Rockhill Women's Care Data Breach Exposes Social Security Numbers

On Feb. 26, 2025, Rockhill Women's Care, a full-service OB/GYN medical practice in the Kansas City area, discovered a serious network security incident affecting its IT systems. The breach was quickly identified and, according to the company’s public disclosure, third-party cybersecurity experts were brought in immediately to assess, contain and remediate the situation. Law enforcement was also notified.

The attack has been attributed to the Qilin ransomware group, which claimed responsibility on its dark web portal on March 4, 2025. The group alleged it had obtained 20 GB of sensitive data and threatened to make all of it available for download on March 11, 2025. Screenshots of the stolen data were posted as proof.

After a thorough investigation, which included engaging a data mining vendor to identify affected individuals, Rockhill Women's Care concluded on Aug. 13, 2025, that the compromised data set included both personally identifiable information (PII) and protected health information (PHI).

The exposed information includes names, addresses, dates of birth, Social Security numbers, medical treatment information and health insurance information. While the exact number of affected individuals has not been disclosed, the range of data types involved indicates a high severity, as both identity and medical privacy risks are present.

Rockhill Women's Care's response

Rockhill Women's Care responded promptly by engaging cybersecurity professionals to contain the breach and working with law enforcement. The company also initiated a comprehensive review of the impacted data and brought on a data mining vendor to ensure all affected individuals could be notified.

To support those impacted, Rockhill Women's Care has established a dedicated call center at 1-833-855-4208, available Monday through Friday, 8 a.m. to 8 p.m. EST. They have also provided a detailed public notice outlining the incident and offering practical steps for individuals to protect themselves from medical identity theft and related fraud.

Given the nature of the breach, affected individuals should:

• Monitor explanation of benefits statements from health insurance providers for unfamiliar activity
• Contact their insurance company for a year-to-date report of all services paid out and verify any unrecognized items
• Be cautious about sharing health insurance cards and personal information
• Consider placing a fraud alert or credit freeze with major credit bureaus if Social Security numbers were involved

The company has stated it is implementing additional security measures to help prevent similar incidents in the future.