Qilin Ransomware Group Claims Rocky Mountain Care Data Breach, Patient Data at Risk

A Utah-based senior care provider, Rocky Mountain Care, is grappling with a confirmed data breach after the Qilin ransomware group claimed responsibility and posted the company to its dark web leak site. The incident, which involved unauthorized access to parts of the network containing patient information, occurred over a critical four-day window between January 30 and February 2, 2026. The threat actor issued a ransom demand, escalating the situation from a security incident to an active extortion case with patient data potentially exposed.

The forensic investigation confirmed a hacker gained access to files, but the full scope of compromised patient data remains unknown as the internal review is ongoing. Rocky Mountain Care, which provides skilled nursing and home health services in Utah and Wyoming, has stated that notification letters to affected individuals will only be mailed once this assessment is complete. This delay leaves patients and their families in a state of uncertainty regarding the sensitivity and volume of their personal health information that may be in criminal hands.

The public claim by the Qilin group on February 23, 2026, signals intense pressure on the healthcare provider and raises significant risks for the affected senior population. Healthcare data breaches, especially those involving ransomware, carry high stakes due to the sensitivity of medical records and the potential for identity theft and fraud. The incident places Rocky Mountain Care under scrutiny for its cybersecurity defenses and breach response timeline, highlighting the persistent vulnerability of regional healthcare networks to sophisticated cybercriminal operations.