Monongalia Health System, Data Breach Affects 4,895 Patients

Published
May 9, 2025
Updated
May 9, 2025
Monongalia Health System, Data Breach Affects 4,895 Patients
Mon Health System
Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info

Affected by the

Mon Health System

data breach?

Join the Lawsuit

It's free to join. 

On March 3, 2025, Monongalia Health System, Inc. (Mon Health) discovered a data breach that exposed sensitive information belonging to at least 4,895 individuals. The breach was the result of a phishing attack targeting a small number of employee email accounts. Cybercriminals gained unauthorized access to these accounts, allowing them to view documents containing personal and health information.

The types of information exposed include names, physician names, facility names, medical information, Social Security numbers and health insurance policy numbers.

The breach was reported to the U.S. Department of Health and Human Services on May 3, 2025. You can view the official disclosure on the HHS breach portal.

While the number of affected individuals is relatively limited compared to some healthcare breaches, the exposure of both PHI and PII—especially Social Security and health insurance policy numbers—can increase the risk of identity theft and fraud for those impacted. The breach was caused by a phishing attack, which highlights the ongoing vulnerability of email systems to social engineering tactics.

Monongalia Health System's response

In response to the breach, Mon Health acted quickly to contain the incident and launched a thorough investigation with the help of computer forensic experts. The organization has implemented additional security measures to address the continually evolving threat landscape, including enhanced employee training to recognize phishing and other external attacks.

Notification letters were mailed to all potentially affected individuals on March 5, 2025. These letters include details about the incident and offer guidance on how to monitor and protect personal information. Mon Health has also established a toll-free call center at (833) 998-9762, available Monday through Friday from 8:00 am to 8:00 pm Eastern time (excluding holidays), to answer questions and provide support.

For those whose Social Security numbers or health insurance policy numbers may have been exposed, Mon Health is providing identity protection services at no cost. The company encourages all affected individuals to review their credit reports, consider placing fraud alerts or security freezes with the major credit bureaus, and remain vigilant for any signs of identity theft. Additional details and the full notice to consumers can be found on the Mon Health substitute notice page.

You can learn more about Mon Health and its services by visiting the Mon Health website.

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Affected Entity
Mon Health System
Consumers Notification date
Date of Breach
Breach Discovered Date
Total People Affected
Information Types Exposed
  • name
  • physician name
  • facility name
  • medical information
  • Social Security numbers
  • health insurance policy numbers
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image