Ransomware Group: INCRANSOM

VICTIM NAME: Sandhills Medical Foundation

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Sandhills Medical Foundation, a healthcare provider serving communities across several counties in the United States. The organization offers comprehensive primary care, mental health services, and supportive patient-centered care, including healthcare navigation programs for Medicaid and the Affordable Care Act. This healthcare foundation has been operational since 1977 and aims to deliver accessible, quality, and cost-effective services tailored to community needs. The leak was discovered shortly after the attack, which occurred on June 3, 2025, indicating a recent security breach potentially affecting sensitive health information and operational data.

The page includes a screenshot of internal documents, suggesting attackers gained access to confidential information related to the organization’s operations. The leaked data may include patient information, internal communications, or operational details, though exact contents are not specified. There is evidence that the attackers may have uploaded or linked to data exports or copies of internal systems, with download links possibly available for malicious actors or interested parties. No specific PII such as individual patient details have been publicly disclosed in the summary, but the leak highlights a significant security incident affecting a community healthcare provider.