Wood River Health Data Breach Affects 54,926 Individuals: SSNs Exposed

On May 29, 2025, Wood River Health discovered a major data breach involving unauthorized access to an employee email account. The breach occurred over nearly a month, from Aug. 8, 2024, to Sept. 6, 2024. During this period, an unauthorized actor accessed the email account and may have viewed or acquired sensitive information belonging to patients and employees.

Following an investigation with external cybersecurity experts, Wood River Health determined that a total of 54,926 individuals in the United States were affected by this incident, including 64 residents of Maine and 210 in Massachusetts.

The exposed information is extensive and includes both personally identifiable information (PII) and protected health information (PHI).

The exposed PII includes names, Social Security numbers, account numbers, account numbers with routing numbers, dates of birth, electronic/digital signatures, employer-assigned identification numbers, usernames and passwords or PINs.

The exposed PHI includes diagnoses, encounter numbers, health insurance group and subscriber numbers, medical billing and claims information, medical record numbers, Medicare and Medicaid identification, other health insurance information, patient account numbers, prescription and medication information, information about treating or referring physicians, and treatment details.

The breach was reported to state authorities, including the Maine Attorney General on July 28, 2025, plus the the Massachusetts Attorney General and the Vermont Attorney General on July 29, 2025. A detailed notice was also posted on the Wood River Health website.

Wood River Health's response

For those affected, Wood River Health is offering twelve months of complimentary credit monitoring and identity restoration services through Cyberscout, a TransUnion company. Impacted individuals should have received a written notice with instructions on how to enroll in these services.

The organization has also provided detailed guidance on steps individuals can take to protect themselves, such as monitoring credit reports, placing fraud alerts or credit freezes, and reporting any suspicious activity to the appropriate authorities.

Given that the breach involved access to both PII and PHI, it is especially important for affected individuals to take advantage of the free credit monitoring and to remain vigilant for signs of identity theft or fraud. Reviewing account statements, monitoring credit reports, and promptly reporting any unauthorized activity are strongly recommended.

For more information, individuals can call Wood River Health’s dedicated assistance line at 833-397-4705, Monday through Friday from 8 a.m. to 8 p.m. Eastern Time, or write to 823 Main St., Hope Valley, RI 02832.

More information about their services and mission is available on the Wood River Health website.