OCH Regional Medical Center Data Breach Affects 51,266 People

Published

March 25, 2025

Updated

July 1, 2025

OCH Regional Medical Center

Types of INFORMATION affected

Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info

On September 8, 2023, OCH Regional Medical Center in Starkville, Mississippi, experienced a significant data breach that compromised sensitive information belonging to 51,266 individuals across the United States, including 4 residents of Massachusetts.

The breach wasn't discovered by OCH Regional Medical Center until six days later on September 14, 2023. According to disclosures made to both the Massachusetts Attorney General's Office and the U.S. Department of Health and Human Services, unauthorized access to the hospital’s systems resulted in the exposure of a wide range of personally identifiable information (PII) and protected health information (PHI).

The types of information exposed in this incident include medical records, Social Security numbers, account numbers, addresses, dates of birth, diagnoses, disability codes, insurance and payer information, names, and phone numbers. This combination of PII and PHI increases the risk of identity theft and medical fraud for those affected.

The breach was publicly disclosed to the Massachusetts Attorney General's Office on June 13, 2025, and to the U.S. Department of Health and Human Services on March 11, 2025. OCH Regional Medical Center has also posted a notice to consumers on their website with additional details.

OCH Regional Medical Center's response

In response to the breach, OCH Regional Medical Center initiated an internal investigation and worked with cybersecurity experts to contain and assess the impact of the incident. The hospital has notified affected individuals and regulatory authorities as required by law. If you believe your information may have been involved, it is important to review any correspondence from OCH Regional Medical Center and follow their guidance.

Given the sensitive nature of the exposed data—including Social Security numbers, medical records, and insurance details—affected individuals should take the following steps:

Monitor your credit reports and bank accounts for any unusual activity.
Consider placing a fraud alert or credit freeze with major credit bureaus.
Be vigilant about phishing attempts or suspicious communications that may reference your medical or personal information.
Review your medical insurance statements for unauthorized services.

For more information about the hospital, visit the OCH Regional Medical Center website.

Protect Your Data

A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.

This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.