Law Firm Launches Class Action Probe After Sandhills Medical Breach Exposes 169k Patients' Data

Context Sandhills Medical, a Federally Qualified Community Health Center in McBee, South Carolina, first detected a ransomware incident on May 8, 2025. Forensic analysis revealed that an unauthorized third party gained direct access to the hospital’s server and exfiltrated patient records. The organization confirmed the breach between November 27 and 29, 2025.

Key Facts The compromised data included patients’ names, personal health information, and birth dates. Approximately 169,017 people were affected, according to the provider’s notice. No financial details or Social Security numbers were reported as exposed in the disclosed information.

What It Means For patients, the leak raises the risk of identity theft and medical fraud, prompting recommendations to monitor credit reports and consider fraud alerts. For healthcare organizations, the incident underscores the need to harden servers against ransomware, enforce multi‑factor authentication, and segment networks to limit lateral movement. Defenders should apply patches for known ransomware vectors (e.g., CVE‑2023‑XXXX), monitor for MITRE ATT&CK techniques T1078 (Valid Accounts) and T1041 (Exfiltration Over Command‑and‑Control Channel), and maintain offline, encrypted backups.

Watch for updates on any legal filings, potential settlement offers, and further guidance from HHS on breach reporting timelines for FQHCs.