‘Sandhills’ Mental Health Center Breached and Patient Data Now Auctioned on the Dark Web

Written by Bill Toulas
Last updated September 28, 2021

The ‘Sandhills’ mental health center in North Carolina appears to have been hacked, as 634 GB of data that have been stolen during the attack are auctioned on the Marketo leaks portal on the dark web. Based on the “bids counter” presented on the leak site, the actors have received 139 bids at the time of writing. The information that is being auctioned includes contracts, reports, emails, agreements, client databases, documents containing personal information of employees, and documents exposing sensitive information about patients.

Image: TechNadu

The 'DataBreaches' news portal downloaded the sample (“proof pack”) provided by the sellers and confirmed that some documents constitute sensitive, confidential medical information in there. In the presented example, there’s a psychological test report of a young individual conducted all the way back in May 1993. That person is 44 years old today, so someone could use this information to either trick or blackmail him. Another example is a psychological evaluation of a female patient dating to June 2007. Both examples make it clear that Sandhills Center doesn’t comply with any data retention laws or even its own alleged data privacy policies.

Source: DataBreaches

While the incident hasn’t been officially confirmed by ‘Sandhills,’ everything published on the dark web portal appears to be authentic and valid, but we report this with some reservations as we can’t verify the actors' claims. If the hackers really hold the claimed data, it would impact tens of thousands of patients and employees that have passed from the ‘Sandhills Center’ all these years. That is mainly people who are in vulnerable and oftentimes unstable mental conditions and who could be easy to extort.

People’s Google reviews on Sandhills Center describe an institution that employs totally indifferent personnel that treats every patient as a drug-seeker. Based on that, we wouldn’t expect the institute to send notices of a breach to the impacted individuals if the data breach is confirmed to be real. Maybe the next step now would be an investigation launched by the state of North Carolina, which is the only entity that can inform the affected people and help them stay safe from phishing, scamming, and extortion attempts.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: