News
Sandhills Medical Foundation, data breach: what happened and what's at risk
BlogBreachesResourcesNews
Sandhills Medical Foundation, data breach: what happened and what's at risk

Sandhills Medical Foundation, data breach: what happened and what's at risk

UpGuard Team
UpGuard Team
April 29, 2026

Key facts: Sandhills Medical Foundation, data breach

  • Date discovered: May 8, 2025
  • Date reported: April 28, 2026
  • Target entity: Sandhills Medical Foundation,
  • Source of breach: Ransomware attack by an unknown, unauthorized third-party
  • Data types: Social Security numbers, driver licenses, dates of birth, government issued IDs, passports, personal health information
  • Status: Confirmed; reported on April 28, 2026.
  • Severity: High; exposure of highly sensitive identifiers and personal health information increases the risk of identity theft and medical fraud.

What happened in the Sandhills Medical Foundation, data breach?

Sandhills Medical Foundation, (sandhillsmedical.org) was the target of a high-severity ransomware attack that was publicly reported on April 28, 2026. The incident involved an unauthorized third party gaining access to the organization's server environment. While the breach was disclosed in 2026, the foundation first identified the intrusion and discovery of the ransomware on May 8, 2025.

The security incident compromised the personal and medical information of 169,017 individuals. According to the reported data, the exposed information includes highly sensitive records such as Social Security numbers, driver’s licenses, dates of birth, government-issued IDs, passports, and personal health information (PHI). Sandhills Medical Foundation, has indicated that it is currently enhancing its security protocols and providing credit monitoring services to those affected. Such incidents typically lead to heightened risks of identity theft, medical fraud, and targeted phishing campaigns.

Who is behind the incident?

The attacker has not been identified.

Impact and risks for Sandhills Medical Foundation, customers

The breach poses significant risks to the 169,017 individuals whose data was exposed during the server intrusion. With Social Security numbers, passport details, and government IDs compromised, there is a high likelihood of identity theft and sophisticated financial fraud. Furthermore, the exposure of personal health information (PHI) can lead to medical identity theft, where attackers may attempt to obtain medical services, prescriptions, or insurance benefits under a victim's name, potentially corrupting medical records.

Typical outcomes of such breaches include unauthorized account access and persistent social engineering attempts. Affected individuals should immediately enroll in the offered credit monitoring services and place a fraud alert on their credit files. Remaining vigilant against suspicious communications and monitoring all financial accounts is critical. Transparency from the provider in these cases helps victims take timely protective actions to mitigate long-term damage.

How to protect against similar security incidents

Following the ransomware attack at Sandhills Medical Foundation, involving sensitive identifiers and health records, affected individuals and organizations should take immediate steps to secure their data.

  • Enroll in identity theft protection and credit monitoring. Utilize the credit monitoring services offered by Sandhills Medical Foundation, to track unauthorized activity. Place a security freeze or fraud alert on your credit reports with major bureaus like Equifax, Experian, and TransUnion to prevent new accounts from being opened.
  • Secure sensitive personal accounts. Update passwords for all online accounts, especially those sharing information with medical or financial portals. Implement phishing-resistant multi-factor authentication (MFA) to prevent unauthorized access even if login credentials have been compromised.
  • Monitor medical and financial statements. Regularly review Explanation of Benefits (EOB) statements for any medical services or procedures you did not receive. Closely monitor bank and credit card statements for any unrecognized transactions or changes to personal account details.
  • Implement continuous security monitoring. Organizations should deploy attack surface management tools to identify and secure vulnerable entry points that could be exploited by ransomware. Maintain offline, encrypted backups of critical data and test restoration procedures to mitigate the operational impact of future incidents.

Taking proactive measures is essential to minimize the long-term impact of sensitive data exposure and protect against identity theft.

Frequently asked questions

What happened in the Sandhills Medical Foundation, security breach?

On April 28, 2026, Sandhills Medical Foundation, (sandhillsmedical.org) disclosed a security breach. According to initial reports, a ransomware attack by an unauthorized third party compromised the server, potentially exposing the personal and health information of 169,017 individuals.

When did the Sandhills Medical Foundation, breach occur?

The Sandhills Medical Foundation, breach was publicly reported on April 28, 2026. The organization discovered the ransomware attack on May 8, 2025, though the exact date the unauthorized access began has not been disclosed.

What data was exposed?

The types of data involved in the Sandhills Medical Foundation, incident include Social Security numbers, driver’s licenses, dates of birth, government-issued IDs, passports, and personal health information.

Is my personal information at risk?

If you interacted with Sandhills Medical Foundation,, there's a possibility your personal information could be affected. Similar incidents often involve email addresses, login details, or financial records. Stay alert for updates and take precautionary measures to secure your accounts.

What steps should companies take after being breached?

Sandhills Medical Foundation, is working to secure its systems, notify affected parties, and provide guidance on protective actions. They have also reported enhancing security protocols and are offering credit monitoring services to impacted individuals.

This cybersecurity news article is powered by UpGuard Breach Risk — continuous attack surface monitoring for your organisation and supply chain.

How secure is ?

  • Check icon
    View our free preliminary report on ’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
View 's score
View score
Security ratings
Deliver icon

Sign up for our newsletter

UpGuard's monthly newsletter cuts through the noise and brings you what matters most: our breaking research, in-depth analysis of emerging threats, and actionable strategic insights.

Latest news

Stay up-to-date with the latest news in cybersecurity.
Elementary Data data breach: supply chain attack compromises PyPI package

Elementary Data data breach: supply chain attack compromises PyPI package

A data breach involving Elementary Data was reported in April 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
April 28, 2026
UK Biobank data breach exposes health data of 500,000 volunteers

UK Biobank data breach exposes health data of 500,000 volunteers

A data breach involving UK Biobank was reported in April 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
April 28, 2026
ShinyHunters claims Asian Football Confederation data breach affecting 150,000 players

ShinyHunters claims Asian Football Confederation data breach affecting 150,000 players

A data breach involving Asian Football Confederation was reported in April 2026. See incident details, impact, and recommended security measures.
UpGuard Team
UpGuard Team
April 29, 2026
Amtrak data breach exposes over 2 million customer records

Amtrak data breach exposes over 2 million customer records

A data breach involving Amtrak was reported in April 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
April 29, 2026
Johnson data breach exposes names and Social Security numbers

Johnson data breach exposes names and Social Security numbers

A data breach involving Johnson was reported in April 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
April 29, 2026
Adamscountypa.gov data breach: ransomware attack disrupts county services

Adamscountypa.gov data breach: ransomware attack disrupts county services

A data breach involving adamscountypa.gov was reported in April 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
April 29, 2026
View all news
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Contact sales
Free demo
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Free score
Website Security scan resultsWebsite Security scan rating