Delta Medical Systems Breach Exposes PHI and PII

On March 9, 2026, Delta Medical Systems, a Wisconsin-based medical device distributor and service provider, disclosed a data breach impacting personal information of 1,869 individuals, including nine Indiana residents and three New Hampshire residents. According to the HHS, 1,574 individuals had their protected heath information compromised.

The incident originated on July 15, 2025, when Delta Medical Systems detected unusual activity within its email environment. Action was taken to secure the network and an investigation was launched with the help of independent cybersecurity experts.

The forensic analysis determined that certain company data may have been accessed or acquired without authorization on July 15, 2025. A detailed review of the affected data, which concluded in November 2025, revealed that sensitive personal information was present in the compromised files.

The company then worked to identify and notify affected individuals, completing this process by Feb. 11, 2026.

The types of information exposed varied by individual but may have included name, date of birth, Social Security number, driver’s license or state identification number, bank account and routing number, medical information and health insurance information.

A public statement was posted to the company’s website.

Delta Medical's response

In response to the breach, Delta Medical implemented additional security measures to help prevent similar incidents in the future. For individuals whose Social Security numbers were involved, the company is offering 12 months of complimentary identity protection services through TransUnion.

These services include single bureau credit monitoring, credit report access and credit score monitoring. A dedicated toll-free call center has been established to answer questions and provide support to those affected.

Delta Medical Systems is also advising affected individuals to remain vigilant by reviewing account statements and monitoring free credit reports for any signs of fraud or identity theft.

The company’s notification includes guidance on how to place a fraud alert or security freeze on credit files, as well as contact information for national consumer reporting agencies and resources from the Federal Trade Commission and state attorneys general.