SANDHILLS Medical Foundation in South Carolina notified the Maine Attorney General’s Office on 28 April 2026 that 169,017 people were affected by a data breach, with only eight being Maine residents. According to their notification to those affected, on 8 May 2025 they discovered they had been the victim of a ransomware attack that began on 2 May 2025.
Their letter does not reveal that the attack was by INC Ransom, and INC Ransom’s listing, posted by 3 June 2025, shows no encryption; according to INC Ransom’s listing, there was no lock icon indicating an encryption incident. The data tranche reportedly included personal information for select patients, and INC Ransom claimed responsibility for the attack and subsequently leaked the data on or after 15 June 2025.
Sandhills’ letter states that a forensic review determined an unauthorized third party accessed the server and obtained personal information, prompting an extensive data mining process to determine impacted individuals. As of 29 April 2026, the listing remains online and the data tranche remains available.