detected on January 1, 2026, involved unauthorized access to the clinic’s systems, with forensic investigations confirming on April 22, 2026, that sensitive files were exfiltrated by a third-party actor.
The ransomware group LOCKBIT 5.0 claimed responsibility for the attack, threatening to publish the stolen data on the dark web. The breach was officially reported to the Washington Attorney General on April 30, 2026, with notifications sent to affected individuals shortly after. The clinic has since offered credit monitoring services to impacted patients.
Exposed data includes:
- Full names
- Dates of birth
- Social Security numbers
- Health insurance details
- Medical treatment and diagnostic records
- Patient and health plan beneficiary numbers
- Dates of service
Mt. Spokane Pediatrics, founded in 2016 and led by owner and nurse practitioner Dr. Jeff Schilt, operates two locations in the Spokane area. Legal firms are now investigating potential compensation claims for those affected by the breach.
Source: https://www.claimdepot.com/investigations/mt-spokane-pediatrics-data-breach-2026
Mt. Spokane Pediatrics cybersecurity rating report: https://www.rankiteo.com/company/mt.-spokane-pediatrics-pllc
"id": "MT.1778106493",
"linkid": "mt.-spokane-pediatrics-pllc",
"type": "Ransomware",
"date": "1/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '29000',
'industry': 'Healthcare',
'location': 'Spokane, Washington',
'name': 'Mt. Spokane Pediatrics',
'type': 'Healthcare Provider'}],
'attack_vector': 'Unauthorized access',
'customer_advisories': 'Credit monitoring services offered to impacted '
'patients',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '29000',
'personally_identifiable_information': ['Full names',
'Dates of birth',
'Social Security '
'numbers',
'Health insurance '
'details',
'Patient and health '
'plan beneficiary '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information',
'Health Information']},
'date_detected': '2026-01-01',
'date_publicly_disclosed': '2026-04-30',
'description': 'Mt. Spokane Pediatrics, a Spokane-based pediatric healthcare '
'provider, disclosed a significant data breach affecting '
'nearly 30,000 individuals. The incident involved unauthorized '
'access to the clinic’s systems, with sensitive files '
'exfiltrated by a third-party actor. The ransomware group '
'LOCKBIT 5.0 claimed responsibility and threatened to publish '
'the stolen data on the dark web.',
'impact': {'brand_reputation_impact': 'Potential reputational damage',
'data_compromised': 'Sensitive patient information',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential compensation claims'},
'initial_access_broker': {'data_sold_on_dark_web': 'Threatened'},
'investigation_status': 'Ongoing',
'motivation': 'Extortion, Data Theft',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'LOCKBIT 5.0'},
'references': [{'source': 'Washington Attorney General'}],
'regulatory_compliance': {'legal_actions': 'Potential compensation claims '
'under investigation',
'regulations_violated': ['HIPAA'],
'regulatory_notifications': 'Reported to Washington '
'Attorney General'},
'response': {'communication_strategy': 'Notifications sent to affected '
'individuals, reported to Washington '
'Attorney General',
'third_party_assistance': 'Forensic investigations'},
'threat_actor': 'LOCKBIT 5.0',
'title': 'Mt. Spokane Pediatrics Data Breach',
'type': 'Data Breach, Ransomware'}