McKenzie Memorial data breach discloses data breach affecting over 58k People

Between April 14 and April 15, 2025, McKenzie Memorial Hospital suffered a data breach. The hospital discovered the breach on the second day of the intrusion, June 19, 2025. After the discovery, the hospital reportedly secured its network and law enforcement was notified. Third-party cybersecurity specialists were engaged to investigate the incident.

According to the Department of Health & Human Services disclosure, 58,839 people across the United States have been affected

The review determined that a range of sensitive information may have been accessed including personally identifiable information (PII) such as first and last name, address, phone number, email address, Social Security number, driver's license or state ID number, date of birth, and financial account information, including employee bank account numbers.

In addition, protected health information (PHI) was potentially compromised, including medical diagnosis, date of service, patient account number, medical record number, health insurance claim number, health insurance policy number and treatment cost information.

The data breach was reported to the Maine Attorney General’s office (6 affected residents), the Massachusetts Attorney General’s office (17 affected residents) and the New Hampshire Attorney General’s office (2 affected residents) on July 24, 2025.

The hospital has also posted a Notification of Data Security Incident on its own website.

Written notification letters were sent to all affected individuals for whom the hospital had address information.

McKenzie Memorial Hospital's response

As a result of the breach, the hospital reviewed and enhanced its data protection policies and implemented additional safeguards to strengthen its cybersecurity posture.

To support those affected, McKenzie Memorial Hospital is offering complimentary credit monitoring and identity protection services for up to 24 months through Cyberscout, a TransUnion company. Affected individuals are encouraged to enroll in these services within 90 days of receiving their notification letter.

The hospital has established a dedicated call center at 844-536-8079, available Monday through Friday, 8 a.m. to 8 p.m. Eastern Time, to answer questions and provide assistance.

Individuals are urged to remain vigilant by monitoring their credit reports, account statements and explanation of benefits forms for any suspicious activity or errors.