Skip to content
Cory Watson Attorneys Logo
  • Cases We Handle
    • Personal Injury
      • Car Accidents
      • Truck Accidents
      • Motorcycle Accidents
      • Pedestrian Accidents
      • Food Poisoning
      • Nursing Home Abuse
      • All Cases We Handle
    • Defective Products
      • NEC Baby Formula Lawsuit
      • Bard Power Port Lawsuit
      • Exactech Connexion GXL Hip Liner Lawsuit
      • Hernia Mesh Lawsuit
      • Portable Blender Lawsuit
      • Pressure Cooker Lawsuit
      • Paragard Lawsuit
    • Drug Injury
      • Ozempic Lawsuit
      • Oxbryta Lawsuit
      • Paragard Lawsuit
    • Class Action
      • Data Breach
      • Ford Recall
    • Environmental Injury
      • AFFF Lawsuit
      • Ethylene Oxide Lawsuit
      • Roundup Lawsuit
      • Camp Lejeune Lawsuit
      • C-8 Dupont Lawsuit
      • East Palestine Train Derailment Lawsuit
  • Office Locations
    • Birmingham
    • Memphis
    • Nashville
  • About Us
    • Our Attorneys
    • Testimonials
    • Case Results
    • Attorney Referrals
    • Cory Watson Cares
  • Blog
    • Firm News
    • Veteran Friendly
  • Contact
  • Search
Call 24/7 – (877) 562-0000
Cory Watson advocates for patients affected by AI Chatbot Harm. SUBMIT A CLAIM
Cory Watson advocates for patients affected by Bard PowerPort®. SUBMIT A CLAIM
Cory Watson advocates for patients affected by a Data Breach. SUBMIT A CLAIM
Cory Watson advocates for patients affected by Social Media Addiction. SUBMIT A CLAIM

Dillon Family Medicine Data Breach: What Patients in SC Need to Know

Cory Watson Personal Injury Attorneys  >  Blog  >  Dillon Family Medicine Data Breach: What Patients in SC Need to Know

June 11, 2026 | By Cory Watson Attorneys
Dillon Family Medicine Data Breach: What Patients in SC Need to Know

A ransomware group accessed a Dillon Family Medicine server for two days in October 2025. South Carolina patients were not notified until nearly two months later.

On March 5, 2026, McLeod Health discovered a suspicious file on a Dillon Family Medicine server that was being decommissioned. An investigation confirmed that an unauthorized party had accessed the server between October 17 and October 18, 2025. The breach was later linked to the Qilin ransomware group, which publicly claimed responsibility and posted an extortion notice threatening to leak stolen data.

McLeod Health began mailing notification letters to the 16,788 affected patients on June 4, 2026, nearly eight months after the unauthorized access occurred, and two months after McLeod Health allegedly discovered it. If you received a notice or were ever a patient at Dillon Family Medicine in Dillon, SC, your most sensitive personal and medical information may have been exposed for months without your knowledge.

Cory Watson Attorneys is reviewing claims from affected patients and offering free, no-obligation consultations.

What Happened

Dillon Family Medicine (McLeod Health dba Dillon Family Medicine), located at 603 N 6th Avenue, Dillon, SC 29536, is a primary care practice within McLeod Health, a hospital and healthcare network serving communities across the Carolinas. As part of providing care, Dillon Family Medicine stored sensitive personal and health information for thousands of patients on its servers.

On October 17 and 18, 2025, an unauthorized party accessed one of those servers. The breach was not discovered until March 5, 2026, when a suspicious file was found on the server while it was being taken offline. McLeod Health launched an investigation with third-party cybersecurity experts and notified law enforcement. The investigation confirmed the scope of the access on April 15, 2026.

According to McLeod Health's official notice, the breach was limited to one server and did not affect active McLeod Health systems, including the current electronic medical record system. However, the accessed server contained years of patient records containing highly sensitive information.

Third-party threat intelligence trackers, including Ransomware.live indexed the Qilin ransomware group's public claim of responsibility, which included a threat to release stolen data unless negotiations were initiated.

What Information Was Exposed

According to McLeod Health's own disclosure, the following categories of information may have been compromised for 16,788 South Carolina residents:

  • Full name and date of birth
  • Social Security number
  • Diagnoses
  • Medications
  • Test results and medical images
  • Health insurance information
  • Treatment information

This combination of personal and health data is among the most sensitive that can be stolen. Social Security numbers cannot be replaced without proof of ongoing harm from misuse. Medical records, diagnoses, and treatment histories can be used to commit insurance fraud, obtain prescription medications under another person's identity, or construct detailed profiles for targeted scams. Once that information is published on the dark web, it does not disappear.

Nearly Two Months Passed Before Patients Were Notified

The timeline in this case raises serious legal questions. The unauthorized access occurred on October 17 and 18, 2025, but was not discovered until March 5, 2026. The investigation concluded on April 15, 2026, and notification letters were not mailed until June 4, 2026.

HIPAA's Breach Notification Rule requires covered healthcare providers to notify affected individuals within 60 days of discovering a breach.

Under that standard, notification should have begun no later than May 4, 2026. Letters did not go out until June 4, 2026, more than 30 days past that deadline.

South Carolina law independently requires prompt notification under S.C. Code Section 39-1-90, which obligates businesses to notify affected residents without unreasonable delay when their personal information has been compromised. Whether McLeod Health's combined timeline from discovery to notification satisfies that standard is a question a court may ultimately decide.

Every week without notice was another week patients could not place credit freezes, monitor their health insurance accounts, or flag suspicious activity with their banks.

