Family Christian Health Center: 12,500 Affected by Data Breach

On April 30, 2025, Family Christian Health Center, a Federally Qualified Health Center based in Harvey, Illinois, reported a significant data breach to the U.S. Department of Health and Human Services. According to the official disclosure, the breach affected approximately 12,500 individuals in the United States. The incident was the result of a ransomware attack carried out by a group known as RansomHub, who claimed responsibility and posted about the breach on the Tor network.

The attackers stated they had gained access to 118 GB of the organization’s data and threatened to publish it within 7-8 days if their demands were not met. The breach involved both personally identifiable information (PII) and protected health information (PHI). While specific data types have not yet been publicly detailed, incidents of this nature typically expose names, addresses, dates of birth, Social Security numbers, medical records, and potentially insurance information.

This event is particularly severe given the nature of ransomware attacks, where malicious actors encrypt or steal sensitive data and demand payment for its return or non-disclosure. The fact that the attackers threatened to release such a large volume of data increases the risk of identity theft, fraud, and potential misuse of health information for those affected. You can review the official breach notification on the U.S. Department of Health and Human Services breach portal.

Family Christian Health Center's response

In response to the breach, Family Christian Health Center has notified federal authorities and initiated an internal investigation to determine the full scope of the incident. Affected individuals should remain vigilant for any signs of identity theft or fraud. It is strongly recommended that those impacted:

• Monitor their credit reports and financial accounts for suspicious activity.
• Be cautious of unsolicited communications that request personal or financial information.
• Consider placing a fraud alert or security freeze on their credit files.
• Review any official notice provided by Family Christian Health Center for additional steps and resources.

Given the ransomware nature of the attack, it is important for affected individuals to take these precautions seriously, as the risk of data exposure and misuse is heightened. For more information or updates, you can visit the Family Christian Health Center website.