On 4 August 2021, Eskenazi Health — Indianapolis’s primary safety-net hospital serving the city’s most vulnerable and uninsured populations, and the only Level I adult trauma center in Indianapolis — suffered a Vice Society ransomware attack. Eskenazi detected the attack early and immediately took systems offline, preventing full encryption and keeping essential medical services operational. However, the attackers had already exfiltrated patient data during the dwell period preceding the encryption attempt. Vice Society published stolen patient data on its dark web leak site when Eskenazi declined to pay ransom. Leaked data included patient names, Social Security numbers, addresses, and medical information. Eskenazi serves approximately 500,000 patients annually and serves the Indianapolis metro area of 2 million people. The attack occurred during the Delta COVID-19 wave causing record hospitalisations, forcing patient diversions from the emergency department. The case is ethically significant: safety-net hospitals primarily serve low-income, uninsured, and underinsured patients with fewer resources to respond to identity theft or medical data exposure. Multiple individuals filed class-action suits against Eskenazi following the breach.