Gaylord Healthcare Discloses Data Breach Following Ransomware Attack

On Dec. 19, 2024, Gaylord Specialty Healthcare experienced a cybersecurity incident that disrupted connectivity to its network. The breach was later attributed to a ransomware attack carried out by the SAFEPAY group, which subsequently claimed responsibility on the dark web and alleged to have obtained 160 GB of the organization’s data.

After a thorough forensic investigation and document review, Gaylord Specialty Healthcare determined on Aug. 25, 2025, that unauthorized acquisition of sensitive personal data likely occurred between Dec. 16 and Dec. 19, 2024.

The cyberattack compromised both personally identifiable information (PII) and protected health information (PHI). Exposed information may include names, addresses, dates of birth, Social Security numbers, driver's license numbers, health insurance information, medical records and payment information.

Gaylord began notifying affected individuals by mail on Sept. 24, 2025. The total number of impacted individuals has not been released, but is believed to include thousands of current and former patients.

According to the disclosure filed with the Maine Attorney General’s office, the incident impacted 75 Maine residents. The healthcare organization also disclosed the cybersecurity incident to the Massachusetts Attorney General's office on Sept. 24, 2025, reporting 516 Massachusetts residents affected. The New Hampshire Attorney General was notified on Sept. 29, 2025.

The severity of this breach is heightened by the involvement of a ransomware group and the large volume of data allegedly stolen. The exposure of names with Social Security numbers, and potentially other sensitive information presents a risk for phishing, identity theft or further exploitation.

Gaylord Specialty Healthcare’s response

In response to the incident, Gaylord Specialty Healthcare immediately launched a comprehensive investigation with the help of external cybersecurity professionals. The organization has worked to secure its systems and continues to evaluate and enhance its internal controls to better protect personal information.

For those affected, Gaylord is offering complimentary Single Bureau Credit Monitoring, Single Bureau Credit Report and Single Bureau Credit Score services through Cyberscout, a TransUnion company specializing in fraud assistance and remediation. The company has also set up a dedicated toll-free response line staffed with professionals familiar with the incident and available to answer questions.

Affected individuals are encouraged to:

• Enroll in the offered credit monitoring services within 90 days of receiving the notification letter
• Obtain and review their free annual credit reports for discrepancies
• Consider placing a fraud alert or security freeze on their credit files with the major credit bureaus
• Remain vigilant for suspicious activity on financial and medical accounts