McKenzie Memorial Breach Exposes PII and PHI Data

McKenzie Memorial Hospital experienced a major data breach. On or around April 15, 2025, the hospital discovered suspicious activity on its network and an investigation determined an unauthorized actor may have accessed certain information between April 14 and April 15, 2025.

An ongoing review determined that compromised information may have included both personally identifiable information (PII) and protected health information (PHI). McKenzie Memorial Hospital posted a Notification of Data Security Incident on its own website on June 13, 2025.

Exposed information may include: Name, address, phone number, email address, Social Security number, driver's license/state ID number, date of birth, medical diagnosis, date of service, patient account number, medical record number, health insurance claim number, health insurance policy number, employee bank account number and/or treatment cost information.

McKenzie Memorial Hospital's response

McKenzie Memorial Hospital is continuing the investigation and has notified law enforcement. The hospital will be mailing letters to affected individuals and has posted a notice on the McKenzie Health website.

If you believe your personal or protected health information may have been compromised in this data breach:

• Carefully review any notice or communication you receive from McKenzie Health.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

McKenzie Health has also set up a call center to answer questions about the cybersecurity incident: 844-536-8079, 8:00 AM and 8:00 PM Eastern Time, Monday through Friday.

To learn more about the organization, visit the McKenzie Health System website.