Southwest Care Center Hit by MEDUSA Ransomware Attack, Exposing Sensitive Patient Data
Southwest Care Center, a New Mexico-based nonprofit healthcare provider serving communities since 1996, disclosed a ransomware attack that compromised sensitive patient data. The incident, detected on June 3, 2025, was claimed by the MEDUSA ransomware group, which threatened to publish 143.9 GB of stolen data on the dark web. The breach was publicly acknowledged on June 27, 2025, when the group posted details on the Tor network.
After discovering the attack, Southwest Care Center engaged forensic specialists to secure its systems and assess the breach. By December 18, 2025, the investigation confirmed that unauthorized access may have exposed personally identifiable information (PII) and protected health information (PHI), including first and last names, personal details, and medical records. Affected individuals were notified via written letters, and a public notice was posted on the organization’s website.
Southwest Care Center operates multiple clinics in Santa Fe and Albuquerque, providing HIV/AIDS care, primary care, behavioral health, and pharmacy services to a diverse patient population. The law firm Shamis & Gentile P.A. is investigating the breach for potential legal action on behalf of impacted individuals.
Source: https://www.claimdepot.com/investigations/southwest-care-center-data-breach-2026
Southwest Care Center (SCC) cybersecurity rating report: https://www.rankiteo.com/company/southwest-care-center
"id": "SOU1772052507",
"linkid": "southwest-care-center",
"type": "Ransomware",
"date": "2/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Santa Fe and Albuquerque, New Mexico, USA',
'name': 'Southwest Care Center',
'type': 'Nonprofit Healthcare Provider'}],
'customer_advisories': 'Written letters to affected individuals, public '
'notice on website',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': ['First and last names',
'Personal details',
'Medical records'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-06-03',
'date_publicly_disclosed': '2025-06-27',
'date_resolved': '2025-12-18',
'description': 'Southwest Care Center, a New Mexico-based nonprofit '
'healthcare provider, disclosed a ransomware attack that '
'compromised sensitive patient data. The incident was claimed '
'by the MEDUSA ransomware group, which threatened to publish '
'143.9 GB of stolen data on the dark web. The breach exposed '
'personally identifiable information (PII) and protected '
'health information (PHI), including first and last names, '
'personal details, and medical records.',
'impact': {'data_compromised': '143.9 GB of stolen data',
'identity_theft_risk': 'High'},
'investigation_status': 'Completed',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'MEDUSA'},
'references': [{'date_accessed': '2025-06-27',
'source': 'Tor network (MEDUSA ransomware group)'},
{'source': 'Southwest Care Center public notice'}],
'regulatory_compliance': {'legal_actions': 'Potential legal action by Shamis '
'& Gentile P.A.',
'regulations_violated': ['HIPAA']},
'response': {'communication_strategy': 'Written letters to affected '
'individuals, public notice on website',
'containment_measures': 'Systems secured',
'incident_response_plan_activated': 'Yes',
'third_party_assistance': 'Forensic specialists'},
'threat_actor': 'MEDUSA ransomware group',
'title': 'Southwest Care Center Hit by MEDUSA Ransomware Attack, Exposing '
'Sensitive Patient Data',
'type': 'Ransomware'}