County of Catawba Data Breach 2025: 500 Affected · Qilin Ransomware Claim · NC Public Health. Filed With HHS OCR. What To Do.
County of Catawba (NC) — the county government that includes Catawba County Public Health — filed a HIPAA breach notification with the HHS Office for Civil Rights on November 19, 2025, reporting 500 affected individuals in a Hacking/IT Incident at a Network Server. The Qilin ransomware group claimed the county on its dark-web leak site on October 14, 2025 and posted a 432 GB data trove. The filed count is a placeholder; the population at risk is the county's public-health and social-services caseload.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Sep 15, 2025
Catawba County government website goes offline; Sheriff's office and other county service pages return errors. County does not initially attribute the outage to a cyber incident.
Sep 15, 2025
Attacker gained access
Sep 22, 2025
County website restored after roughly a week of intermittent availability. No official statement linking the outage to a cyberattack at this point.
Oct 14, 2025
Qilin ransomware group lists 'Catawba County Government' on its Tor-based data-leak site and posts a sample, claiming a 432 GB trove of county records.
Nov 19, 2025
County of Catawba files HIPAA breach notification with HHS Office for Civil Rights: 500 affected (placeholder), Hacking/IT Incident, Network Server, Health Plan.
Sep 15, 2025
Catawba County government website goes offline; Sheriff's office and other county service pages return errors. County does not initially attribute the outage to a cyber incident.
Sep 15, 2025
Attacker gained access
Sep 22, 2025
County website restored after roughly a week of intermittent availability. No official statement linking the outage to a cyberattack at this point.
Oct 14, 2025
Qilin ransomware group lists 'Catawba County Government' on its Tor-based data-leak site and posts a sample, claiming a 432 GB trove of county records.
Nov 19, 2025
County of Catawba files HIPAA breach notification with HHS Office for Civil Rights: 500 affected (placeholder), Hacking/IT Incident, Network Server, Health Plan.
Data exposed
03
Contact & insurance
Phishing + targeted scams
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
County of Catawba is the county government for Catawba County, North Carolina, headquartered in Newton and serving roughly 160,000 residents across Hickory, Newton, Conover, and the surrounding communities. The county directly operates Catawba County Public Health and Catawba County Social Services, both of which act as HIPAA-covered functions within the county. On November 19, 2025 the county filed a HIPAA breach notification with the HHS Office for Civil Rights, recording 500 affected individuals in a Hacking/IT Incident at a Network Server. The “500” figure is the placeholder that covered entities use when the document review is still in progress; the actual scope is almost certainly larger. Roughly a month earlier, on October 14, 2025, the Qilin ransomware group publicly claimed Catawba County Government on its dark-web leak site and posted a sample purporting to come from a 432 GB data set taken from county systems. The county website had been intermittently offline in mid-September, and the timing — outage, then Qilin listing, then HIPAA filing — fits the standard double-extortion sequence.
Timeline
- September 15, 2025 (approx.). Catawba County’s government website goes offline. Sheriff’s office and other county service pages return errors. The county does not initially tie the outage to a cyber incident in its public statements.
- September 22, 2025. The county website is restored after roughly a week of intermittent availability. No official attribution to a cyberattack is published at this point.
- October 14, 2025. The Qilin ransomware-as-a-service group lists “Catawba County Government” on its Tor-based data-leak site and posts a sample, claiming a 432 GB trove of county data.
- November 19, 2025. County of Catawba files the incident with HHS OCR as a Health Plan: 500 affected (placeholder), Hacking/IT Incident, Network Server. This is the entry that brings the incident into HIPAA’s public-record regime.
What was exposed
The HHS OCR portal entry records only the regulatory minimum: a Hacking/IT Incident touching a Network Server at a Health Plan. The county has not yet published a substitute notice that itemizes the data elements involved. Two facts narrow the picture meaningfully:
- The county runs Catawba County Public Health and Catawba County Social Services as HIPAA-covered functions, so the “Health Plan” filing pulls in patient, client, and benefits-recipient records — not just employee files.
- The Qilin leak-site sample is consistent with county business records (administrative file shares, scanned documents, employee directories), and Qilin states the trove totals 432 GB, which is large enough to encompass multiple departmental file servers.
Until the county’s substitute notice arrives, treat the following as plausibly within scope for anyone who interacted with the county as a patient, social-services client, or employee: full name, address, date of birth, Social Security number, driver’s license or state ID number, Medicaid number, health plan / insurance identifiers, clinical or case-management notes, financial information used for benefits or autopay, and minor children’s information for any household enrolled in WIC, child welfare, or Medicaid programs.
Why this population is especially exposed
A breach at a county government with a public-health and social-services footprint is materially different from a breach at a single clinic. The records on the network sit at the intersection of poverty, disability, immigration, family services, and substance-use treatment — categories where a re-identifiable leak has consequences far beyond credit fraud.
- Public-health caseload. Catawba County Public Health runs communicable-disease surveillance, STI and HIV services, maternal health, immunizations, and environmental health permitting. Diagnosis and test-result data on these files is exactly the data set people most want to keep out of a leak.
- Social-services caseload. Catawba County Social Services administers Medicaid, food and nutrition services (SNAP), child welfare, and adult protective services. A leak from these systems can expose victims of domestic violence, families under DSS investigation, and addresses of children in foster placements.
