Goshen Medical Center hit by ransomware attack, 456,385 patients' data exposed

Goshen Medical Center, a non-profit healthcare provider with 38 locations across eastern North Carolina, is reporting an incident that compromised the personal and protected health information of 456,385 current and former patients. 

The ransomware gang BianLian claimed responsibility for the attack, listing the medical center on its data leak site.

On February 15, 2025, cybercriminals successfully infiltrated Goshen Medical Center's network and gained unauthorized access to files containing sensitive patient information. The healthcare provider did not detect the suspicious activity until March 4, 2025, nearly three weeks after the initial breach occurred. 

On September 12, 2025, Goshen Medical Center confirmed that personal health information was exposed in the breach. Exposed data includes:

• Names
• Addresses
• Dates of birth
• Social Security numbers
• Driver's license numbers
• Medical record numbers

The organization began notifying affected individuals on September 17, 2025, more than seven months after the initial breach occurred.

The healthcare provider is offering up to 24 months of complimentary credit monitoring and identity protection services to all affected individuals. These services include credit monitoring, identity restoration services, dark web monitoring, and change of address monitoring.

Multiple law firms have announced investigations into potential class action lawsuits against Goshen Medical Center, seeking compensation for affected individuals whose sensitive personal and protected health information was compromised.