Goshen Medical Center, Inc. has started notifying 456,385 people of a data breach following a cyber attack that started in February 2025. Ransomware gang BianLian claimed the attack in late March.
This becomes the third-largest ransomware attack on a US healthcare company (based on records affected) this year so far.
In its notification, Goshen Medical Center states: “On March 4, 2025, we detected suspicious activity within our network. We promptly initiated an investigation of the matter and engaged cybersecurity specialists to assist with the incident response. As a result, we determined that certain files may have been accessed or acquired without authorization on February 15, 2025.”
The affected data includes:
- Names and addresses
- Dates of birth
- Social Security numbers
- Driver’s license numbers
- Medical record number
On March 22, 2025, BianLian posted the medical center to its data leak site after allegedly stealing personal records, financial data, various databases, and more.
Goshen Medical Center hasn’t confirmed BianLian’s claims, or whether a ransom was demanded and/or paid. Comparitech has contacted it for more information and will update this article if a response is received.
Who is BianLian?
Since it first emerged in late 2021, BianLian has been confirmed as the group behind 91 attacks. Nearly 6.1 million records have been breached across these attacks. BianLian hasn’t claimed any new victims since March 2025.
During its reign, BianLian paid particular attention to the healthcare sector with this industry accounting for 37 of its confirmed attacks and nearly 3.5 million of its breached records.
This week, Medical Associates of Brevard, LLC also confirmed that a large number of people had been impacted in its January 2025 attack via BianLian. Here, 246,711 people were impacted, making this breach the fourth largest on a US healthcare company this year so far.
In August, Aspire Rural Health System also started notifying over 138,000 people of a breach following an attack via BianLian in November 2024.
Ransomware attacks on US healthcare companies
This week, three of the year’s six largest healthcare data breaches (via ransomware) have been reported by US healthcare companies. As well as the two aforementioned breaches on Goshen Medical Clinic and Medical Associates of Brevard, New York Blood Center also confirmed that nearly 194,000 people had been caught up in its ransomware attack in January 2025. No hackers have claimed this attack as of yet.
DaVita Inc. (2.7 million) and Frederick Health (934,000) make up the top two, while Marlboro-Chesterfield Pathology, P.C. (236,000) takes fifth place.
These figures highlight how ransomware attacks on US hospitals and clinics remain a key threat. While we have only noted 61 confirmed attacks this year so far, which is significantly lower than the figure we noted in 2024 (174), a large number of attacks are reported months after the event — as we have seen with many of these large breaches reported this week.
We are also monitoring 131 unconfirmed attacks on US healthcare companies from 2025 so far.
About Goshen Medical Center, Inc.
Goshen Medical Center was first formed in 1979 and now includes more than 35 different locations across eastern North Carolina. It serves around 53,000 patients.
