The Fred Hutchinson Cancer Center (Fred Hutch) in Seattle has confirmed it suffered a major ransomware attack that may have exposed sensitive data of patients and staff. The breach, first disclosed in a statement this week, has prompted an ongoing federal investigation involving the FBI. Fred Hutch is a globally recognized research and treatment center, best known for its pioneering work in cancer and infectious diseases.
On November 19, 2023, Fred Hutch detected an ‘unauthorized activity’ in its systems and took immediate action to contain the intrusion. Forensic specialists later confirmed that the attack involved ransomware and may have included unauthorized access to patient data. However, the institution did not begin notifying affected individuals until May 24, 2025, more than six months after the initial compromise. Fred Hutch claimed that the delay was due to a ‘lengthy and complex review process’ to determine the scope of the breach.
While Fred Hutch has not confirmed the exact number of individuals affected, local media estimate the number could be anywhere above 800,000. Names, Social Security numbers, birth dates, medical records, and insurance data may have been accessed. Fred Hutch claims there is no evidence the stolen data has been misused. It is offering free identity protection to those affected.
In March 2025, Fred Hutch agreed to a $52.5 million settlement to resolve class‐action claims. Lawyers had filed the suit on behalf of approximately 2.1 million patients and staff, though only about 140,000 filed for settlement benefits by the May 7 deadline. Of the settlement, $11.5 million will go directly to claimants, $13.5 million is earmarked for infrastructure and security upgrades, and $25.5 million will fund medical‐fraud monitoring and insurance services for class members.
The FBI has launched a probe into the attack, as the incident appears to align with recent cyberattacks on U.S. healthcare infrastructure. Cybersecurity analysts suggest the breach may be linked to the same ransomware group that targeted other large hospitals in late 2023.
This breach underscores growing concerns about healthcare cybersecurity in the wake of increasingly sophisticated threats and highlights the urgent need for improved detection and response protocols across the sector. If you or your institution needs assistance in strengthening ransomware defenses, responding to data breaches, and safeguarding patient data, reach out to Otonata today.
