Marshfield Clinic Data Breach Affects 35,952 Patients

On Nov. 7, 2025, Marshfield Clinic Health System, a major nonprofit health care provider serving Wisconsin and Michigan’s Upper Peninsula, disclosed a data breach to the U.S. Department of Health and Human Services, exposing both personally identifiable information (PII) and protected health information (PHI) of at least 35,952 current and former patients across the U.S.

The details of the data exposed have been posted on credible news outlets. The types of data exposed may include names, addresses, dates of birth, Social Security numbers, medical information and health insurance information.

While the specific method of the breach has not been publicly detailed, the incident was significant enough to require notification under federal law. The scale and nature of the information involved make this a serious event, as both PII and PHI are highly sensitive and can be misused for identity theft or fraud.

Marshfield Clinic Health System's response

In response to the breach, Marshfield Clinic Health System notified relevant authorities as well as the individuals impacted by the cybersecurity event.

If you believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from Marshfield Clinic Health System or your provider.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.