Huron Regional Medical Center Data Breach Exposes SSNs

On May 31, 2025, Huron Regional Medical Center (HRMC), based in Huron, South Dakota, detected suspicious activity within its computer network.

After an investigation, including the engagement of legal counsel and third-party forensic specialists, HRMC determined that an unauthorized party had gained access to its systems and copied sensitive data. On Aug. 21, 2025, HRMC identified the individuals whose information was included in the compromised data set.

The breach has been linked to the BEAST ransomware group, which claimed responsibility and asserted it had stolen 800GB of HRMC’s data. The group posted about the attack on the dark web on Aug. 21, 2025, indicating a significant and targeted cyberattack. The incident was classified as a ransomware attack, with the threat actor leveraging the Tor network to publicize their access.

The types of information exposed in this breach are extensive and include both personally identifiable information (PII) and protected health information (PHI).

The data accessed includes name, address, phone number, date of birth, Social Security number, Medicare number, Medicaid number, financial account information, health insurance details, date(s) and cost of service, lab results, medical diagnostic images, prescription information, and medical diagnosis and treatment information.

Not all data elements were impacted for every individual, but the scope is broad and includes highly sensitive medical and financial information.

According to the breach notification filed with the Montana Attorney General, 20 Montana residents were affected, though the total number of impacted individuals across all states has not been specified.

The incident was formally disclosed to regulators and the public on Sept. 9, 2025, and in the notice posted on HRMC’s website.pdf).

Huron Regional Medical Center's response

For those affected, HRMC is offering complimentary single-bureau credit monitoring, credit report, and credit score services for twelve months through Cyberscout, a TransUnion company. Impacted individuals have been notified by mail and provided with instructions to enroll in these services.

HRMC has also set up a dedicated assistance line at 833-456-9193, available Monday through Friday from 8 a.m. to 8 p.m. Eastern time, to answer questions and provide support.

Given the nature of the breach, a ransomware attack by a known cybercriminal group, affected individuals are strongly encouraged to remain vigilant. Recommended steps include monitoring credit reports and account statements for suspicious activity, placing fraud alerts or credit freezes with major credit bureaus, and notifying financial institutions of the breach.