North Carolina clinics notify 23K people of data breach; SSNs, financial and medical info leaked

Compassion Health Care in North Carolina this week confirmed it notified 23,282 people of a March 2025 data breach that compromised the following patient info:

• Names
• Social Security numbers
• Driver’s license numbers
• Health insurance info
• Claims info
• Clinical/diagnostic info
• Addresses
• Phone numbers
• Dates of birth

And the following employee info:

• Names
• Social Security numbers
• Financial account info
• Bank and routing numbers
• Income info
• Addresses
• Dates of birth

On March 18, one day after the breach, Compassion Health Care announced its services would be operating remotely. Face-to-face visits resumed on April 2, 2025.

Ransomware gang SafePay took credit for the breach and said it stole 107 GB of data.

Compassion Health Care has not verified SafePay’s claim. We do not know if Compassion paid a ransom, how much SafePay demanded, or how attackers breached Compassion’s network. Comparitech contacted Compassion Health Care for comment and will update this article if it replies.

“On March 21, 2025, CHC learned that an unauthorized third-party potentially viewed and/or downloaded data stored on certain of CHC’s systems containing patient and employee/vendor data,” says Compassion’s notice (PDF) to victims.

Compassion says it is offering eligible victims free credit monitoring and identity theft restoration through HaystackID.

Who is SafePay?

SafePay is a relatively new ransomware gang that first started adding targeted organizations to its data leak site in November 2024. It employs a double extortion scheme in which SafePay both steals and encrypts data.

SafePay has claimed responsibility for 26 confirmed ransomware attacks in total, plus 181 unconfirmed claims that haven’t been acknowledged by the targeted organizations. It claimed more confirmed attacks than any other ransomware group in May 2025.

SafePay previously took credit for a January 2025 at North Carolina healthcare company Marlboro-Chesterfield Pathology, which notified 235,911 people of the data breach.

Eight of SafePay’s other attacks this year also hit healthcare organizations.

Ransomware attacks on US healthcare

Comparitech researchers logged 26 confirmed ransomware attacks on US hospitals, clinics, and other direct care providers in 2025 to date, compromising 1.8 million records.

Other such attacks include:

• Eliza Jennings Senior Care Network (OH) notified 845 people of a February 2025 data breach claimed by RansomHub
• Magnolia Manor (MD) notified 960 people of a February 2025 data breach claimed by Fog
• Bradford Health Services (VA) reported a December 2023 data breach claimed by Hunters International
• Next Step Healthcare (MA) notified 12,090 people of a June 2024 data breach claimed by Qilin

Ransomware attacks on US hospitals, clinics, and other care providers can cripple critical systems and endanger the health, privacy, and security of patients. Hospitals must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk of fraud. Hospitals and clinics might have to resort to pen and paper, cancel appointments, and divert patients elsewhere until systems are restored.

About Compassion Health Care

Compassion Health Care offers primary care, urgent care, psychiatry, and behavioral health services in Caswell and Rockingham County, North Carolina. It operates two health centers in Yanceyville and Eden, North Carolina.