Industry - Data Breach
Executive Summary
Bradford Health Services and Bradford Health Partners settled a class action lawsuit stemming from a December 2023 cyberattack that compromised sensitive data of over 32,000 patients, including Social Security numbers, medical records, and financial information. The Hunters International threat group claimed to have stolen more than 760 GB of data, and victims were not notified until 18 months after the breach was detected. Under the settlement, affected individuals can enroll in three years ...
What Happened
In December 2023, Bradford Health Services and Bradford Health Partners experienced a cyberattack by the Hunters International threat group, who reportedly stole over 760 GB of patient data. The breach compromised sensitive information of more than 32,000 individuals, including Social Security numbers, medical diagnoses and treatment records, driver's license numbers, financial account details, and payment card information. The unauthorized access was detected on December 8, 2023, but affected patients were not notified until May 2025 - 18 months later - after a lengthy file review process was completed.
Who Is Affected
Over 32,000 current and former patients of Bradford Health Services are affected by this breach. All affected individuals had their protected health information exposed, with many also having financial data, government-issued identification numbers, and health insurance details compromised. The breach occurred in Alabama, though the geographic distribution of affected patients is not specified in available sources.
Why It Matters
The 18-month delay between breach detection and patient notification raises serious concerns about compliance with healthcare data breach notification requirements and patient protection. The combination of medical records, Social Security numbers, and financial information creates heightened risk for identity theft and medical fraud. This case demonstrates how healthcare providers remain vulnerable targets for sophisticated ransomware groups, and the lengthy investigation period left patients unknowingly exposed to potential misuse of their data for over a year.
What You Should Do
If you are a current or former Bradford Health Services patient, enroll in the three years of free medical data monitoring services offered through the settlement. File a claim for documented losses up to $5,000 if you experienced identity theft, fraudulent charges, or other financial harm related to the breach. Monitor your medical records, credit reports, and financial accounts closely for any unauthorized activity, and consider placing a fraud alert or credit freeze with the major credit bureaus to prevent misuse of your Social Security number.
Summary generated from verified sources and reviewed before publication. How we summarize.
Sources