Pulse Urgent Care Center Hit by Medusa Ransomware Attack in March 2025
Pulse Urgent Care Center in Redding, California, disclosed a March 2025 data breach affecting an undisclosed number of patients. The incident exposed sensitive personal and medical information, including names, Social Security numbers, driver’s license numbers, health insurance details, and medical records.
The ransomware gang Medusa claimed responsibility for the attack, posting alleged stolen documents as proof and demanding a $120,000 ransom. Pulse has not confirmed Medusa’s involvement or whether a ransom was paid. The clinic first detected suspicious network activity on March 24, 2025, and later confirmed potential data access on May 1, 2025.
As part of its response, Pulse is offering 12 months of free credit monitoring and identity theft protection via TransUnion to eligible victims, with enrollment open until 90 days from the notice date (December 26, 2025).
About Medusa
Active since September 2019, Medusa operates a ransomware-as-a-service (RaaS) model, encrypting systems and exfiltrating data to extort victims. In 2025 alone, the group claimed 153 attacks, with 31 confirmed, compromising over 1.6 million records. Its average ransom demand is $563,000, and it has targeted 11 healthcare providers this year, including a January 2025 attack on SimonMed Imaging that exposed 1.3 million records.
Broader Impact on U.S. Healthcare
Ransomware attacks on healthcare providers remain a critical threat. In 2025, researchers recorded 92 confirmed attacks on U.S. hospitals and clinics, compromising 8.8 million records. Recent incidents include breaches at Richmond Behavioral Health Authority (113,232 records, September 2025), Covenant Health (478,188 records, May 2025), and Brevard Skin and Cancer Center (55,500 records, September 2025). Such attacks disrupt operations, force manual record-keeping, and risk patient safety by delaying care.
Pulse Urgent Care Center, part of Docs Medical Group, operates two locations in Redding and Red Bluff, California, serving patients since 2010.
Pulse Healthcare cybersecurity rating report: https://www.rankiteo.com/company/wearepulsehealthcare
"id": "WEA1767647271",
"linkid": "wearepulsehealthcare",
"type": "Ransomware",
"date": "3/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Redding and Red Bluff, California, USA',
'name': 'Pulse Urgent Care Center (Docs Medical Group)',
'type': 'Healthcare Provider'}],
'customer_advisories': '12 months of free credit monitoring and identity '
'theft protection via TransUnion offered to eligible '
'victims',
'data_breach': {'data_encryption': 'Likely (ransomware attack)',
'data_exfiltration': 'Yes (claimed by Medusa)',
'personally_identifiable_information': 'Names, Social '
'Security numbers, '
'driver’s license '
'numbers',
'sensitivity_of_data': 'High (PII, PHI, SSNs, driver’s '
'license numbers, health insurance '
'info)',
'type_of_data_compromised': 'Personal and medical '
'information'},
'date_detected': '2025-03-24',
'date_publicly_disclosed': '2025-12-26',
'description': 'Pulse Urgent Care Center in Redding, California, experienced '
'a ransomware attack in March 2025, leading to a data breach '
'compromising sensitive patient information. The ransomware '
'gang Medusa claimed responsibility and demanded $120,000 in '
'ransom. The breach was contained, but patient data, including '
'names, Social Security numbers, driver’s license numbers, '
'medical information, and health insurance details, may have '
'been accessed.',
'impact': {'brand_reputation_impact': 'Likely negative impact due to data '
'breach and ransomware attack',
'data_compromised': 'Names, Social Security numbers, driver’s '
'license numbers, medical information, health '
'insurance information',
'identity_theft_risk': 'High',
'operational_impact': 'Potential disruption to healthcare '
'services, diversion of patients, use of pen '
'and paper for operations'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain',
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransom_demanded': '$120,000',
'ransomware_strain': 'Medusa'},
'references': [{'source': 'California Attorney General'},
{'source': 'Comparitech'}],
'regulatory_compliance': {'regulatory_notifications': 'Notified California '
'Attorney General'},
'response': {'communication_strategy': 'Notification to victims via letter, '
'disclosure to California Attorney '
'General',
'containment_measures': 'Prompt containment of suspicious '
'activity within the network',
'incident_response_plan_activated': 'Yes'},
'threat_actor': 'Medusa',
'title': 'Pulse Urgent Care Center Ransomware Attack and Data Breach',
'type': 'Ransomware'}