Dialysis and renal (nephrology) telemedicine care provider.
Sanderling Renal Services (listed by the actor as "Sanderling Healthcare"), a Nashville-based dialysis and nephrology provider, was hit by a ransomware attack around July 3, 2025 attributed to the Sarcoma group, which claimed to have exfiltrated roughly 587 GB including a full Oracle database backup spanning 25 years of patient and business data. DataBreach.com’s parse confirmed circulating identifiers including names, addresses, phone numbers, emails, and Social Security numbers (about 40,453 records). Sarcoma additionally claims exposure of dates of birth, driver’s license/state ID numbers, medical records, health insurance, and payment information, which were not independently confirmed in circulation. Sanderling had not confirmed the incident or notified individuals as of the latest reporting.
ObscureIQ assessment: Exposure enables phishing, operational targeting, and misuse of sensitive healthcare-business relationships. If patient or renal-service data is involved, medical privacy risk rises sharply.
Confirmed circulating identifiers (names, addresses, phones, Social Security numbers) for tens of thousands of dialysis patients and staff create identity-theft and chronic-illness/elder scam risk. Sarcoma additionally claims a 25-year Oracle backup containing driver’s licenses, medical records, health insurance, and payment data; if published, that would sharply raise medical- and financial-fraud risk for a chronically ill patient population.
Sanderling Renal Services (SRS), operating as Sanderling Healthcare, is a Nashville, Tennessee-based provider of dialysis and renal (nephrology) care founded in 2012, offering in-center and home dialysis and renal telemedicine with a focus on rural communities. It maintains patient identity, clinical, insurance, and billing records along with employee and business data.
Healthcare facility and specialty-care companies collect employee, patient, operational, project, and financial records across healthcare development and service-delivery workflows.
Sanderling had not publicly confirmed the incident or notified individuals as of the latest reporting; details emerged through security trackers and law firms, several of which opened class-action investigations. The Sarcoma group listed Sanderling on its leak site and claimed a full Oracle database backup spanning 25 years of patient and business data.
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Attribution and method are based on available breach intelligence. Reported attack vector: Ransomware / Extortion.
If you believe your information may be included:
Sanderling Renal Services (listed by the actor as "Sanderling Healthcare"), a Nashville-based dialysis and nephrology provider, was hit by a ransomware attack around July 3, 2025 attributed to the Sarcoma group, which claimed to have exfiltrated roughly 587 GB including a full Oracle database…
Verified fields include Email Address, Phone Number, Physical Address, Social Security Number.
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Every claim on this page is traceable. This breach draws on:
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation