Data Breach Summary
On February 26, 2025, Rockhill Women’s Care, a full-service OB/GYN medical practice in the Kansas City area, reported a significant network security incident. The attack was linked to the Qilin ransomware group, which claimed responsibility for stealing sensitive personal and health data. Affected individuals are urged to take steps to safeguard their personal and medical information, as the breach exposed both personally identifiable information (PII) and protected health information (PHI).
On February 26, 2025, Rockhill Women’s Care identified an unusual security breach affecting its IT systems. After confirming the attack, the company immediately engaged third-party cybersecurity experts to investigate and contain the incident. Law enforcement was also notified of the breach. By March 4, 2025, the Qilin ransomware group claimed responsibility for the attack on its dark web portal, where they threatened to release 20 GB of stolen data. Screenshots of the stolen data were shared as proof of the breach.
Rockhill Women’s Care worked swiftly to address the situation, bringing in a data mining vendor to assess the impact and identify the affected individuals. On August 13, 2025, the company confirmed that the breach involved both PII and PHI. The stolen data included names, addresses, dates of birth, Social Security numbers, medical treatment details, and health insurance information. While no instances of fraud or identity theft had been reported by that time, the company issued notifications to affected individuals and offered resources to mitigate the risks associated with the breach.
The breach has raised serious concerns regarding medical identity theft and the privacy risks related to personal health information. As part of its ongoing commitment to securing personal data, Rockhill Women’s Care implemented additional security measures to reduce the risk of future incidents.
The breach at Rockhill Women’s Care was discovered on February 26, 2025. The Qilin ransomware group claimed responsibility for the attack on March 4, 2025, and a thorough investigation concluded on August 13, 2025, confirming the scope of the data exposure.
The following sensitive information was exposed in the Rockhill Women’s Care data breach:
The breach potentially involved a substantial number of individuals, as both identity and medical privacy risks were present.
If you believe your information was exposed in the Rockhill Women’s Care breach, here are steps you can take to protect yourself:
If you received a data breach notification from Rockhill Women’s Care, you may be entitled to compensation for the harm caused by this incident. Data breaches often lead to identity theft, fraud, and significant emotional distress, and you have the right to seek legal recourse.
If you were affected by this breach, consider contacting Class Action U for a free consultation. We can help you determine whether you have a valid case to join a class action lawsuit and potentially receive compensation for your losses.
Don’t stand alone—join the class and make your voice heard. Together, we can hold Rockhill Women’s Care accountable for their failure to protect your personal information. Reach out to us today for guidance on how to take action.
