A major data breach at a Georgia healthcare provider has exposed the sensitive personal and medical information of over 620,000 individuals. Although the company first alerted patients last fall, a recent federal filing has confirmed the full scale of the cyberattack carried out by a known ransomware group.

A prominent Georgia-based medical group recently disclosed to federal regulators that a significant cyberattack impacted more than 600,000 individuals. The company, which provides physician services to over 100 hospitals and operates numerous practices across 18 states, filed the final victim count with the U.S. Department of Health and Human Services. This update follows initial notifications sent to customers several months prior regarding the security incident.

The breach occurred over a two-day window in May during which unauthorized actors gained access to the company's internal information technology systems. Following a forensic investigation, the healthcare provider determined that the hackers were able to move through their environment and interact with sensitive data repositories. The company manages millions of patient visits annually, making its digital infrastructure a high-value target for such intrusions.

During the period of unauthorized access, the hackers successfully retrieved a wide range of personal and clinical data belonging to patients treated by affiliated physicians. The stolen information included full names, dates of birth, and home addresses, along with specific medical details such as diagnoses, treatment records, and dates of service. Perhaps most concerning for those affected was the exposure of health insurance information and Social Security numbers.

The Qilin ransomware gang claimed responsibility for the attack during the summer of 2025. This specific cybercriminal organization has a documented history of targeting the healthcare sector, having caused significant operational outages at medical facilities in both the United Kingdom and the United States over the past few years. Their tactics often involve stealing data and threatening its release to extort payments from victimized organizations.

Security researchers have noted that this group is particularly prolific, often leaking the private data of dozens of victimized companies every month. The incident highlights the ongoing vulnerability of the healthcare industry to sophisticated ransomware operations that prioritize the theft of highly sensitive patient records. As the company concludes its reporting to federal authorities, the focus remains on the long-term privacy risks facing the hundreds of thousands of individuals involved.

Source: Georgia Healthcare Company Data Breach Impacts More Than 620,000 People