Northwoods Surgery Center Data Breach Exposes PHI and PII

Northwoods Surgery Center, an outpatient surgery center located in Virginia, Minnesota, disclosed a data breach involving unauthorized access to its computer network.

Northwoods Surgery Center became aware of unauthorized activity on its computer network on or around Sept. 8, 2025.

As soon as the activity was identified, the center took action to secure its network and work to prevent any further unauthorized access. Northwoods Surgery Center also engaged a team of third-party specialists to conduct a detailed investigation into the full scope and nature of the incident.

The investigation determined that the unauthorized activity took place over a window of nearly two months, between July 11 and Sept. 8, 2025. During that time, information stored on the network may have been accessed by an unauthorized party.

The types of information that may have been exposed include both personally identifiable information and protected health information including patient names, addresses, dates of birth, health insurance information, patient medical record numbers, doctor's name, practice type, medical date of service, medication information, diagnosis and treatment information and medical claims or billing information.

Northwoods Surgery Center posted a notice about the incident on its website, and states the analysis of the affected data remains ongoing.

Northwoods Surgery Center's response to the breach

The company is offering credit monitoring and identity protection services to potentially impacted individuals. Those who wish to learn more about the incident or enroll in these protective services can call the center's dedicated assistance line at 1-833-833-6099.

The line is available Monday through Friday from 8 a.m. to 8 p.m. EST, excluding U.S. holidays. Individuals may also reach the center by writing to 502 N. 6th Ave. W, Virginia, MN 55792.

Steps to take if your information was exposed

• Review Explanation of Benefits statements from health insurance providers for any medical services, procedures or charges that were not received or authorized.
• Monitor billing and account statements for unfamiliar charges or suspicious activity that could suggest misuse of personal or medical information.
• Place a fraud alert or credit freeze with the three major credit reporting agencies: TransUnion (1-800-680-7289), Experian (1-888-397-3742) and Equifax (1-888-298-0045).
• Request free credit reports at AnnualCreditReport.com and review them for any unfamiliar accounts or inquiries.
• Be cautious of phishing attempts that reference Northwoods Surgery Center or this breach by name, whether through emails, phone calls or text messages.
• Report suspected identity theft to the Federal Trade Commission at identitytheft.gov or by calling 1-877-438-4338.