Home
>
Data Breach>Cedar Valley Services

Cedar Valley Services Data Breach Exposes Sensitive Patient Info

Published
March 11, 2026
Updated
March 11, 2026
Cedar Valley Services Data Breach Exposes Sensitive Patient Info
Cedar Valley Services
Affected by the data breach? You may be entitled to compensation. Submit a claim today.

On Feb. 13, 2026, Cedar Valley Services, a nonprofit organization based in Southern Minnesota, reported a data breach to the U.S. Department of Health and Human Services.

The incident was classified as a ransomware attack, with the Qilin ransomware group claiming responsibility. On Dec. 21, 2025, Qilin posted on the Tor network, stating they had obtained data from Cedar Valley Services.

The breach was in both its method and potential impact. While the specific types of information exposed have not been detailed in the public disclosure, organizations like Cedar Valley Services typically handle a range of sensitive data, including personally identifiable information (PII) such as names, addresses, and Social Security numbers, as well as protected health information (PHI) related to the services they provide.

The breach was listed on the U.S. Department of Health and Human Services breach portal, confirming the number of individuals affected and the ransomware nature of the attack.

Cedar Valley Services' response

After discovering the breach, Cedar Valley Services notified federal authorities and began investigating the incident. The organization has not publicly detailed the specific steps taken to contain the breach or the exact resources made available to those affected. However, in ransomware cases, common best practices include securing systems, working with cybersecurity experts, and notifying impacted individuals.

Those who may have been affected should remain vigilant. It is recommended to monitor credit reports, review account statements for unusual activity, and consider placing a fraud alert or credit freeze with major credit bureaus.

Since both PII and PHI may have been compromised, individuals should also be alert for potential identity theft or misuse of medical information.

If Cedar Valley Services provides further instructions or offers services such as credit monitoring or identity theft protection, affected individuals are encouraged to take advantage of these resources.

SUBMIT YOUR CLAIM TO THE LAW FIRM HANDLING THIS INVESTIGATION

Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info
  • Affected information types not yet disclosed

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Sources

Disclosures

Breach Summary

Affected Entity
Cedar Valley Services
Consumers Notification date
Date of Breach
Breach Discovered Date
Total People Affected
Information Types Exposed

Data Breach Settlements

Essen Medical Associates $4M Data Breach Settlement
Mason Construction Data Breach Class Action Settlement
Cadence Bank $5.25M MOVEit Data Breach Class Action Settlement
Universal Lenders Data Breach Class Action Settlement
M&R Printing Equipment Data Breach Class Action Settlement
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image

What to Read Next

CommonSpirit Health Breach Affects Over 19,000 Individuals
March 11, 2026
CommonSpirit Health Breach Affects Over 19,000 Individuals
360training.com Data Breach Affects 24,594 Customers
March 11, 2026
360training.com Data Breach Affects 24,594 Customers
Ansell Healthcare Data Breach Affects 2k: Sensitive PII Exposed
March 11, 2026
Ansell Healthcare Data Breach Affects 2k: Sensitive PII Exposed
NADAP Data Breach Exposes Over 400,000 Records
March 11, 2026
NADAP Data Breach Exposes Over 400,000 Records