Woodlawn Hospital Data Breach Exposes PII & PHI

Woodlawn Hospital experienced a major data breach. On June 30, 2025, the hospital learned that its network had been accessed by an unauthorized actor. An investigation revealed that files were copied between June 25, 2025 and June 30, 2025. The hacked files contained sensitive information used for the operation of Woodlawn Hospital’s facilities.

The cybersecurity incident compromised both personally identifiable information (PII) and protected health information (PHI). Exposed information includes names, addresses, dates of birth, Social Security numbers, driver's license or state ID numbers, health insurance information and medical care information.

The data beach was disclosed to the U.S. Department of Health and Human Services on Aug. 25, 2025. Woodlawn Hospital also published a Notice of Data Security Incident on its website and disclosed the breach to the Vermont Attorney General's office on Dec. 11, 2025, and to the Massachusetts Attorney General on Dec. 13, 2025.

The total number of impacted individuals has not been released but is believed to include thousands of patients.

Woodlawn Hospital's response

In addition to required state and federal disclosures, the hospital will notify impacted individuals by mail. The organization has also set up a dedicated assistance line at 877-332-1724, Monday through Friday from 8:00 a.m. to 8:00 p.m. Central Time.

If you believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from Woodlawn Hospital.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

For more information about the hospital, visit the Woodlawn Hospital website.