Crenshaw Community Hospital, a community hospital in Luverne, Alabama, experienced a ransomware attack discovered on June 16, 2025 when a network disruption impacted certain computer systems. The hospital engaged outside cybersecurity specialists, who confirmed that files were copied from CCH systems without authorization. The Payouts King ransomware group, a double-extortion operation that steals data and threatens publication if ransom demands are not met, claimed responsibility by listing CCH on its dark-web leak site and asserting it had exfiltrated 53 GB of data. After ransom demands went unmet, the group reportedly published the entire dataset.

The breach affected approximately 72,000 individuals based on records indexed by breach-tracking services. Compromised fields included Social Security numbers, email addresses, phone numbers, and home addresses. As a community hospital, the underlying records exfiltrated by the attackers also include patient identity, insurance, billing, clinical, and treatment information typical of an integrated hospital operation, beyond the more limited field set surfaced publicly. Crenshaw separately warned patients in late July 2025 about a social-media scam impersonating a law firm and attempting to harvest personal information by referencing the breach.

For affected patients, the practical risk profile combines severe identity-fraud exposure with rural-hospital-specific risks. The combination of name, address, and Social Security number is a strong base for synthetic identity fraud and fraudulent credit applications. Inclusion in the dataset confirms a hospital-care relationship in a small rural community where individuals may be readily identifiable based on name and address alone. Affected patients should freeze credit at all three U.S. bureaus, monitor health-insurance statements, and be especially cautious of solicitations from law firms or 'data breach assistance' services contacting them by social media or phone, which have been used in scams targeting Crenshaw patients. Verified communications from Crenshaw Community Hospital and authentic class-action notices come through formal mail, not Facebook posts or unsolicited messages.

Local medical facilities collect patient identity, insurance, billing, and treatment data as part of hospital and community care operations.

Crenshaw Community Hospital experienced a network disruption on June 16, 2025 that impacted the functionality of certain computer systems. The hospital engaged third-party cybersecurity specialists to investigate and secure its environment. The Payouts King ransomware group, which engages in double-extortion tactics, publicly claimed responsibility on its dark-web leak site, asserting it had exfiltrated 53 GB of data and subsequently published the entire dataset after ransom demands went unmet. Crenshaw issued a public notice on its website acknowledging the incident. The hospital also warned patients in late July 2025 about a social-media scam impersonating a law firm and attempting to harvest personal information from breach victims. The file review remained ongoing into the fall of 2025, and class-action investigations by U.S. plaintiff law firms began organizing in October 2025.