The Qilin Ransomware Group

The Qilin ransomware group has been active since at least 2022 and has been linked to attacks on hospitals in multiple countries, including NHS hospitals in London. Qilin operates a double-extortion model: it encrypts victim files and threatens to publish stolen data publicly if ransom demands are not met.

Qilin publicly claimed responsibility for the Dillon Family Medicine attack and posted an extortion notice on its dark web leak site. That claim was indexed by third-party threat intelligence trackers and has not been disputed in McLeod Health's official disclosure, meaning patient records may already be circulating on criminal marketplaces.

Do You Qualify? Answer These Questions

If you were a patient at Dillon Family Medicine, Cory Watson Attorneys wants to hear from you. Before reaching out, consider the following:

  1. Were you a patient of Dillon Family Medicine at any time in the previous 15 years?
  2. Have you noticed any unauthorized activity in your accounts?
  3. Have you received a notice from McLeod Health about this breach?
  4. What is the best time to reach you, Monday through Friday?

If you answered yes to any of the first three questions, you may have a legal claim

Contact Cory Watson Attorneys today for a free, no-obligation case evaluation: (877) 562-0000.

Steps to Take Right Now

Talk to an attorney before accepting anything from McLeod Health. If McLeod Health or Dillon Family Medicine offers credit monitoring or other services in response to the breach, accepting without legal guidance could affect your ability to pursue a claim.

Freeze your credit. Contact Equifax, Experian, and TransUnion to place a free credit freeze. This prevents new accounts from being opened in your name without your direct authorization.

Pull your free credit reports. Visit annualcreditreport.com and review every account and inquiry for activity you do not recognize.

Review your health insurance statements. Check every Explanation of Benefits for services you did not receive. Medical identity theft often surfaces through insurance claims for procedures that never happened.

Watch for phishing attempts. Criminals use stolen data to craft convincing follow-up scams. Be skeptical of unsolicited calls, emails, or texts referencing McLeod Health or Dillon Family Medicine.

Report fraud. File a complaint with the FTC at identitytheft.gov and report any suspicious activity to your financial institutions immediately.

Frequently Asked Questions

How do I know if I was affected?

McLeod Health began mailing notification letters to 16,788 affected patients on June 4, 2026. If you were a patient at Dillon Family Medicine in Dillon, SC, your information may have been on the accessed server. If you did not receive a letter, a change of address or mailing error may be the reason. Contact McLeod Health at 888-504-8534 or speak with an attorney.

Should I accept the free services McLeod Health is offering?

Not before speaking with a data breach attorney. Accepting offers from the organization responsible for a breach can affect your legal rights and limit your options for compensation.

Can I file a lawsuit?

If your information was exposed in the Dillon Family Medicine breach, you may have grounds for a legal claim based on inadequate security practices, HIPAA violations, or the delayed notification. An attorney can evaluate your situation at no cost.

How long do I have to take action?

Statutes of limitations vary by claim type and state. Do not delay. Contact an attorney as soon as possible to understand your rights and protect your options.

About Cory Watson Attorneys

Our data breach attorneys at Cory Watson Attorneys have been representing clients for more than 44 years, recovering over $4 billion for individuals whose rights were violated by institutional negligence. We handle data breach cases across Alabama, South Carolina, and the Southeast, and our team is actively reviewing claims related to the Dillon Family Medicine data breach.

Disclaimer: Reading this content does not create an attorney-client relationship. Laws vary by jurisdiction and individual circumstances differ.

Contact Our 24/7 Nationwide Lawyers

* Required Fields

  • This field is for validation purposes and should be left unchanged.
  • This field is hidden when viewing the form
  • This field is hidden when viewing the form
  • This field is hidden when viewing the form

Practice Areas

  • Trussville Truck Accident
  • Homewood Truck Accident
  • Alabaster Truck Accident
  • Trussville Car Accident Lawyer
  • Homewood Car Accident Lawyer
  • Car Accident Lawyer in Alabaster AL
  • Pedestrian Accident Lawyer
  • Pedestrian Accident Lawyer
  • Pedestrian Accident Lawyer
  • Pedestrian Accident Lawyer

Table Of Contents

Contact Cory Watson Attorneys

Talking to an experienced attorney from anywhere in the United States shouldn’t be a hassle.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form

Office Locations

Memphis Office
254 Court Avenue
Suite 511
Memphis, TN 38103
(901) 402-2000
Nashville Office
1033 Demonbreun St.
Suite 300
Nashville, TN 37203
(615) 205-0000
Birmingham Office
2131 Magnolia Ave S.
Birmingham, AL 35205
(205)328-2200
Cory Watson Logo
  • About Us
  • Blog
  • Our Attorneys
  • Testimonials
  • Case Results
  • Contact Us
© 2026 Cory Watson Attorneys. | All Rights Reserved. | Sitemap

Alabama Rules of Professional Conduct require the following disclaimer: Case descriptions, recoveries and testimonials presented here are not an indication of future results. Every case is different and must be evaluated on its own facts and circumstances as they apply to the law. Litigation outcome and valuation depend on many factors including jurisdiction, venue, witnesses, parties, testimony and documentary evidence. Furthermore, no representation is made that the quality of legal services to be performed is greater than the quality of legal services performed by other lawyers. Leila H. Watson, 2131 Magnolia Avenue, Birmingham, Alabama 35205, 205-271-7102, is responsible for the contents of this website.

Cory Watson Attorneys SMS and MMS Messaging program assists with lead follow-ups, documents, and screening cases. Message and data rates may apply. Message Frequency May Vary. For help, reply HELP. To opt out, reply STOP. Carriers are not liable for delayed or undelivered messages. For our privacy policy, See Here.

We use cookies and similar technologies to support this website's essential functions, as well as for analytics, personalization, and marketing purposes.