Columbia Medical Data Breach Exposes Social Security Numbers

On Nov. 5, 2025, Columbia Medical Practice experienced a data breach that impacted at least 3,000 individuals.

According to the notice of cybersecurity event, a then-unknown cybercriminal accessed a portion of the practice’s computer network and installed ransomware, locking files on their systems.

The attacker, later identified as the Qilin ransomware group, also copied files from the network before the systems were recovered. The breach was severe, as the attacker claimed responsibility and posted about the incident on the dark web on Nov. 24, 2025.

‍

The information exposed in this breach is both extensive and sensitive. It includes personally identifiable information (PII) such as names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, passport numbers and other government identifiers.

In addition, protected health information (PHI) was compromised, including location of health services, dates of service, treatment or condition information, diagnosis and diagnosis codes, prescription details, medical history, assigned physician and health insurance subscriber or identification numbers.

Financial information was also affected, such as patient account numbers and financial account numbers (without security codes, access codes or passwords).

The breach was reported to the U.S. Department of Health and Human Services on Dec. 5, 2025.

The Qilin ransomware group’s involvement, combined with the breadth of information stolen, underscores the seriousness of this incident.

Columbia Medical Practice's response

In the aftermath of the breach, Columbia Medical Practice has been reviewing the compromised files to identify affected individuals and has committed to mailing direct notifications once this review is complete.

To support those potentially impacted, Columbia Medical Practice published a detailed notice of cybersecurity event on their website. The notice provides guidance on how to protect personal information, including instructions for monitoring credit reports, placing fraud alerts or security freezes and contacting the major credit bureaus.

The practice has also set up a toll-free assistance line at 1-833-974-3375, available Monday through Friday from 8 a.m. to 8 p.m. Eastern time, to answer questions and provide further assistance.

Given that the breach resulted from a ransomware attack and involved the theft of sensitive PII and PHI, it is important for affected individuals to remain vigilant. Monitoring financial accounts and credit reports for suspicious activity is strongly recommended.

Individuals should also consider placing a fraud alert or security freeze with the credit bureaus to help prevent identity theft. Additional resources and instructions are available in the official notice and from consumer protection agencies.