Minnesota Epilepsy Group Breach Exposes Sensitive Personal and Medical Data

On Feb. 27, 2025, Minnesota Epilepsy Group discovered a cybersecurity incident affecting certain systems within its network environment. This event led to a disruption of some operations and possibly compromised sensitive patient personal and protected health information.

Patient data compromised in the data breach may include names, addresses, dates of birth, Social Security numbers, medical record numbers, EEG summaries, neuropsychology reports, medication records and health insurance information.

Exposure of medical and insurance records can put affected individuals at risk for identity theft and fraud. Minnesota Epilepsy Group published a Notice of Data Security Incident on its website on April 25, 2025, and filed a disclosure of the incident to the Massachusetts Office of Consumer Affairs and Business Regulation on June 5, 2026.

Minnesota Epilepsy Group's response

Minnesota Epilepsy Group responded to the incident by securing its systems and engaging third-party cybersecurity experts to investigate. In addition to required stated and federal disclosures, affected patients will be notified directly.

If you receive notice from Minnesota Epilepsy Group about this breach, you may want to:

• Sign up for free credit monitoring services, if offered.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

The organization set up a dedicated response line for impacted individuals and their families at 855-260-0830, Monday through Friday, 9:00am until 9:00pm Eastern time.