Almeida Law Group is investigating a data breach at Sandhills Medical Foundation, Inc. UPDATED. The breach occurred on May 2, 2025 and was discovered on May 8, 2025. If you were affected, contact Almeida Law Group.
About Sandhills Medical Foundation, Inc. UPDATED
Sandhills Medical Foundation, Inc. (d/b/a Sandhills Medical) is a Federally Qualified Community Health Center (FQHC) founded in 1977 and headquartered in McBee, South Carolina. It is a not-for-profit organization that provides primary care, behavioral health, pharmacy, laboratory, and other health services across nine locations in Chesterfield, Kershaw, Lancaster, and Sumter Counties. Because the organization provides healthcare services and stores patient records, the types of personal and health information involved in a breach can be especially sensitive.
What Happened?
Sandhills Medical Foundation, Inc. UPDATED was listed in a Maine Attorney General filing reporting an external system breach caused by hacking. According to the breach notice and supporting reporting, the INC Ransom ransomware group attacked Sandhills’ systems, with unauthorized access occurring from May 2 to May 8, 2025, when files were encrypted. The forensic investigation determined that an unauthorized third party accessed Sandhills’ servers and obtained personal information for approximately 169,017 individuals. Compromised information varied by individual and may have included Social Security numbers, driver’s license numbers, dates of birth, government-issued identification numbers, passport numbers, financial information, and personal health information. Sandhills sent an initial written notification to affected consumers on April 28, 2026, with an updated mailing on June 2, 2026 — nearly one year after discovering the breach. Multiple sources flagged this delay as potentially exceeding HIPAA’s 60-day notification requirement and various state breach notification deadlines.
This is Sandhills Medical’s second known data breach. A prior breach discovered in late 2020 involved a hack of a third-party vendor’s system and affected approximately 39,602 patients, exposing names, dates of birth, addresses, driver’s licenses, Social Security numbers, and claims information. That incident led to a class action lawsuit, Joann Ford v. Sandhills Medical Foundation, Inc. (D.S.C. No. 4:21-cv-02307-RBH), which the Fourth Circuit revived in March 2024 after a lower court dismissed it on federal immunity grounds. The Supreme Court declined certiorari in early 2025. Regarding the May 2025 breach, INC Ransom listed Sandhills on its dark web leak site around May 30–June 3, 2025, and reportedly released the stolen data on June 15, 2026, suggesting the ransom was not paid. Multiple law firms have launched class action investigations into this breach, and at least one lawsuit — Sondra Bristow Twitt v. Sandhills Medical Foundation, Inc. — has been filed, alleging that inadequate security practices led to the ransomware attack.
Key Facts at a Glance
- Company or Organization: Sandhills Medical Foundation, Inc. (d/b/a Sandhills Medical)
- Industry: Healthcare — Federally Qualified Community Health Center (FQHC)
- Location: McBee, South Carolina
- Incident type: External system breach (hacking) / ransomware attack
- Date of breach: May 2, 2025
- Date breach discovered: May 8, 2025
- Date of consumer notification: April 28, 2026; updated mailing June 2, 2026
- Total persons affected: 169,017
- Identity theft protection offered: Yes — 12 months of credit monitoring and fraud assistance through Cyberscout, a TransUnion company
- Enrollment deadline: 90 days from the date of the notice letter (June 2, 2026)
- Prior breach: Yes — breach discovered in late 2020 via third-party vendor hack; affected approximately 39,602 patients; led to Ford v. Sandhills Medical Foundation, Inc. class action litigation
- Litigation status: At least one class action filed (Twitt v. Sandhills Medical Foundation, Inc.); additional class action investigations announced by multiple law firms as of May 2026
- Source: Maine Attorney General Filing; SecurityWeek; HIPAA Journal; HIPAA Journal — Prior Breach
What Should You Do?
If you received a notice from Sandhills Medical, consider enrolling in the free 12-month credit monitoring and fraud assistance services offered through Cyberscout by visiting bfs.cyberscout.com/activate within 90 days of the date on your notice letter. Whether or not you enroll, you should place a fraud alert or credit freeze with the three major credit bureaus — Equifax, Experian, and TransUnion — to help prevent unauthorized accounts from being opened in your name. Review your credit reports for any suspicious activity; you can request a free report from each bureau once per year at AnnualCreditReport.com or by calling 1-877-322-8228. Because personal health information may have been involved, also review any Explanation of Benefits statements you receive from your health insurer and check your medical records for services you do not recognize. If you suspect identity theft, report it at IdentityTheft.gov, which provides a personalized recovery plan.
Your Legal Rights
If your personal or health information was involved in this breach, you may have legal rights depending on the facts of the incident and the law in your state. Almeida Law Group represents consumers in data breach and privacy litigation and can help you evaluate whether you may have a claim. Contact us at (708) 529-5418 or through our contact page for a free case evaluation.
