Sandhills Medical Foundation Class Action Launched — 169K-Patient INC Ransom Breach First Major FQHC Ransomware Litigation of 2026
South Carolina FQHC Sandhills Medical Foundation (serving Chesterfield, Kershaw, Lancaster, Sumter Counties, SC — primary care, BH, immunizations) faces class action investigation announced May 3, 2026. INC Ransom ransomware group exfiltrated 169,017 patient records May 2-8, 2025; notification letters mailed April 28, 2026.
Data included SSN, ITIN, DL#, passport#, financial info, PHI. CA FQHCs should note this is the largest FQHC ransomware breach reported in 2026 and sets a class-action precedent for safety-net providers — OCR investigation expected to follow given 169K exceeds the 500-patient OCR Breach Portal threshold.
Pairs with Community Health Action Staten Island GENESIS ransomware (60K HIV testing records, Feb 13) and Good Samaritan Health Center Atlanta (10K, Feb 9) — three safety-net clinic ransomware breaches in Q1 2026 establish a clear pattern.
Strategic implication for CA FQHC CISOs/Privacy Officers:
- Cyber insurance limits and ransomware riders need re-audit against 2026 settlement floors
- Class action precedent in SC will inform NY/CA plaintiffs' bar appetite
- HHS OCR's new Health Information Privacy/Data & Cybersecurity Division (May 18) targets exactly this scenario.
Key takeaways
- 169K-patient breach (May 2-8, 2025) — notification April 28, class action May 3
- Largest FQHC ransomware breach of 2026 — sets class-action precedent for safety-net
- 3 safety-net clinic ransomware events Q1 2026 (Sandhills + Staten Island + Good Samaritan)
- Re-audit cyber insurance limits against 2026 settlement floors
Primary source
HIPAA Journal / ClassActionLawyers.comFQHC Talent. (2026, May 3). Sandhills Medical Foundation Class Action Launched — 169K-Patient INC Ransom Breach First Major FQHC Ransomware Litigation of 2026. Primary source: HIPAA Journal / ClassActionLawyers.com. Retrieved July 6, 2026, from https://www.fqhctalent.com/intel/sandhills-medical-foundation-169k-breach-class-action-may-3-2026
More in Risk & Compliance
Jul 5
Section 1557 Language Access Annual Notice Year 1 Anniversary — July 5, 2026 Compliance Window
Jul 3
DOJ Stands Up National Fraud Enforcement Division — Healthcare Billing Now Has a Dedicated Litigating Division
Jun 25
DOJ’s 2026 National Health Care Fraud Takedown charges 455 defendants in $6.5B of alleged fraud — community mental health among named targets
Jun 9
FTCA CY2027 redeeming applications due June 26 — miss it and your FQHC has a malpractice-coverage gap