Goshen Medical Breach Affects 456,385 Patients: SSNs Exposed

Fayetteville- based Goshen Medical Center experienced a major cyberattack impacting 456,385 current and former patients. On March 4, 2025, the medical center discovered suspicious activity within its network. An investigation was launched and it was determined that files containing sensitive information were accessed or acquired on Feb. 15, 2025.

The ransomware group BianLian claimed responsibility for the attack, posting details on the Tor network. They alleged to have obtained financial records, human resources information, patient data, data on partners, vendors, and providers, as well as internal and external email correspondence and database exports.

The data breach exposed both personally identifiable information (PII) and protected health information (PHI). Compromised information included names, addresses, dates of birth, Social Security numbers, driver's license numbers and medical record numbers.

The cybersecurity incident was disclosed to the Maine, Texas, Massachusetts, South Carolina, Vermont, Montana and New Hampshire Attorney Generals' offices between Sept. 17, 2025 and Sept. 25, 2025.

Goshen Medical Center's response

After discovering the breach, Goshen Medical Center took immediate steps to contain the incident and engaged cybersecurity experts to assist in the response. The organization has implemented additional security measures to reduce the risk of similar incidents in the future. They have also begun notifying affected individuals in writing, with consumer notifications sent on Sept. 17, 2025.

To help protect those impacted, Goshen Medical Center is offering up to 24 months of complimentary credit monitoring and identity protection services through Epiq Privacy Solutions ID Standard. This includes credit monitoring through Equifax, identity restoration services, dark web monitoring, and change of address monitoring. Affected individuals are encouraged to enroll in these services by visiting the provided website and using their unique activation code.

Given the nature of the breach, it is important for those affected to remain vigilant. Individuals should review account statements and credit reports for suspicious activity, consider placing fraud alerts or security freezes on their credit files, and report any suspected identity theft to law enforcement or the Federal Trade Commission. The company’s notice to consumers, which will be available in PDF format at the bottom of this page, provides further details and resources.