Ransomware Attack on Alabama Dermatology Clinics Exposes Data of Over 80k Patients

A ransomware attack on a group of regional dermatology clinics in Alabama has compromised the sensitive data of over 86,000 individuals. The breach, discovered in early March 2025, involved unauthorized access to the clinics’ network and resulted in the exposure of a wide range of personal and medical information.  

Affected data includes full names, birth dates, contact details, Social Security numbers, medical diagnoses and treatments, and health insurance information, ThreatsBank reports.

An internal investigation concluded in mid-May confirmed that 86,414 individuals were impacted. In response, the clinics are offering 12 months of free credit monitoring and identity theft recovery services to affected patients.

The ransomware group Qilin has claimed responsibility for the breach, stating it exfiltrated 141 GB of data. While the clinics have not publicly verified this claim, the attack bears hallmarks of Qilin’s typical operations. The group, active since 2022, often uses phishing techniques to gain access and steal data before encrypting systems.

This incident is part of an ongoing trend of ransomware attacks targeting healthcare providers, with more than two dozen confirmed breaches so far in 2025, the healthcare sector continues to face mounting pressure from threat actors exploiting its reliance on digital systems and the critical nature of patient care.

Takeaway: This is ransomware with a darker twist. When healthcare providers are hit, it’s not just about disrupting operations, it’s about stealing deeply personal patient data and using it as leverage. Attackers aren’t just locking up systems anymore; they’re exfiltrating medical records, insurance details, diagnoses, and treatment histories—and threatening to expose them.

Patient health data isn’t like a leaked password or credit card number. It’s intimate. It reveals vulnerabilities, stigmatized conditions, mental health struggles, reproductive care decisions—things most people would do anything to keep private. That’s the new potential threat: not just extorting the healthcare organization but holding individual patients to ransom with the threat of exposure.

The point of ransomware has always been pain, but now that pain is personal, and it's not just institutions facing the pressure. There have already been instances where patients are getting extorted by attackers who demand payment to keep their medical histories private. That kind of psychological pressure is both brutal and effective.

This shift is calculated. Healthcare systems are high-value targets because their data is both sensitive and irreplaceable. And attackers know that breaches here don’t just shake confidence—they can shatter lives.

We shouldn’t be surprised by these tactics anymore. We should be asking why this kind of data is still so easily stolen, and why patients are left to carry the fallout. Ransomware is evolving, and in healthcare the stakes couldn’t be higher.

Halcyon.ai eliminates the business impact of ransomware. Modern enterprises rely on Halcyon to prevent ransomware attacks, eradicating cybercriminals’ ability to encrypt systems, steal data, and extort companies – talk to a Halcyon expert today to find out more, and check out our quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.