Spindletop Center, a behavioral health clinic in Texas, is notifying victims of a September 2025 data breach, according to disclosures submitted to the state’s attorney general.
The data breach compromised the following personal info:
- Names
- Social Security numbers
- Government-issued ID numbers (e.g. driver’s license)
- Diagnoses
- Case numbers
Spindletop reported a system outage on September 29, 2025.
A ransomware group called Rhysida took credit for the breach and demanded a ransom of 15 bitcoin, worth $1.65 million at the time. Rhysida said it stole the personal records of 100,000 people. To prove its claim, the ransomware group posted sample images of what it says are documents stolen from Spindletop.
Spindletop has not verified Rhysida’s claim. We do not know how many people the clinic notified, if Spindletop paid a ransom, or how attackers breached its systems. Comparitech contacted Spindletop for comment and will update this article if it replies.
“On or about September 29, 2025, Spindletop was the victim of a cyberattack from an unauthorized third party that resulted in systems and servers being inoperable for a limited time,” says Spindletop’s notice (PDF) to victims.
“Through its investigation, which concluded on December 3, 2025, Spindletop determined that on September 23, 2025, the unauthorized party may have accessed sensitive information on Spindletop’s systems.”
The notice does not mention any offer of free credit monitoring or identity theft protection for breach victims.
Who is Rhysida?
Rhysida is a ransomware group that first surfaced in May 2023. Its ransomware can steal data and lock down targeted systems. It then demands a ransom both for deleting stolen data and for a key to restore infected systems. Rhysida operates a ransomware-as-a-service business in which affiliates pay Rhysida to use its malware and infrastructure to launch attacks and collect ransoms.
Rhysida has claimed responsibility for 100 confirmed ransomware attacks since it began, plus 156 unconfirmed attacks that haven’t been publicly acknowledged by the targeted organizations. The 100 confirmed attacks compromised nearly 5.5 million records. Rhysida’s average ransom demand is $1.17 million.
Rhysida took credit for 17 data breaches in 2025. Four of those hit healthcare providers. In addition to Spindletop, they include:
- Florida Lung, Asthma & Sleep Specialists notified 10,000 people of a May 2025 data breach for which Rhysida demanded $639,000.
- Cookeville Regional Medical Center notified at least 500 people of a Jly 2025 data breach for which Rhysida demanded $1.15 million
- MedStar Health reported a September 2025 data breach for which Rhysida demanded $3.1 million
Ransomware attacks on US healthcare
Comparitech researchers logged 104 confirmed ransomware attacks on US hospitals, clinics, and other direct care providers in 2025. The resulting data breaches compromised more than 8.8 million records. The average ransom demand was $697,000.
Other such recently confirmed attacks include:
- Pulse Urgent Care Center notified 4,035 people of a March 2025 data breach for which Medusa demanded a $120,000 ransom
- Medical Center, LLP in Georgia reported an October 2025 data breach claimed by PEAR
- University of Hawaii Cancer Center reported an August 2025 ransomware attack
Ransomware attacks on US hospitals, clinics, and other care providers can steal data and lock down infected computer systems. They can cripple critical systems and endanger the health, privacy, and security of patients. Infected hospitals and clinics must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk. Hospitals and clinics might resort to pen and paper, cancel appointments, and divert patients elsewhere until systems are restored.
About Spindletop Center
Based in Beaumont, Texas, Spindletop Center is a behavioral health clinic with five locations: two in Beaumont and one each in Orange, Silsbee, and Port Arthur. It provides mental health services, substance use treatment, early childhood intervention, intellectual and developmental disabilities services, and other services. Spindletop Center serves more than 16,000 patients per year and employs more than 500 full-time staff, according to its website.
