Gaylord Healthcare Discloses Data Breach Following Ransomware Attack

On Dec. 19, 2024, Gaylord Specialty Healthcare experienced a cybersecurity incident that disrupted connectivity to its network. The breach was later attributed to a ransomware attack carried out by the SAFEPAY group, which subsequently claimed responsibility on the dark web and alleged to have obtained 160 GB of the organization’s data.

After a thorough forensic investigation and document review, Gaylord Specialty Healthcare determined on Aug. 25, 2025, that unauthorized acquisition of personal data likely occurred between Dec. 16 and Dec. 19, 2024.

According to the disclosure filed with the Maine Attorney General’s office, the incident exposed personally identifiable information (PII) and confirmed that 75 Maine residents were impacted.

The severity of this breach is heightened by the involvement of a ransomware group and the large volume of data allegedly stolen. While Gaylord’s investigation has not found evidence of financial fraud or identity theft at this time, the exposure of names and potentially other sensitive information presents a risk for phishing, identity theft or further exploitation.

The healthcare organization also disclosed the cybersecurity incident to the Massachusetts Attorney General's office on Sept. 24, 2025, reporting 516 Massachusetts residents affected.

Gaylord Specialty Healthcare’s response

In response to the incident, Gaylord Specialty Healthcare immediately launched a comprehensive investigation with the help of external cybersecurity professionals. The organization has worked to secure its systems and continues to evaluate and enhance its internal controls to better protect personal information.

For those affected, Gaylord is offering complimentary Single Bureau Credit Monitoring, Single Bureau Credit Report and Single Bureau Credit Score services through Cyberscout, a TransUnion company specializing in fraud assistance and remediation. The company has also set up a dedicated toll-free response line staffed with professionals familiar with the incident and available to answer questions.

Affected individuals are encouraged to:

• Enroll in the offered credit monitoring services within 90 days of receiving the notification letter
• Obtain and review their free annual credit reports for discrepancies
• Consider placing a fraud alert or security freeze on their credit files with the major credit bureaus
• Remain vigilant for suspicious activity on financial and medical accounts