Minnesota Epilepsy Group Breach Exposes Sensitive Data

On Feb. 27, 2025, Minnesota Epilepsy Group discovered a cybersecurity incident affecting certain systems within its network environment. This event led to a disruption of some operations and possibly compromised sensitive patient personal and protected health information.

Patient data compromised in the data breach may include names, addresses, dates of birth, medical record numbers, EEG summaries, neuropsychology reports, medication records and health insurance information. The total number of impacted individuals has not been released, but could be in the thousands.

Exposure of medical and insurance records can put affected individuals at risk for identity theft and fraud. Minnesota Epilepsy Group published a Notice of Data Security Incident on its website on April 25, 2025.

Minnesota Epilepsy Group's response

Minnesota Epilepsy Group responded quickly to the incident by securing its systems and engaging third-party cybersecurity experts to investigate. In addition to required stated and federal disclosures, affected patients will be notified directly.

If you receive notice from Minnesota Epilepsy Group about this breach, you may want to:

• Sign up for free credit monitoring services, if offered.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

The organization set up a dedicated response line for impacted individuals and their families at 855-260-0830, Monday through Friday, 9:00am until 9:00pm Eastern time.

For more information about the healthcare organization and its services, visit the Minnesota Epilepsy Group website.