22.09.2025
2 min
480
The US has recorded one of the largest attacks on the healthcare sector in 2025: cybercriminals from the BianLian group gained access to the personal data of more than 456 thousand patients of the Goshen Medical Center network. The public medical center Goshen Medical Center, which has more than 35 branches in eastern North Carolina and serves about 53 thousand patients, reported a large-scale data leak.
The attack began on February 15, 2025, but suspicious activity was not detected until March 4. The investigation confirmed that unknown individuals gained unauthorized access to files with sensitive information.
The stolen data included:
patient names and addresses;
dates of birth;
social security numbers (SSN);
driver’s licenses;
medical records and internal identifiers.
In late March, the BianLian group published a statement on its own darknet website, claiming to be behind the attack and possessing stolen databases and financial information. The medical center itself did not confirm the leak or disclose whether it had received ransom demands. The BianLian group emerged in late 2021 and has already been confirmed as the perpetrator of 91 cyberattacks with more than 6.1 million stolen records. About 37 attacks were specifically aimed at the healthcare sector, making it the group’s primary target.
The Goshen Medical Center incident was the third-largest attack on American healthcare in 2025, behind only DaVita Inc. (2.7 million victims) and Frederick Health (934,000 people). This week alone, three major breaches were confirmed: in addition to Goshen Medical Center, Medical Associates of Brevard (over 246,000 people) and New York Blood Center (194,000 people) were affected.
Despite the decrease in the number of recorded attacks compared to 2024 (61 versus 174), experts emphasize: real statistics always appear with a delay, so we should expect new large-scale revelations. The attack on Goshen Medical Center once again emphasized the main risk for American medicine – the high value of patients’ personal data for cybercriminals. The theft of SSNs, dates of birth and medical records opens up opportunities for fraud, financial fraud and blackmail. Experts advise patients to be especially attentive to suspicious activity in financial accounts and to check their data through monitoring services as soon as possible.
