-
The MEDUSA ransomware group claimed the attack on the Southwest C.A.R.E Center in June last year and is threatening to publish 143.9 GB of stolen data on the dark web.
-
The breach compromised lots of personal information, among that are patient full names along with protected health information (PHI).
-
Southwest Care Center is offering 12 months of free credit monitoring and identity theft protection to all victims of the incident.
Southwest C.A.R.E. Center (SCC), a big nonprofit healthcare group in New Mexico, recently broke bad news to its patients, past and present. Apparently, cybercriminals broke into the organization’s system and carted away with nearly 144 GB of patients’ personal information.
The incident dragged on for over six months before officials confirmed what information the actors stole. SCC first spotted the cybersecurity incident on June 3 2025. The organization quickly brought in some forensic specialists to secure their systems and figure out what happened.
MEDUSA Ransomware Group Takes Credit for the SCC Data Breach
Things got out of hand when the MEDUSA ransomware group came out and claimed responsibility for the attack. Later, the group posted on the dark web, saying they took 143.9 GB of data from the organization and then threatened to publish everything within 12 days.
It took investigators until December 18 to confirm what kind of information the unauthorized third party may have taken. That’s more than six months of uncertainty for patients wondering if their private medical information was floating around criminal forums.
The breach potentially exposed very sensitive information of patients—first and last names, personal details, and PHI. SCC said not every individual had all of these elements exposed. The specific types of information affected vary from person to person.
In their official notice, the organization said they didn’t find any evidence of misuse of patient information. However, just having your health info in the hands of cybercriminals is scary enough to keep one on their toes.
How Southwest Care Center is Responding
The healthcare organization sent written notification letters to those the breach may have affected. They arranged for complimentary credit monitoring services and identity theft protection that’ll last twelve months at no cost to victims.
This mirrors the response of other breached companies, including Integra Credit, which offered similar protections to the 134,000 customers whose phone numbers and personal data were exposed in their own security incident.
Also, SCC said they’ve reviewed and enhanced their security to make sure such a thing never occurs again. They encouraged every individual to sign up for the monitoring services and follow what they recommended in the notification letters.
Got any questions? SCC opened a phone line: 1-833-303-5159 for those who need guidance. It’s open Monday to Friday 8 AM – 8 PM Eastern Time, but not on holidays.
Next Step for Patients?
For SCC patients, there’s now a chance this ransomware group got their hands on your info. So if you get suspicious calls, sketchy texts, or emails that just feel off, don’t reply until you double-check who’s the sender. Better to be safe than sorry, seriously. Monitor your credit reports closely. Take advantage of the free identity protection services SCC is offering.
The organization apologized for the incident in their notice. They noted that they value the security of the personal data in their care and understand what the people affected might be going through.
Southwest Care Center says it remains committed to providing high-quality care to its community. For now, that means helping patients navigate the aftermath of having their sensitive health information potentially exposed on the dark web.
