Sandhills Medical Hit by Ransomware Attack, Exposing Data of 169,000 Patients
In late 2025, Sandhills Medical, a Federally Qualified Community Health Center based in McBee, South Carolina, suffered a ransomware attack that compromised the personal data of an estimated 169,017 individuals. The breach was first detected on May 8, 2025, though unauthorized access to the organization’s servers occurred between November 27 and 29, 2025.
A subsequent investigation, conducted with cybersecurity experts and forensic analysts, confirmed that an unauthorized third party accessed and exfiltrated sensitive patient information. The exposed data includes names, personal health information, and birth dates, putting affected individuals at heightened risk of identity theft and fraud.
Sandhills Medical began notifying impacted patients in early 2026, prompting legal action from Edelson Lechtzin LLP, a national class action law firm. The firm is now investigating potential claims on behalf of those whose data was compromised, offering free case evaluations to determine eligibility for legal recourse.
Sandhills Medical provides primary healthcare services to communities in South Carolina, operating as a critical resource for underserved populations. The incident underscores the growing threat of ransomware attacks targeting healthcare providers, where sensitive patient data remains a prime target for cybercriminals.
Sandhills Medical cybersecurity rating report: https://www.rankiteo.com/company/sandhills-medical
"id": "SAN1778079098",
"linkid": "sandhills-medical",
"type": "Ransomware",
"date": "5/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '169017',
'industry': 'Healthcare',
'location': 'McBee, South Carolina, USA',
'name': 'Sandhills Medical',
'type': 'Healthcare Provider'}],
'customer_advisories': 'Patient notifications in early 2026',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '169017',
'personally_identifiable_information': 'Names, birth dates',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal health information, '
'names, birth dates'},
'date_detected': '2025-05-08',
'date_publicly_disclosed': '2026-01-01',
'description': 'Sandhills Medical, a Federally Qualified Community Health '
'Center based in McBee, South Carolina, suffered a ransomware '
'attack that compromised the personal data of an estimated '
'169,017 individuals. The breach exposed names, personal '
'health information, and birth dates, putting affected '
'individuals at risk of identity theft and fraud.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': 'Personal health information, names, birth '
'dates',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential class action lawsuit',
'systems_affected': 'Servers'},
'investigation_status': 'Ongoing',
'motivation': 'Data exfiltration and financial gain',
'ransomware': {'data_exfiltration': True},
'references': [{'source': 'Incident disclosure and legal investigation'}],
'regulatory_compliance': {'legal_actions': 'Potential class action lawsuit by '
'Edelson Lechtzin LLP'},
'response': {'communication_strategy': 'Patient notifications in early 2026',
'third_party_assistance': 'Cybersecurity experts and forensic '
'analysts'},
'threat_actor': 'Unauthorized third party',
'title': 'Sandhills Medical Ransomware Attack',
'type': 'Ransomware'}