- Concentration of SSNs and Medicaid numbers. County eligibility records routinely contain SSN, Medicaid number, household income, and dependent SSNs on the same row — the high-leverage combination that drives medical-identity fraud and tax-refund fraud.
- Employee population. A county government breach also reaches employee HR records: SSNs, direct-deposit account numbers, dependent benefits enrollments. Treat the county workforce as in-scope, not just the public-facing caseload.
- Diminished detection capacity. Many county benefits recipients do not actively monitor credit reports or banking online, may not have personal email addresses on file with the county, and rely on mailed notices. Notification will reach this population slowly, and the protective window after a Qilin posting is short.
If you are a caregiver, foster parent, guardian, or family member of a Catawba County resident who receives services through Public Health or DSS, plan to take the protective steps below for them rather than waiting for them to act on a letter.
What the entity is offering
As of this writing, the county has not published a substitute notice with credit-monitoring details, an incident response hotline, or an enrollment code. The publicly verifiable record is limited to:
- The HHS Office for Civil Rights portal entry filed November 19, 2025.
- General county statements about restoration of services following the September outage.
- The inclusion of the breach in the NCDOJ 2025 Data Breach Report as part of the state-level rollup of 2,349 North Carolina breaches affecting roughly 9.3 million residents.
Specific offerings — credit monitoring duration, identity-restoration services, a dedicated incident response line — should appear in the individual mailed notification letters and on the county website once the document review concludes and the affected-individual count is finalized. North Carolina law also prohibits state and local entities from paying ransoms, which constrains the county’s options and tends to lengthen the recovery and notification window.
Class-action posture
No class-action complaints against County of Catawba have been filed or publicly investigated as of May 16, 2026. Sovereign-immunity doctrines limit private suits against North Carolina counties for negligence claims, and plaintiff firms historically pursue county-government breaches less aggressively than commercial breaches for that reason. Expect any litigation pressure to come instead through NCDOJ enforcement, OCR resolution agreements, and individual claims against any third-party vendors involved in the breach. This page will be updated if filings appear.
What to do
- Place free credit freezes at Equifax, Experian, and TransUnion. If you or a family member receives services through Catawba County Public Health or DSS, treat the household — including minor children — as in scope. Minor-child credit freezes are free and high-value because child SSNs are routinely sold for synthetic-identity fraud.
- Watch your mail closely for the next several months for an individual notification letter from County of Catawba. Read it for the enrollment code for any complimentary credit monitoring offered and for the specific data elements identified for your record.
- Request a new Medicaid card through the North Carolina Medicaid office if you or a household member is enrolled; flag the file for medical-identity fraud monitoring.
- Review Medicare and insurance Explanation of Benefits statements for the next 24 months for services or prescriptions you did not receive. Report unfamiliar items to the insurer’s fraud line immediately.
- File IRS Form 14039 (Identity Theft Affidavit) to obtain an IP PIN if you suspect tax-related identity theft.
- Be skeptical of unsolicited calls or texts that reference county benefits, a Medicaid renewal, or a child welfare case. With case-management detail potentially in the leak, social-engineering calls can sound legitimate. Hang up and call the relevant county department using a number from catawbacountync.gov.
- If you are a victim of domestic violence or have an active protective order, verify with DSS and the Sheriff’s office whether your address-confidentiality status was affected, and consider re-enrollment in the North Carolina Address Confidentiality Program.
- Stop the ongoing flow of your medical data. HealthConsent files HIPAA restriction requests so that the diagnosis, treatment, and benefits data exposed in a county-system breach is not continuously re-shared by downstream entities, brokers, and analytics vendors.
Sources
- HHS Office for Civil Rights Breach Portal. Federal regulatory record: County of Catawba, filed November 19, 2025; 500 affected; Hacking/IT Incident; Network Server; Health Plan; North Carolina.
- Catawba County Government — official county website. Entity reference and recovery communications.
- Catawba County Public Health. Confirms the county’s HIPAA-covered public-health function within the affected enterprise.
- HIPAA Journal — November 2025 Healthcare Data Breach Report. Independent trade-press confirmation of the OCR filing as a Health Plan breach.
- calHIPAA — Healthcare Data Breach Report for November 2025. Confirms the 500-affected placeholder figure and Hacking/IT Incident classification.
- Ransomware.live — Qilin victim listing for Catawba County Government. Public indexing of the Qilin leak-site claim dated October 14, 2025.
- Hookphish — Ransomware Group Qilin Hits: Catawba County Government. Independent ransomware-tracker writeup including the 432 GB volume claim.
- DysruptionHub — Catawba County, NC website restored after outage. Reporting on the September 2025 outage, the September 22 restoration, and the timing relative to the Qilin claim.
- NCDOJ — 2025 Data Breach Report. State-level rollup of North Carolina breach filings in 2025.
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- HHS Office for Civil Rights Breach Portal
- Catawba County Government — official county website
- Catawba County Public Health
- HIPAA Journal — November 2025 Healthcare Data Breach Report
- calHIPAA — Healthcare Data Breach Report for November 2025
- Ransomware.live — Qilin victim listing: Catawba County Government
- Hookphish — Ransomware Group Qilin Hits: Catawba County Government
- DysruptionHub — Catawba County, North Carolina website restored after outage
- NCDOJ — 2025 Data Breach Report (statewide context)
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.