Marquette County Medical Care Facility Data Breach Exposes Sensitive Info

On March 3, 2025, Marquette County Medical Care Facility (MCMCF), a long-term and short-term care provider in Ishpeming, Michigan, discovered a data privacy incident involving unauthorized access to sensitive personal information. The breach originated from a business email compromise: attackers gained access to the Human Resources director’s Microsoft Office 365 account, which led to phishing emails being sent to contacts from that account.

An investigation determined that the exposed information included both personally identifiable information (PII) and PHI. Compromised information includes a combination of individuals’ names, Social Security numbers, dates of birth, protected health information (PHI), and bank details.

The breach is considered severe due to the sensitivity of the information accessed and the method of compromise, which involved targeted phishing and unauthorized email access. Marquette County Medical Care Facility disclosed the data breach to the U.S. Department of Health and Human Services on June 18, 2025, reporting 1,499 individuals with PHI affected.

Marquette County Medical Care Facility's response

Marquette County Medical Care Facility issued a press release and a Notice of Data Privacy Incident on June 23, 2025. A review is in process and affected individuals will be notified.

If you believe your personal or protected health information may have been compromised in this breach:

• Carefully review any notice or communication you receive from Marquette County Medical Care Facility.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

For more about the healthcare organization, visit the Marquette County Medical Care Facility homepage.