Physicians to Children Hit by Cactus Ransomware, 9,536 Patient Records Exposed

A Kentucky pediatric provider has disclosed a major ransomware attack, with a threat actor claiming to have stolen nearly a terabyte of sensitive patient data. Physicians to Children & Adolescents reported that the breach, attributed to the Cactus ransomware group, potentially exposed the personally identifiable and protected health information of 9,536 current and former patients across the United States. The attackers publicly claimed responsibility on the dark web, stating they had accessed and exfiltrated approximately 902 GB of data from the Bardstown-based organization.

The scope of the stolen information is significant, potentially including patient names, dates of birth, addresses, phone numbers, detailed medical records, and health insurance information. This combination of data creates a severe risk profile for the affected individuals, leaving them vulnerable to targeted identity theft and sophisticated medical fraud. The breach was formally disclosed to the public on October 24, 2025, following the dark web claims by the Cactus group.

The incident places immediate pressure on Physicians to Children to secure its systems and provide robust support to thousands of families. For the healthcare sector, it serves as another stark warning about the attractiveness of medical data to cybercriminals and the critical vulnerabilities in patient data management. The exposure of such a large volume of PHI triggers mandatory reporting obligations and will likely draw scrutiny from regulators, while the affected patients now face the protracted burden of monitoring their financial and medical identities for signs of misuse.