Adams Health Network Breach Exposes Sensitive Patient Information

Adams Health Network, which operates Adams Memorial Hospital in Decatur, Indiana, disclosed a data breach that affected 5,305 individuals in the United States.

Adams Health Network discovered the breach on March 12, 2026, and began notifying affected patients in May 2026. The organization reported the incident to the U.S. Department of Health and Human Services Office for Civil Rights on May 11, 2026. It also posted a notice of the cybersecurity incident on its website on the same date.

On Dec. 22, an employee's email account at Adams Health Network was compromised through a phishing attack, according to the company's notification. Phishing is a common type of cyberattack in which a person is tricked into giving access to their account or sharing sensitive information. This typically happens when someone clicks on a deceptive link or responds to a fraudulent email designed to appear as if it comes from a trusted source.

The compromise went undetected for nearly three months until Adams Health Network identified the unauthorized access in March 2026. After the breach was detected, the organization launched an investigation to determine what information the compromised email account contained and whether any patient data had been affected.

The specific types of information exposed included names, addresses, dates of birth, Social Security numbers, dates of service, diagnoses, charges and insurance information. This data encompasses both personally identifiable information (such as Social Security numbers, names and dates of birth) and protected health information (such as diagnoses, dates of service and insurance details).

Adams Health Network's response

Adams Health Network is offering 12 months of free credit monitoring services to affected individuals through CyberScout, a TransUnion company. This service can help affected patients detect any unauthorized use of their personal information, including new accounts that may be opened in their name. Enrollment details were included in the notification letters being sent to affected individuals.

The organization is also recommending that affected patients closely monitor their healthcare accounts for any suspicious or unusual activity. Patients who notice anything potentially fraudulent should notify their insurance company or healthcare provider as soon as possible, according to the notification.

Adams Health Network offered its "sincere apologies to patients and their families for any inconvenience this incident may cause." Individuals who received a notification letter or who believe they may have been impacted by the incident can call 877-791-2689 with any questions. The call center is available Monday through Friday, 9 a.m. to 7 p.m. Eastern Time.