A cyberattack on Myrtue Medical Center has exposed the personal, medical, and financial information of up to 806,000 individuals. The hackers claim to have stolen over 1.2 terabytes of data.
What happened
According to the Claim Depot, on June 13, 2025, Myrtue Medical Center detected suspicious activity on its computer systems. The breach was identified swiftly, prompting the hospital to shut down remote network access, reset all administrative credentials, and enlist a specialized third-party cybersecurity firm to launch a forensic investigation. Later, on June 24, a threat actor operating under the name Worldleaks (sometimes reported as “WorldLeaks”) claimed responsibility on the Tor network. According to the group, they exfiltrated a staggering 1.2 terabytes of data, comprising over 806,000 files.
Going deeper
Myrtue’s teams and the cybersecurity experts are still determining the scope of the breach. While the hospital hasn't confirmed the exact number of people affected, it warns that both patients and employees may be impacted. The data types suspected to be compromised include:
- Full names, addresses, dates of birth, and Social Security numbers
- Government-issued IDs (e.g., driver’s licenses, passports)
- Medical records: diagnoses, treatments, billing info
- Financial data, including bank or payment card information
The attack hasn’t been classified as ransomware, but “Worldleaks” may have demanded a ransom for the data’s return. Details about how the breach occurred, likely through remote-access tools or stolen credentials, haven’t been made public, though the hospital’s rapid response suggests early-term intrusion detection.
What was said
In a June 27 notice, Myrtue Medical Center said it “moved quickly to investigate, respond, and confirm the security of its systems.” Measures taken included: disconnecting remote access, changing administrative credentials, and enhancing overall security protocols. The hospital also committed to mailing written notices to all individuals whose information was confirmed as exposed. The hospital has established a toll-free hotline (866‑905‑8124) for affected parties to call Monday through Friday, 9 a.m.–9 p.m. CST, and advises individuals to monitor financial accounts and consider credit freezes or alerts via Equifax, Experian, and TransUnion.
Why it matters
The data of 806,000 individuals lands in the hands of cybercriminals, exposing sensitive medical, financial, and personal information.
See also: HIPAA Compliant Email: The Definitive Guide (2025 Update)
FAQS
Is the breach reportable under HIPAA?
Yes. Under HIPAA regulations, this breach is considered a reportable event and must be disclosed to the U.S. Department of Health and Human Services (HHS), affected individuals, and the media if it impacts more than 500 people.
See also: What are the HIPAA breach notification requirements
How can I monitor for signs of identity theft or medical fraud?
Watch for unexplained medical bills, denial of coverage for services you didn’t receive, incorrect medical records, or new credit accounts you didn’t open. Consider enrolling in an identity theft monitoring service.
Tshedimoso Makhene
