Crenshaw Community Hospital 2025 Data Breach
ObscureIQ Breach Intelligence
High SeverityWebsite / service breach
Crenshaw Community Hospital Breach (2025): 72K Patient SSN & Home Address Records Exposed
Community hospital.
Verified by ObscureIQ Intelligence
77/100Breach Risk Index
27Data Value
40Market Recency
258dSince Breach
Breach Intelligence Summary
Entity: Crenshaw Community Hospital · Actor: Payouts King · Sources: 2 references
Attack: Unknown
Profile: Healthcare provider · Hospital and patient care services · Local medical facility · USA
Timeline: Breach (2025-07-08) · Indexed (Aug 12, 2025) · Year (2025)
Exposure: 72K records · 4 fields: Email Address, Phone Number, Physical Address, Social Security Number
Status: Reported
Executive Summary
Crenshaw Community Hospital, a community hospital in Luverne, Alabama, experienced a ransomware attack discovered on June 16, 2025 when a network disruption impacted certain computer systems. The hospital engaged outside cybersecurity specialists, who confirmed that files were copied from CCH systems without authorization. The Payouts King ransomware group, a double-extortion operation that steals data and threatens publication if ransom demands are not met, claimed responsibility by listing CCH on its dark-web leak site and asserting it had exfiltrated 53 GB of data. After ransom demands went unmet, the group reportedly published the entire dataset. The breach affected approximately 72,000 individuals based on records indexed by breach-tracking services. Compromised fields included Social Security numbers, email addresses, phone numbers, and home addresses. As a community hospital, the underlying records exfiltrated by the attackers also include patient identity, insurance, billing, clinical, and treatment information typical of an integrated hospital operation, beyond the more limited field set surfaced publicly. Crenshaw separately warned patients in late July 2025 about a social-media scam impersonating a law firm and attempting to harvest personal information by referencing the breach. For affected patients, the practical risk profile combines severe identity-fraud exposure with rural-hospital-specific risks. The combination of name, address, and Social Security number is a strong base for synthetic identity fraud and fraudulent credit applications. Inclusion in the dataset confirms a hospital-care relationship in a small rural community where individuals may be readily identifiable based on name and address alone. Affected patients should freeze credit at all three U.S. bureaus, monitor health-insurance statements, and be especially cautious of solicitations from law firms or 'data breach assistance' services contacting them by social media or phone, which have been used in scams targeting Crenshaw patients. Verified communications from Crenshaw Community Hospital and authentic class-action notices come through formal mail, not Facebook posts or unsolicited messages.
ObscureIQ assessment: Severe risk of medical fraud, identity theft, and exposure of sensitive health information. Smaller hospitals may also serve communities where personal information is easier to contextualize and exploit.
Breach Impact
The institutional impact on Crenshaw Community Hospital is significant relative to its size as a small community hospital. Federal HIPAA notification obligations, an Office for Civil Rights review, Alabama attorney-general filings, and emerging class-action litigation discussions are all underway. Payouts King's publication of the full 53 GB dataset on its leak site creates direct evidence of broad data exposure and strengthens future litigation. Operationally, the hospital reported a network disruption that affected functionality of certain computer systems but maintained patient care. The reputational impact is concentrated within Crenshaw County and the surrounding rural region, where Crenshaw Community Hospital is one of the few local healthcare options and patient retention is unusually consequential. The follow-on social-media scam impersonating a law firm added secondary fraud-management work for the hospital.
About Crenshaw Community Hospital
Crenshaw Community Hospital (CCH) is a small community hospital based in Luverne, Alabama, serving Crenshaw County and surrounding rural communities in south-central Alabama. Founded in 1963, the hospital provides emergency care, medical and surgical services, outpatient services, behavioral health, radiology, and home health services to a primarily rural population. As a small community hospital, CCH operates with a limited staff and serves as one of the few local healthcare options in its service area. As a HIPAA-regulated hospital, CCH maintains patient identity, contact, insurance, billing, and clinical records across its emergency, inpatient, outpatient, and home-health operations, alongside diagnosis, treatment, and prescription information typical of a community hospital.
Why They Hold Your Data
Local medical facilities collect patient identity, insurance, billing, and treatment data as part of hospital and community care operations.
Recent Developments
Crenshaw Community Hospital experienced a network disruption on June 16, 2025 that impacted the functionality of certain computer systems. The hospital engaged third-party cybersecurity specialists to investigate and secure its environment. The Payouts King ransomware group, which engages in double-extortion tactics, publicly claimed responsibility on its dark-web leak site, asserting it had exfiltrated 53 GB of data and subsequently published the entire dataset after ransom demands went unmet. Crenshaw issued a public notice on its website acknowledging the incident. The hospital also warned patients in late July 2025 about a social-media scam impersonating a law firm and attempting to harvest personal information from breach victims. The file review remained ongoing into the fall of 2025, and class-action investigations by U.S. plaintiff law firms began organizing in October 2025.
Data Points Exposed
4 verified field types
Email Address
Phone Number
Physical Address High
Social Security Number Critical
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Exploitation & Downstream Threats
Threat Activity:High
Primary downstream threats:
- Identity theft and synthetic identity construction using government-issued IDs
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat vectors:
- Phishing, credential stuffing & account takeover
- SIM swapping, vishing & SMS phishing
- Physical stalking, mail fraud & identity verification
- Home targeting, stalking & physical threat
- Full identity theft & synthetic identity fraud
Threat Actor: Payouts King
Payouts King
Unknown
Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.
Recommended Actions
If you believe your information may be included:
Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
Frequently Asked Questions
What happened in the Crenshaw Community Hospital breach?▾
Crenshaw Community Hospital, a community hospital in Luverne, Alabama, experienced a ransomware attack discovered on June 16, 2025 when a network disruption impacted certain computer systems. The hospital engaged outside cybersecurity specialists, who confirmed that files were copied from CCH…
What data was exposed?▾
Verified fields include Email Address, Phone Number, Physical Address, Social Security Number.
What should I do if I was affected?▾
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Sources & References
Every claim on this page is traceable. This breach draws on:
Breach Index
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Protect Yourself
Check If You're Affected
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
High-Risk? Get an Exposure Audit
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation