Sandhills Medical Foundation patient info accessed in cyber attack


A cyber attack targeting a vendor used by a Sumter-based medical center affected patients' personal information, officials say.

The vendor provided cloud-based storage for practice management and reporting systems at Sandhills Medical Foundation Inc. The medical provider notified patients of the vendor's ransomware attack on Friday.

Daniel Roberts said in a statement Friday the vendor informed Sandhills on Jan. 8 of the attack. According to the vendor's investigation, the attackers used compromised credentials to access their system on Sept. 23, 2020. The attackers accessed Sandhills' systems on Nov. 15, 2020, and took Sandhills' data before the ransomware attack was launched on Dec. 3, 2020.

The vendor reported the attack to law enforcement and hired a cybersecurity firm to investigate and respond. The vendor paid the attackers to return the data and received assurances that copies of the data were deleted/destroyed. Since the attack, the vendor has implemented additional security measures.

Sandhills determined that patient medical records, lab results and medications, as well as credit card and bank account numbers, were not affected. The affected information included patient names, dates of birth, mailing and email addresses, driver's licenses and Social Security numbers, as well as claims information, which could be used to determine diagnoses/conditions.

Sandhills notified federal and state agencies and the national credit reporting agencies about the breach. In addition, Sandhills is offering one year of free credit monitoring and identity theft protection to all affected patients.

For questions about how to enroll in the free credit monitoring and identity theft protection services, affected patients should call 1-888-236-0854. To speak directly with Sandhills' compliance officer about this incident, patients should call 1-800-688-5525.