INC Ransom group leaks Sandhills Medical Foundation patient data
The INC Ransom ransomware group leaked stolen data belonging to Sandhills Medical Foundation patients on June 15, 2026. The breach, which originated from a ransomware attack discovered in May 2025, affected approximately 169,000 individuals, exposing sensitive personal and health information.
Sandhillsmedical
- Domain
- sandhillsmedical.org
- Sector
- Health Care and Social Assistance
- Signals
- 1 linked
Signal context
First seen: Jun 15, 2026
Last updated: Jun 25, 2026
Status: Public signal
Key points
- INC Ransom group leaked stolen data on June 15, 2026.
- Ransomware attack discovered on May 8, 2025.
- Affected approximately 169,000 patients.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Health Care and Social Assistance
Likely country: Location not provided
Watch ransomware, endpoint compromise and business interruption exposure.
- Source type: outside the affected organization
Impact area: Confidentiality, Availability
Likely asset: User or customer data
- 12 signals in the same sector
- 100 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
Sandhills Medical Reports Data Security Incidenthttps://www.sandhillsmedical.org/news/sandhills-medical-reports-data-security-incidentPublic source from sandhillsmedical.org.
Sandhills Medical Says Ransomware Breach Affects 170,000 - SecurityWeekhttps://www.securityweek.com/sandhills-medical-says-ransomware-breach-affects-170000/Public source from securityweek.com.
Related signals
Grouped by why the signal is relevant.
Tampa Bay Dental Implants & Prosthetics discloses ransomware attack and data exposure
Tampa Bay Dental discovered unauthorized access to its network on January 19, 2026, when ransomware was used to encrypt files on a legacy server containing a backup of electronic medical records. Patient data, including names, contact information, birth dates, treatment notes, clinical histories, and for some, Social Security numbers, was exposed.
Ultrahuman Data Breach Exposes Customer Wellness Data
Wearable health-tech startup Ultrahuman confirmed a data breach where hackers accessed customer wellness data through credentials stolen from an employee's malware-infected laptop. Approximately 0.1% of its user base was affected.
World Trade Center Health Program data compromised via Managed Care Advisors/Sedgwick Government Solutions vendor breach
The World Trade Center (WTC) Health Program reported a data security incident affecting 1,071 individuals. Highly sensitive data was compromised at a vendor, Managed Care Advisors/Sedgwick Government Solutions, where hackers accessed a server and exfiltrated data before encrypting files. The TridentLocker ransomware group claimed responsibility.
NAIC discloses data breach affecting PeopleSoft systems
The National Association of Insurance Commissioners (NAIC) discovered unauthorized access to its PeopleSoft systems on or about June 11, 2026. The incident was identified as a ransomware attack, with the ShinyHunters threat actor group claiming responsibility and alleging the theft of 3.1 terabytes of data, including regulatory filings, statistical reports, insurer financial statements, and rating agency files. The NAIC promptly activated incident response procedures, engaged cybersecurity experts, and is coordinating with law enforcement.
Kodak Hit by Ransomware Attack, ShinyHunters Claims 2.2 Million Records Stolen
Kodak was listed among major cyberattacks on June 1, 2026, with reports indicating the company became a victim of a ransomware attack carried out by the ShinyHunters group. While Kodak officially confirmed the breach later in June, stating an unauthorized third party gained temporary access to a limited amount of company data, ShinyHunters claimed to have stolen over 2.2 million records containing customer personally identifiable information (PII) and internal corporate data.
Council of Europe Suffers Data Breach, ShinyHunters Claims Exfiltration of HR and Payroll Data
The Council of Europe was reported to be a victim of a ransomware attack around June 1, 2026, with the ShinyHunters group claiming responsibility. The attackers allegedly exfiltrated 297 GB of data, including 429,000 files, comprising payslips, HR records, CVs, and financial information. Public reporting indicates a June 2026 intrusion, followed by phased disclosure and system hardening.