-
The Qilin group hit Columbia Medical Practice with a ransomware attack last November and stole sensitive data of at least 3,000 patients.
-
The stolen information includes Social Security numbers, driver’s licenses, medical details, prescriptions, and even financial account numbers.
-
The hackers posted the stolen data on the dark web. Affected individuals should keep watch over their credit and bank accounts in case of fraud attempts.
The Columbia Medical Practice experienced a major data breach due to the actions of the malicious ransomware collective known as Qilin.
In the course of this attack, the hackers acquired large amounts of private and confidential patient information from around 3000 patients, including social security numbers.
Details of the Breach
A group of hackers entered into the medical practice’s network and installed ransomware to encrypt files and disrupt operations on November 5, 2025. But they did more than just lock systems. They also copied files. They stole data before the practice could recover.
It was later discovered that the attack was perpetrated by the hacking group Qilin, who openly claimed responsibility in a post on a dark web forum on November 24. This group has previously targeted major institutions, demonstrating a pattern of sophisticated attacks. In the post, they claimed that they had compromised the database of the health care system, indicating the severity of this incident.
The U.S. Department of Health and Human Services notified the appropriate authorities of this incident on December 5. The data obtained from this incident was not merely limited to names, addresses, birthdays, etc.
It contained a large quantity of highly sensitive information such as Social Security numbers, driver’s license numbers, and passport numbers. All of this information can be exploited for identity theft/fraud.
Details of the Leaked Patient Data
This breach is really serious because the hackers got their hands on the private health info of patients. The fact that patients’ sensitive info, which is supposed to be protected, is now circulating on the dark web is nothing short of a violation of medical privacy.
This includes details about the location of health services. It includes dates of treatment and specific condition information. Personal diagnosis codes and prescription details are now in criminal hands.
The stolen files also contain medical history notes. They show who your assigned physician was. Even health insurance subscriber numbers were taken.
Financial information was not safe either. The hackers got patient account numbers. They also accessed financial account numbers from the practice’s systems.
Fortunately, security codes and passwords for those accounts were not stored there. But combined with the other data, the risk is very high.
The Response and What You Should Do
Columbia Medical Practice is reviewing the compromised files. They are working to identify every affected individual. The practice promises to mail direct notifications when this is complete.
They have published a detailed notice on their website. On the website, they have highlighted measures people can take to protect themselves. They also provided a toll-free line: 1-833-974-3375 for those who’d need assistance — it’s open from Monday to Friday 8 a.m. – 8 p.m Eastern Time.
If you were a patient, you must remain vigilant. Monitor your financial accounts closely. Watch out for weird or shady stuff that doesn’t seem right, or that you don’t know.
Also, check your credit report often, and think about putting a fraud alert on file with the big three credit reporting agencies. Consider using a security freeze, which is an even more powerful weapon to stop anyone from opening new credit accounts illegally in your name.
This breach shows how valuable medical data is to criminals and how groups like Qilin operate with impunity, targeting everything from local medical practices to major government bodies. Protecting yourself now is absolutely crucial.
