A recent ransomware attack has disrupted healthcare services and exposed sensitive patient data at the MACT Health Board, which operates clinics serving American Indian communities in California’s Sierra Foothills. The cybercriminal group Rhysida has claimed responsibility for the November 2025 breach and has listed MACT on its data leak site, demanding a ransom of eight bitcoin, valued at about 662,000 dollars at the time. Although MACT has notified affected patients, the organization has not confirmed Rhysida’s claims or disclosed how many individuals were impacted.
According to MACT’s notice to victims, an unauthorized party accessed some files on its systems between November 12 and November 20, 2025, leading to serious exposure of personal and medical information. Compromised data includes names, Social Security numbers, and detailed medical information such as diagnoses, doctors, insurance details, medications, test results, images, and records of care and treatment. In response, MACT is offering eligible victims free identity monitoring, recognizing the heightened risk of identity theft and fraud.
The attack caused significant operational disruption across MACT’s clinics starting November 20, 2025, affecting phone services, prescription ordering, and appointment scheduling. Phone lines were restored by December 1, but some specialized imaging services were still offline as of January 22, illustrating the long-term impact such incidents can have on patient care. The Board declined to answer detailed questions about the breach, including whether a ransom was paid or how the attackers infiltrated the network.
Rhysida, which emerged in May 2023, runs a ransomware-as-a-service model, providing its malware and infrastructure to affiliates who carry out attacks. Its ransomware both steals data and encrypts systems, with victims pressured to pay for deletion of stolen information and for decryption keys. The group has claimed responsibility for 102 confirmed attacks and an additional 157 unacknowledged incidents, with an average ransom demand of around 884,000 dollars. At least 24 of its confirmed attacks have targeted healthcare entities, compromising about 3.83 million records, including high-profile breaches at MedStar Health, Spindletop Center, and Cytek Biosciences.
The MACT incident highlights a broader surge in ransomware targeting US healthcare providers. Comparitech researchers documented 109 confirmed ransomware attacks against hospitals, clinics, and other care providers in 2025 alone, affecting nearly 8.9 million records. These attacks can force organizations back to pen-and-paper operations, trigger appointment cancellations, and even require patient diversions, putting both safety and privacy at risk. MACT, which serves five California counties—Mariposa, Amador, Alpine, Calaveras, and Tuolumne—through about a dozen clinics offering medical, dental, behavioral, optometry, and chiropractic care, now faces the dual challenge of restoring services and rebuilding trust with its community.
