Sanderling Healthcare 2025 Data Breach

Sanderling Renal Services Dialysis Provider Breach (2025): Patient SSN & Home Address Exposed via Sarcoma Ransomware | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

SarcomaRansomware / ExtortionMedicalEmail AddressPhone NumberPhysical AddressSocial Security Number
High SeverityWebsite / service breach

Sanderling Renal Services Dialysis Provider Breach (2025): Patient SSN & Home Address Exposed via Sarcoma Ransomware

Dialysis and renal (nephrology) telemedicine care provider.

Verified by ObscureIQ Intelligence
67/100Breach Risk Index
27Data Value
40Market Recency
336dSince Breach

Breach Intelligence Summary

Entity: Sanderling Healthcare · Actor: Sarcoma · Sources: 2 references
Attack: Ransomware / Extortion
Profile: Healthcare Services Company · Healthcare facility development and specialty care services · Healthcare infrastructure and renal services company · USA
Timeline: Breach (2025-07-03) · Year (2025)
Exposure: 40K records · 4 fields: Email Address, Phone Number, Physical Address, Social Security Number
Status: Confirmed

Executive Summary

Sanderling Renal Services (listed by the actor as "Sanderling Healthcare"), a Nashville-based dialysis and nephrology provider, was hit by a ransomware attack around July 3, 2025 attributed to the Sarcoma group, which claimed to have exfiltrated roughly 587 GB including a full Oracle database backup spanning 25 years of patient and business data. DataBreach.com’s parse confirmed circulating identifiers including names, addresses, phone numbers, emails, and Social Security numbers (about 40,453 records). Sarcoma additionally claims exposure of dates of birth, driver’s license/state ID numbers, medical records, health insurance, and payment information, which were not independently confirmed in circulation. Sanderling had not confirmed the incident or notified individuals as of the latest reporting.

ObscureIQ assessment: Exposure enables phishing, operational targeting, and misuse of sensitive healthcare-business relationships. If patient or renal-service data is involved, medical privacy risk rises sharply.

Breach Impact

Confirmed circulating identifiers (names, addresses, phones, Social Security numbers) for tens of thousands of dialysis patients and staff create identity-theft and chronic-illness/elder scam risk. Sarcoma additionally claims a 25-year Oracle backup containing driver’s licenses, medical records, health insurance, and payment data; if published, that would sharply raise medical- and financial-fraud risk for a chronically ill patient population.

About Sanderling Healthcare

Sanderling Renal Services (SRS), operating as Sanderling Healthcare, is a Nashville, Tennessee-based provider of dialysis and renal (nephrology) care founded in 2012, offering in-center and home dialysis and renal telemedicine with a focus on rural communities. It maintains patient identity, clinical, insurance, and billing records along with employee and business data.

Why They Hold Your Data

Healthcare facility and specialty-care companies collect employee, patient, operational, project, and financial records across healthcare development and service-delivery workflows.

Recent Developments

Sanderling had not publicly confirmed the incident or notified individuals as of the latest reporting; details emerged through security trackers and law firms, several of which opened class-action investigations. The Sarcoma group listed Sanderling on its leak site and claimed a full Oracle database backup spanning 25 years of patient and business data.

Data Points Exposed

4 verified field types
Email Address
Phone Number
Physical Address High
Social Security Number Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Identity theft and synthetic identity construction using SSN
  • Targeted phishing, smishing, and vishing using exposed contact data
  • Doxxing and physical targeting from exposed home addresses
  • Chronic-illness/elder-targeted scams exploiting dialysis-patient status
  • Potential medical- and financial-fraud if the claimed medical/DL/insurance/payment data is published
Threat vectors:
  • Full identity theft & synthetic identity fraud
  • Name-based social engineering
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat
  • Medical & financial fraud (if claimed data circulating)

Threat Actor: Sarcoma

Sarcoma
Ransomware / Extortion

Attribution and method are based on available breach intelligence. Reported attack vector: Ransomware / Extortion.

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.

Frequently Asked Questions

What happened in the Sanderling Healthcare breach?

Sanderling Renal Services (listed by the actor as "Sanderling Healthcare"), a Nashville-based dialysis and nephrology provider, was hit by a ransomware attack around July 3, 2025 attributed to the Sarcoma group, which claimed to have exfiltrated roughly 587 GB including a full Oracle database…

What data was exposed?

Verified fields include Email Address, Phone Number, Physical Address, Social Security Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation