St. Anthony Regional Hospital Data Breach Exposes PII & PHI

In late August 2024, St. Anthony Regional Hospital, a faith-based healthcare provider in Carroll, Iowa, experienced a significant data breach that exposed personally identifiable information (PII) and protected health information (PHI) of current and former patients. So far, the total number of impacted individuals is unclear. However, at least 15 residents of Massachusetts has been impacted, with additional states expected to report in the future.

The incident was first detected when suspicious activity was noticed on certain systems. An investigation revealed that unauthorized individuals had gained access to a subset of the hospital’s network between Aug. 14 and Aug. 28, 2024. During this window, certain files were accessed or downloaded without authorization.

The breach exposed PII and PHI, including full name, address, date of birth, Social Security number, driver’s license number, other government issued identification numbers, payment card information, and financial account information.

The hospital reported the breach to the Massachusetts Attorney General on Dec. 29, 2025. It also posted a Notice of Privacy Event on its website. Impacted individuals have been notified by mail.

The incident is considered serious due to the nature of the unauthorized access and the potential for personal information to be used in phishing or social engineering attacks. The responsible party for the breach has not been publicly identified, but the method involved direct network intrusion and unauthorized file access.

St. Anthony Regional Hospital's response

After learning of the breach, St. Anthony Regional Hospital took immediate steps to secure its network and launched a comprehensive investigation with the help of cybersecurity experts. To support those affected, St. Anthony Regional Hospital is offering 24 months of complimentary credit monitoring and identity theft protection services through TransUnion.

If you receive notification from St. Anthony Regional Hospital or your provider about this breach, you may want to:

• Sign up for the free TransUnion identity theft protection services, offered by St. Anthony Regional Hospital.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For affected individuals with questions, St. Anthony Regional Hospital has set up a call center at 833-285-0683, Monday through Friday, 8 a.m. to 8 p.m. ET.