Sandhills Medical Ransomware Breach Affects 170,000 Patients

Sandhills Medical disclosed a ransomware breach affecting approximately 170,000 individuals after being targeted by the Inc Ransom group. The disclosure came nearly one year after the initial attack — a timeline that leaves affected patients exposed to fraud and targeted phishing without warning for an extended period.

Inc Ransom has been active across healthcare and critical infrastructure, operating under a ransomware-as-a-service model. Affected individuals should monitor for phishing attempts and identity fraud leveraging their health data. Healthcare organizations should review incident response and breach notification plans to ensure HIPAA notification timelines are met — the one-year gap between attack and disclosure is a compliance red flag.