Waterford Surgical Center Data Breach Exposes PHI and PII

Waterford Surgical Center, a physician-owned ambulatory surgery in Michigan, suffered a major data breach.

On Sept. 1, 2025, the SAFEPAY ransomware group claimed responsibility for a cyberattack targeting the surgery center's network. The cybercriminals posted on the dark web that they had successfully hacked internal systems and obtained sensitive organizational data.

Exposed information may include names, addresses, phone numbers and email addresses, dates of birth, driver's license or state ID copies, Social Security numbers, health insurance information, medical records and payment information.

The breach has affected approximately 9,000 current and former patients and employees, according to the U.S. Department of Health and Human Services disclosure.

Waterford Surgical Center's response

It is typical for affected organizations to work with cybersecurity experts and law enforcement to assess the extent of the breach and secure their systems. The surgery center will issue required state and federal disclosures, along with notifying impacted individuals by mail.

If you believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from Waterford Surgical Center.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

Further details about the surgery center can be found on the Waterford Surgical Center website.