Spindletop Center Ransomware Attack Exposes Data of 88,863 Individuals

Spindletop Center, a community health organization in Beaumont, Texas, reported a data breach on November 28, 2025. The organization detected the breach after a cyberattack rendered its systems and servers inoperable on September 29, 2025.

The attackers gained access to Spindletop's network and were undetected for six days before deploying ransomware. Rhysida claimed responsibility for the incident, and reportedly demanded a ransom of 15 Bitcoin, valued at approximately $1.65 million at the time. They threatened to publish the stolen records if the demand was not met.

The hackers claim that compromised data includes:

• Full names
• Social Security numbers
• Driver’s license or government identification numbers
• Medical diagnosis information
• Internal case numbers

The breach affected 88,863 individuals according to official filings. The Rhysida group claims to have stolen records belonging to 100,000 people. The center has issued a public notice and set up a dedicated inquiry line but it's not clear if they offer complimentary credit monitoring or identity theft protection services to those affected.