Springfield Hospital Data Breach Exposes SSNs and Medical Information

Springfield Hospital, a not-for-profit critical access hospital in Springfield, Vt., disclosed a data breach involving unauthorized access to an employee email account.

Springfield Hospital posted a notice of data security incident on its website on April 10, 2026. According to the notice, the hospital learned on Feb. 10, 2026, that personal and health information may have been compromised.

On Dec. 17, 2025, an unauthorized actor accessed a single employee email account at Springfield Hospital. The hospital said it recently discovered the unauthorized access, though it did not provide a specific date for when the intrusion was first detected.

Following the discovery, the hospital launched an investigation to determine the nature and scope of the incident. The investigation sought to find out whether any sensitive data, including personal or health information, had been accessed or acquired by the unauthorized party.

On Feb. 10, 2026, the hospital learned that the compromised email account contained a limited amount of personal and health information that may have been accessed. The specific information involved varied by individual.

The personally identifiable information (PII) exposed included full names, dates of birth and Social Security numbers.

Protected health information (PHI) that may have also been exposed included reasons for visit, treating physician names and medical record numbers.

Springfield Hospital's response to the breach

Springfield Hospital has set up a dedicated and confidential toll-free response line at 833-289-6183. The line is staffed with professionals who are familiar with the incident and knowledgeable about what can be done to protect personal information.

It is available Monday through Friday, 8:00 a.m. to 8:00 p.m. Eastern Time, excluding holidays. Individuals who believe they may have been impacted but did not receive a notification letter can also call this number.

Steps to take if your information was exposed

Because this breach involved Social Security numbers and protected health information, affected individuals should take prompt action to protect themselves from potential identity theft and medical fraud.

• Place a fraud alert on credit files by contacting any one of the three major credit bureaus, which will notify the others: Equifax at 1-800-525-6285, Experian at 1-888-397-3742 or TransUnion at 1-800-680-7289.
• Consider placing a security freeze on credit files to prevent new accounts from being opened by contacting Equifax at 1-888-298-0045, Experian at 1-888-397-3742 or TransUnion at 1-888-909-8872.
• Request free credit reports at AnnualCreditReport.com or by using the printable request form, and review them carefully for unfamiliar accounts or unauthorized inquiries.
• Monitor Explanation of Benefits statements from health insurance companies for any services not received, and follow up with insurers or care providers about any unrecognized items.
• Watch for phishing attempts that reference Springfield Hospital or this data breach by name, as scammers may try to use the incident to trick people into sharing more personal information.
• Report suspicious activity to local law enforcement and file a complaint with the Federal Trade Commission at 1-877-438-4338 if there are signs of identity theft or fraud.