
Toledo-based outpatient surgery facility, Wildwood Surgical Center, disclosed a data breach that exposed sensitive personal, medical and financial information. The breach occurred over a three-day period in late June 2025.
Wildwood discovered the breach on June 26, 2025, and reported the incident to federal law enforcement, according to the company's notification posted on its website on July 13, 2026, more than a year after the breach occurred.
On June 26, 2025, Wildwood Surgical Center became aware of a potential security incident when it was alerted to suspicious activity taking place on its computer network, according to the company's notification. Upon receiving the alert, the company brought in outside specialists to investigate the full nature and scope of the incident.
The investigation determined that an unauthorized party had gained access to the company's computer network and acquired certain data without authorization. The unauthorized access began on June 24, 2025, which was two days before the suspicious activity was detected, and continued through June 26, 2025. During this three-day window, data that was stored on the company's network was both accessed and taken by the unauthorized party.
After confirming that data had been compromised, Wildwood commenced a review of the affected data set. The purpose of this review was to identify what specific information was contained in the compromised data and to determine which individuals' information was involved.
The review process required analyzing the compromised data and matching it to specific individuals. The company completed its analysis on May 13, 2026, nearly 11 months after the breach was first detected. At that point, Wildwood confirmed that the compromised data contained both personal information and protected health information belonging to certain members of its health care community.
The types of personally identifiable information (PII) exposed in the breach included first and last names, Social Security numbers, government identification numbers (such as driver's license or passport numbers) and dates of birth. Protected health information (PHI) was also involved, including medical treatment and diagnostic information and health insurance information.
Financial data was compromised as well, including medical billing details, bank account numbers and payment or credit card numbers.
Wildwood stated that affected individuals for whom the company had mailing addresses on file would receive notification letters by mail in the coming weeks.
In its notification, Wildwood encouraged all individuals to remain vigilant against incidents of identity theft and fraud from any source. The company provided detailed guidance on protective measures that affected individuals can take to help safeguard their personal information. Wildwood also directed individuals to the Federal Trade Commission and state attorneys general as additional resources for learning about identity theft and steps to protect personal information.
Wildwood has set up a dedicated assistance line at 833-319-7579 for individuals who have questions or need more information about the incident. Affected individuals may also reach the company by email at info@wildwoodsurgical.com, by phone at 419-578-7500 or toll-free at 1-877-861-8383.








.webp)
.webp)
.webp)

.webp)
.webp)
.webp)
.webp)