Free Case Reviews | No Fee Unless We Recover For You

Facebook-f Youtube
Free Case Review
Call Now (206) 442-9106
Emery Reddy logo

We help workers.®

Sandhills Medical Data Breach

April 30, 2026

NOTICE: If you received a NOTICE OF DATA BREACH letter from Sandhills Medical, contact Emery | Reddy, PC at 916.995.5968 for a Free Case Review.

On or about May 8, 2025, Sandhills Medical Foundation, Inc., doing business as Sandhills Medical (“Sandhills”), discovered that it was the victim of a ransomware attack impacting its computer systems. According to the Notice of Data Event, Sandhills immediately regained control of its secured network and launched an investigation with the assistance of cybersecurity experts, law enforcement, and an independent forensic firm.

The forensic investigation later determined that an unauthorized third party accessed Sandhills’ server directly and obtained personal information belonging to select patients. Due to the complexity and scope of the systems involved, Sandhills undertook an extensive data mining and review process to determine which individuals were impacted by the incident.

As a result of this review, Sandhills identified affected individuals and began issuing written notification letters on or about April 28, 2026.

Following the incident, Sandhills reported that it enhanced its network protocols and security partnerships to strengthen its overall security posture and help prevent similar incidents in the future.

Sandhills Medical Foundation, Inc. (SMF) is a non-profit, Federally Qualified Health Center (FQHC) serving South Carolina’s Chesterfield, Kershaw, Lancaster, and Sumter counties since 1977. It provides comprehensive primary, pediatric, behavioral, and chiropractic care, plus on-site pharmacy, featuring a sliding fee scale for all patients.

At the time of notification, Sandhills stated that it had no evidence that affected personal information had been misused. However, the investigation confirmed that unauthorized access occurred and that personal and/or health-related information may have been involved.

Individuals whose data may have been impacted began receiving notification letters in April 2026. If you received a Notice of Data Event from Sandhills Medical, it confirms that your personal information may have been included in the affected files.

As part of its response, Sandhills is offering impacted individuals complimentary credit monitoring services for twelve (12) months and proactive fraud assistance services through Cyberscout, a TransUnion company, provided enrollment is completed within the stated timeframe.

What information is involved in the Sandhills Medical Data Breach?

Compromised information may include:

First Name

Last Name

Social Security Number

Driver’s License Number

Date of Birth

Government-Issued Identification

Passport Information

Personal Health Information (PHI)

The specific data elements involved vary by individual and are detailed in each notification letter sent by Sandhills.

Personally Identifiable Information (PII) includes sensitive data that can be used to identify an individual, such as a name combined with Social Security numbers or government-issued identifiers. When PII is exposed in a data breach, it can be misused for identity theft, financial fraud, or tax fraud.

Much of the information involved in this incident may also qualify as Protected Health Information (PHI). PHI is protected under federal and state healthcare privacy laws and may be unlawfully used for medical identity theft, fraudulent insurance claims, or unauthorized medical services when compromised.

If your information was involved in this incident, it is important to remain vigilant. Impacted individuals are encouraged to monitor financial accounts, review credit reports, and carefully examine medical bills and insurance statements for unfamiliar or suspicious activity. Sandhills also recommends enrolling in the offered credit monitoring services and considering additional protective steps such as placing fraud alerts or credit freezes.

Patients and consumers may have legal rights when healthcare organizations fail to adequately safeguard sensitive personal and medical information. These rights vary by state and may depend on the type of information exposed and the specific circumstances of the breach.

If you received a Notice of Data Event / Notice of Data Breach related to Sandhills Medical Foundation, Inc., your personal and potentially health-related information may be at risk.

Contact the Data Breach Attorneys at Emery | Reddy today for a Free Case Review.

Join the Data Breach Lawsuit

Learn more about your rights to
potential compensation.

Name(Required)
This field is hidden when viewing the form
Upload your files here:
Drop files here or
Max. file size: 256 MB.
    Max. file size: 256 MB.
    Consent

    Prefer to speak with someone now?

    Call us at ⁨(206) 973-5298 for a Free Case Review.

    NOTICE: If you received a NOTICE OF DATA BREACH letter from Sandhills Medical, contact Emery | Reddy, PC at 916.995.5968 for a Free Case Review.

    We Are
    Taking a Break!

    We will be closed:

    December 22 – 26

    We will reopen:

    December 29

    Please leave us a voicemail or submit your contact form and an experienced Intake Specialist will return your call when we reopen. Happy holidays!