Adams County Memorial Hospital Hit by Phishing Attack, Exposing Patient Data
Adams County Memorial Hospital, a 25-bed critical access facility in Decatur, Indiana, is under investigation following a data breach that exposed sensitive patient information. The incident stemmed from a phishing attack on December 22, 2025, targeting an employee’s email account. Adams Health Network, the hospital’s parent organization, detected the compromise on March 12, 2026, and took immediate steps to secure the account.
An investigation revealed that the breached email contained personally identifiable information (PII) of 5,305 individuals, including names, addresses, dates of birth, Social Security numbers, medical diagnoses, insurance details, and financial data. The hospital reported the breach to the U.S. Department of Health and Human Services on May 11, 2026.
While there is no evidence that the attackers specifically sought patient data or that the information has been misused, the hospital is offering affected individuals 12 months of free credit monitoring through CyberScout, a TransUnion company. Legal firms are now reviewing potential compensation claims for those impacted.
Source: https://www.claimdepot.com/investigations/adams-county-memorial-hospital-data-breach-2026
Adams Health Network TPRM report: https://www.rankiteo.com/company/adams-county-memorial-hospital
Adams County Memorial Hospital TPRM report: https://www.rankiteo.com/company/adams-county-memorial-hospital
"id": "ada1780612261",
"linkid": "adams-county-memorial-hospital",
"type": "Breach",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '5305',
'industry': 'Healthcare',
'location': 'Decatur, Indiana, USA',
'name': 'Adams County Memorial Hospital',
'size': '25-bed critical access facility',
'type': 'Hospital'}],
'attack_vector': 'Email',
'customer_advisories': '12 months of free credit monitoring offered to '
'affected individuals',
'data_breach': {'number_of_records_exposed': '5305',
'personally_identifiable_information': 'Names, addresses, '
'dates of birth, '
'Social Security '
'numbers',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personally identifiable '
'information (PII), medical '
'diagnoses, insurance details, '
'financial data'},
'date_detected': '2026-03-12',
'date_publicly_disclosed': '2026-05-11',
'description': 'Adams County Memorial Hospital, a 25-bed critical access '
'facility in Decatur, Indiana, is under investigation '
'following a data breach that exposed sensitive patient '
'information. The incident stemmed from a phishing attack on '
'December 22, 2025, targeting an employee’s email account. The '
'breached email contained personally identifiable information '
'(PII) of 5,305 individuals, including names, addresses, dates '
'of birth, Social Security numbers, medical diagnoses, '
'insurance details, and financial data.',
'impact': {'data_compromised': 'Personally identifiable information (PII), '
'medical diagnoses, insurance details, '
'financial data',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential compensation claims under review',
'payment_information_risk': 'High',
'systems_affected': 'Employee email account'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'root_causes': 'Phishing attack leading to email '
'account compromise'},
'references': [{'source': 'Cyber incident report'}],
'regulatory_compliance': {'legal_actions': 'Potential compensation claims '
'under review',
'regulations_violated': 'HIPAA (presumed)',
'regulatory_notifications': 'Reported to U.S. '
'Department of Health '
'and Human Services'},
'response': {'communication_strategy': 'Notification to affected individuals '
'and HHS',
'containment_measures': 'Secured the compromised email account',
'third_party_assistance': 'CyberScout (credit monitoring)'},
'title': 'Adams County Memorial Hospital Phishing Attack',
'type': 'Phishing Attack',
'vulnerability_exploited': 'Employee email account compromise'}