Ransomware cyber

Waterford Surgical Center

Sep 4, 2025 2 min read
Waterford Surgical Center

Waterford Surgical Center, a Michigan-based ambulatory surgery facility specializing in orthopedic, plastic, general, and neurological procedures, fell victim to a ransomware attack by the SAFEPAY group in September 2025. The breach, disclosed on the dark web, involved the theft and potential exposure of sensitive personally identifiable information (PII) of patients and employees. Compromised data includes names, contact details, Social Security numbers, driver’s license copies, health insurance records, medical histories, and payment information.The incident poses severe risks, including identity theft, financial fraud, and unauthorized access to medical records, with affected individuals advised to monitor accounts, enroll in credit protection, and seek legal recourse. The attack’s scope suggests systemic data exfiltration, likely disrupting operations and eroding trust in the center’s cybersecurity measures. Legal firms are investigating claims for compensation, highlighting the breach’s far-reaching consequences for victims.

Source: https://www.claimdepot.com/investigations/waterford-surgical-center-data-breach-2025

TPRM report: https://www.rankiteo.com/company/waterford-surgical-center

"id": "wat2061420090425",
"linkid": "waterford-surgical-center",
"type": "Ransomware",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'healthcare',
                        'location': 'Waterford, Michigan, USA',
                        'name': 'Waterford Surgical Center',
                        'type': 'ambulatory surgery center'}],
 'customer_advisories': ['Review and save notification letters.',
                         'Enroll in credit monitoring services if offered.',
                         'Monitor accounts for unauthorized activity.',
                         'Consider placing a fraud alert or credit freeze.',
                         'Seek legal help for compensation eligibility.'],
 'data_breach': {'data_encryption': True,
                 'data_exfiltration': True,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'high (includes PII, medical records, '
                                        'and financial data)',
                 'type_of_data_compromised': ['name',
                                              'contact information',
                                              'date of birth',
                                              'Social Security number',
                                              "driver's license or state ID "
                                              'copy',
                                              'health insurance information '
                                              '(including insurance card copy)',
                                              'medical records',
                                              'payment information']},
 'date_publicly_disclosed': '2025-09-01',
 'description': 'Waterford Surgical Center, a physician-owned ambulatory '
                'surgery center in Waterford, Michigan, was targeted by a '
                'ransomware attack by the group SAFEPAY. The attack resulted '
                'in the potential exposure of sensitive personally '
                'identifiable information (PII) and medical records of '
                'patients and employees. The incident was publicly disclosed '
                'on the dark web on September 1, 2025.',
 'impact': {'brand_reputation_impact': 'high (potential loss of trust due to '
                                       'exposure of sensitive medical and PII '
                                       'data)',
            'data_compromised': True,
            'identity_theft_risk': "high (exposure of SSN, driver's license, "
                                   'and other PII)',
            'legal_liabilities': 'potential (lawsuits and compensation claims '
                                 'for affected individuals)',
            'payment_information_risk': True},
 'initial_access_broker': {'data_sold_on_dark_web': True},
 'investigation_status': 'under investigation (law firm Shamis & Gentile P.A. '
                         'is investigating claims)',
 'motivation': ['financial gain', 'data theft'],
 'ransomware': {'data_encryption': True, 'data_exfiltration': True},
 'recommendations': ['Enroll in free credit monitoring services if offered.',
                     'Monitor financial statements for suspicious activity.',
                     'Place a fraud alert on credit reports.',
                     'Request free annual credit reports from major bureaus.',
                     'Seek legal assistance to understand rights and pursue '
                     'compensation.'],
 'references': [{'source': 'Shamis & Gentile P.A. (class action law firm '
                           'investigation)'}],
 'regulatory_compliance': {'legal_actions': 'potential (class action lawsuits '
                                            'and compensation claims)'},
 'response': {'communication_strategy': 'notification letters to affected '
                                        'individuals, offer of free credit '
                                        'monitoring services'},
 'threat_actor': 'SAFEPAY',
 'title': 'Waterford Surgical Center Ransomware Attack and Data Breach',
 'type': ['ransomware', 'data breach']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.