LockBit Ransomware Group Claims Responsibility for Iowa Hospital Data Breach Affecting 24,000 Patients
Clarinda Regional Health Center (CRHC), a 47-bed hospital in southwest Iowa, has notified 24,341 individuals of a data breach exposing sensitive personal and medical information. The compromised data includes names, Social Security numbers, medical records, health insurance details, financial account numbers, taxpayer IDs, dates of birth, and driver’s license numbers.
The breach was discovered on December 15, 2025, though unauthorized access may have occurred as early as October 2025. The Russia-based ransomware group LockBit claimed responsibility for the attack on December 11, 2025, though CRHC has not confirmed the group’s involvement, and details of the breach including whether a ransom was paid remain unconfirmed. CRHC is offering affected individuals 12 months of free credit monitoring through TransUnion, with enrollment open for 90 days from the notice date.
LockBit, active since 2019, operates a ransomware-as-a-service (RaaS) model, allowing affiliates to deploy its malware in exchange for a share of ransom payments. In 2025, the group claimed 133 attacks, 12 of which were confirmed by targeted organizations, including another healthcare breach at Insight Hospital & Medical Center (Illinois) in August 2025. So far in 2026, LockBit has attributed 156 attacks, with 18 confirmed, including three healthcare incidents: Mt. Spokane Pediatrics (WA), Elmwood Healthcare (RI), and Consorzio Selenia (Italy).
The attack on CRHC is part of a broader surge in ransomware targeting U.S. healthcare providers. In 2025, 142 confirmed ransomware attacks on hospitals and clinics exposed 12.3 million patient records. In 2026, at least 16 additional attacks have compromised 66,400 records, with recent incidents involving groups like PEAR, Inc, Qilin, and Lynx. These attacks disrupt critical systems, forcing providers to cancel appointments, divert patients, or revert to manual record-keeping while facing ransom demands or prolonged downtime.
Founded in 1939, CRHC serves southwest Iowa through its main hospital and two family health centers in Villisca and Bedford. The full extent of the breach’s impact on operations remains unclear.
Clarinda Regional Health Center cybersecurity rating report: https://www.rankiteo.com/company/clarinda-regional-health-center
Insight Hospital and Medical Center cybersecurity rating report: https://www.rankiteo.com/company/insightchicago
"id": "CLAINS1780504049",
"linkid": "clarinda-regional-health-center, insightchicago",
"type": "Ransomware",
"date": "10/2025",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'customers_affected': '24,341 patients',
'industry': 'Healthcare',
'location': 'Southwest Iowa, USA',
'name': 'Clarinda Regional Health Center (CRHC)',
'size': '47-bed hospital',
'type': 'Hospital'}],
'customer_advisories': 'Notification to affected individuals, offering 12 '
'months of free credit monitoring through TransUnion '
'(enrollment open for 90 days from notice date)',
'data_breach': {'number_of_records_exposed': '24,341',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Medical records',
'Health insurance details',
'Financial account numbers',
'Taxpayer IDs',
'Dates of birth',
'Driver’s license numbers']},
'date_detected': '2025-12-15',
'description': 'Clarinda Regional Health Center (CRHC), a 47-bed hospital in '
'southwest Iowa, has notified 24,341 individuals of a data '
'breach exposing sensitive personal and medical information. '
'The compromised data includes names, Social Security numbers, '
'medical records, health insurance details, financial account '
'numbers, taxpayer IDs, dates of birth, and driver’s license '
'numbers.',
'impact': {'data_compromised': 'Sensitive personal and medical information, '
'including names, Social Security numbers, '
'medical records, health insurance details, '
'financial account numbers, taxpayer IDs, '
'dates of birth, and driver’s license numbers',
'identity_theft_risk': 'High',
'operational_impact': 'Disruption of critical systems, potential '
'cancellation of appointments, diversion of '
'patients, or manual record-keeping',
'payment_information_risk': 'High'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain',
'ransomware': {'ransomware_strain': 'LockBit'},
'references': [{'source': 'Cyber Incident Description'}],
'response': {'communication_strategy': 'Notification to affected individuals, '
'offering 12 months of free credit '
'monitoring',
'third_party_assistance': 'TransUnion (credit monitoring)'},
'threat_actor': 'LockBit',
'title': 'LockBit Ransomware Group Claims Responsibility for Iowa Hospital '
'Data Breach Affecting 24,000 Patients',
'type': 'Ransomware'}