A cybercriminal group called DragonForce this week took credit for a cyber attack at AdvancedHealth, a company that operates hundreds of medical clinics in Tennessee.
One of those clinics, Columbia Surgical Partners, at the end of April said it notified patients of a data breach at its parent company, Advanced Diagnostic Imaging, which does business as AdvancedHealth.
On its data leak site, DragonForce on May 14 said it stole 390 GB of data from AdvancedHealth including 2.3 million lines of patient data, partner agreements, management, payroll, and human resources files. DragonForce threatened to leak 1,000 lines per day until its ransom demand was met.
AdvancedHealth declined to comment on the breach. The company has not acknowledged DragonForce’s claim and Comparitech cannot independently verify it. We do not know how many people Columbia Surgical Partners notified, how attackers breached AdvancedHealth’s network, if the company did or will pay a ransom, or how much DragonForce demanded.
The ransomware attack disrupted Columbia Surgical Partners’ access to electronic medical records, according to WSMV4.
Who is DragonForce?
DragonForce is a ransomware gang that first started claiming responsibility for attacks on its leak site in December 2023. It operates a ransomware-as-a-service business in which customers pay to use DragonForce’s malware and infrastructure to launch attacks and collect ransoms. DragonForce often extorts victims both to unlock infected systems and to destroy stolen data.
DragonForce has claimed responsibility for 167 ransomware attacks in 2026. Of those, 14 were confirmed by the organizations it targeted.
AdvancedHealth is not DragonForce’s first target in the healthcare sector. The group also took credit for the following:
- Asheville Eye Associates notified 204,984 people of a November 2024 data breach for which DragonForce demanded a $7 million ransom
- Heart of Texas Behavioral Health Network notified 63,776 people of an October 2023 data breach
- Greater Cincinnati Behavioral Health Services notified 62,036 people of a December 2023 data breach
- Neurological Associates of Washington notified 13,500 people of a December 2025 data breach
Ransomware attacks on US healthcare
Comparitech researchers have logged 14 confirmed ransomware attacks on US hospitals, clinics, and other healthcare providers in 2026 to date.
Some recent cases include:
- Signature Healthcare reported a data breach claimed by Anubis
- Minidoka Memorial Hospital reported a data breach claimed by Blackwater
- Mile Bluff Medical Center reported a ransomware attack by an unknown attacker
Ransomware attacks on hospitals, clinics, and other care providers can steal data and lock down infected computer systems. They can cripple critical systems and endanger the health, privacy, and security of patients. Infected hospitals and clinics must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk. Hospitals and clinics might resort to pen and paper, cancel appointments, and divert patients elsewhere until systems are restored.
About AdvancedHealth
AdvancedHealth says it is “Tennessee’s largest independent, multi-specialty physician group.” Its network spans more than 200 locations and 550 healthcare providers.
