Marquis Companies Hit by LYNX Ransomware Attack, Exposing Sensitive Health and Personal Data Marquis Companies, a major provider of hospital and healthcare services, suffered a ransomware attack between August 9 and September 10, 2025, resulting in the theft of personally identifiable information (PII) and protected health information (PHI) belonging to current and former residents. The breach was detected on August 17, 2025, though the Oregon Attorney General’s office was not notified until November 21, 2025. The attack was attributed to the LYNX ransomware group, which claimed responsibility and later posted about the breach on the dark web on October 21, 2025. The stolen data included names, addresses, dates of birth, Social Security numbers, medical records, and health insurance details, with potential exposure of additional personal records tied to senior care services. LYNX infiltrated Marquis Companies’ network, exfiltrating sensitive data before encrypting systems—a tactic increasingly used to pressure victims into paying ransoms. The group threatened to release or sell the stolen information if demands were not met. Affected individuals were formally notified by mail on November 21, 2025. In response, Marquis Companies initiated an internal investigation and enlisted cybersecurity experts to assess the breach’s scope and reinforce system security. The incident highlights the growing threat of ransomware attacks targeting healthcare providers, where the compromise of PHI and PII can have severe consequences for affected individuals.