Rocky Mountain Care Hit by Qilin Ransomware Attack, Exposing Sensitive Data
Rocky Mountain Care, a Utah-based healthcare provider offering hospice, home care, skilled nursing, and rehabilitation services, suffered a cybersecurity breach between January 30 and February 2, 2026. The ransomware group Qilin claimed responsibility, alleging unauthorized access to the organization’s network and threatening to publish stolen data on the dark web. The breach was publicly disclosed on February 23, 2026, via the Tor network.
Rocky Mountain Care, which operates multiple facilities across Utah and employs over 1,000 staff, confirmed the incident but has not yet determined the full scope of exposed data. While the company is investigating whether Protected Health Information (PHI) was compromised, affected individuals have not yet been notified. The firm stated it will directly contact impacted parties once its review is complete.
Legal firm Shamis & Gentile P.A. is investigating potential compensation claims for those affected, citing possible exposure of personally identifiable information (PII). The incident underscores ongoing risks to healthcare organizations from ransomware attacks targeting sensitive data.
Source: https://www.claimdepot.com/investigations/rocky-mountain-care-data-breach-2026
Rocky Mountain Care cybersecurity rating report: https://www.rankiteo.com/company/rocky-mountain-care
"id": "ROC1774758444",
"linkid": "rocky-mountain-care",
"type": "Ransomware",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Utah, USA',
'name': 'Rocky Mountain Care',
'size': '1000+ employees',
'type': 'Healthcare Provider'}],
'attack_vector': 'Unauthorized access',
'customer_advisories': 'Affected individuals to be notified once review is '
'complete',
'data_breach': {'data_exfiltration': 'Threatened to publish stolen data on '
'the dark web',
'personally_identifiable_information': 'Potential exposure',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Protected Health Information '
'(PHI)',
'Personally Identifiable '
'Information (PII)']},
'date_detected': '2026-01-30',
'date_publicly_disclosed': '2026-02-23',
'description': 'Rocky Mountain Care, a Utah-based healthcare provider '
'offering hospice, home care, skilled nursing, and '
'rehabilitation services, suffered a cybersecurity breach '
'between January 30 and February 2, 2026. The ransomware group '
'Qilin claimed responsibility, alleging unauthorized access to '
'the organization’s network and threatening to publish stolen '
'data on the dark web. The breach was publicly disclosed on '
'February 23, 2026, via the Tor network. The company confirmed '
'the incident but has not yet determined the full scope of '
'exposed data, including whether Protected Health Information '
'(PHI) was compromised.',
'impact': {'brand_reputation_impact': 'Potential reputational damage',
'data_compromised': 'Potential Protected Health Information (PHI) '
'and Personally Identifiable Information (PII)',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential legal actions and fines'},
'investigation_status': 'Ongoing',
'motivation': 'Data exfiltration and extortion',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Qilin'},
'references': [{'date_accessed': '2026-02-23',
'source': 'Tor network disclosure by Qilin'}],
'regulatory_compliance': {'legal_actions': 'Investigation by Shamis & Gentile '
'P.A. for potential compensation '
'claims',
'regulations_violated': ['Potential HIPAA '
'violations']},
'response': {'communication_strategy': 'Public disclosure via Tor network and '
'company statement'},
'threat_actor': 'Qilin',
'title': 'Rocky Mountain Care Hit by Qilin Ransomware Attack, Exposing '
'Sensitive Data',
'type': 'Ransomware'}