Adams Health Network Reports Data Breach Affecting 5,305 Patients
Adams Health Network, which operates Adams Memorial Hospital in Decatur, Indiana, disclosed a data breach impacting 5,305 individuals in the U.S. The incident stemmed from a phishing attack on December 22, 2025, in which an employee’s email account was compromised after interacting with a fraudulent link.
The breach went undetected for nearly three months until March 12, 2026, when unauthorized access was identified. An investigation revealed that the compromised account contained sensitive patient data, including names, addresses, dates of birth, Social Security numbers, medical diagnoses, insurance details, and dates of service.
Adams Health Network reported the incident to the U.S. Department of Health and Human Services Office for Civil Rights on May 11, 2026, and began notifying affected patients the same month. The organization is offering 12 months of free credit monitoring through CyberScout (a TransUnion company) to help detect potential identity theft or fraudulent activity. Patients were also advised to monitor their healthcare accounts for suspicious activity.
The breach exposed both personally identifiable information (PII) and protected health information (PHI), raising concerns about potential misuse. Adams Health Network has set up a dedicated call center for affected individuals seeking further details.
Source: https://www.claimdepot.com/data-breach/adams-county-memorial-hospital-2026
Adams Health cybersecurity rating report: https://www.rankiteo.com/company/adams-health
"id": "ADA1780612330",
"linkid": "adams-health",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '5305',
'industry': 'Healthcare',
'location': 'Decatur, Indiana, U.S.',
'name': 'Adams Health Network',
'type': 'Healthcare Provider'}],
'attack_vector': 'Phishing',
'customer_advisories': 'Affected patients notified and advised to monitor '
'accounts for suspicious activity',
'data_breach': {'number_of_records_exposed': '5305',
'personally_identifiable_information': ['Names',
'Addresses',
'Dates of birth',
'Social Security '
'numbers',
'Medical diagnoses',
'Insurance details',
'Dates of service'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally identifiable '
'information (PII)',
'Protected health information '
'(PHI)']},
'date_detected': '2026-03-12',
'date_publicly_disclosed': '2026-05-11',
'description': 'Adams Health Network disclosed a data breach impacting 5,305 '
'individuals in the U.S. The incident stemmed from a phishing '
'attack on December 22, 2025, in which an employee’s email '
'account was compromised after interacting with a fraudulent '
'link. The breach exposed sensitive patient data, including '
'names, addresses, dates of birth, Social Security numbers, '
'medical diagnoses, insurance details, and dates of service.',
'impact': {'data_compromised': 'Personally identifiable information (PII) and '
'protected health information (PHI)',
'identity_theft_risk': 'Yes',
'systems_affected': 'Employee email account'},
'investigation_status': 'Completed',
'post_incident_analysis': {'root_causes': 'Phishing attack leading to '
'unauthorized access to an employee '
'email account'},
'recommendations': 'Monitor healthcare accounts for suspicious activity and '
'enroll in credit monitoring services',
'references': [{'source': 'Adams Health Network Disclosure'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA'],
'regulatory_notifications': ['Reported to U.S. '
'Department of Health '
'and Human Services '
'Office for Civil '
'Rights']},
'response': {'communication_strategy': 'Notified affected patients and set up '
'a dedicated call center',
'third_party_assistance': 'CyberScout (TransUnion)'},
'title': 'Adams Health Network Data Breach Affecting 5,305 Patients',
'type': 'Data Breach',
'vulnerability_exploited': 'Employee interaction with fraudulent link'}