On July 16, 2025, HRMC detected unauthorized access to its systems between June 18 and July 16, 2025, by an external actor. The breach exposed sensitive patient and staff data, including names, Social Security numbers, dates of birth, driver’s license/state ID numbers, medical records, and demographic details. The full scope of affected individuals remains under investigation, but the incident poses significant risks of identity theft, financial fraud, and misuse of medical information. HRMC engaged third-party cybersecurity experts to contain the breach, review security protocols, and enhance safeguards. Regulatory notifications were filed with the South Carolina Attorney General, and affected individuals will receive written notices once the review concludes. The hospital has advised vigilance through credit monitoring, fraud alerts, and a dedicated support hotline (1-833-918-1845). The breach underscores vulnerabilities in healthcare data security, with potential long-term reputational and operational consequences for HRMC.
Source: https://www.claimdepot.com/data-breach/hampton-regional-medical-center-2025
TPRM report: https://www.rankiteo.com/company/hampton-regional-medical-ctr
"id": "ham1232212091325",
"linkid": "hampton-regional-medical-ctr",
"type": "Breach",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Varnville, South Carolina, USA',
'name': 'Hampton Regional Medical Center (HRMC)',
'type': 'Hospital'}],
'customer_advisories': ['Detailed notice on HRMC website',
'Written letters to affected individuals '
'(forthcoming)',
'Toll-free assistance line for questions and support'],
'data_breach': {'data_exfiltration': 'Possible (under investigation)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes SSN, medical records, '
'and demographic data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-07-16',
'description': 'On July 16, 2025, Hampton Regional Medical Center (HRMC) '
'discovered suspicious activity within its computer systems. '
'An investigation with third-party cybersecurity specialists '
'revealed that an unauthorized actor gained access to certain '
'HRMC systems between June 18 and July 16, 2025. The intruder '
'may have accessed or taken sensitive data belonging to '
'patients, staff, and others connected to the hospital. '
'Compromised data may include names, Social Security numbers, '
'dates of birth, driver’s license or state identification '
'numbers, medical information, and other demographic details.',
'impact': {'data_compromised': ['Names',
'Social Security numbers',
'Dates of birth',
'Driver’s license or state identification '
'numbers',
'Medical information',
'Demographic details'],
'identity_theft_risk': 'High (PII and medical data exposed)',
'systems_affected': 'Certain HRMC systems'},
'investigation_status': 'Ongoing (scope of breach still under review)',
'post_incident_analysis': {'corrective_actions': 'Reviewing and updating '
'administrative and '
'technical safeguards'},
'recommendations': ['Monitor account statements, credit reports, and '
'explanation of benefits for unusual activity',
'Consider placing fraud alerts or credit freezes with '
'major credit bureaus',
'Contact HRMC’s toll-free assistance line for support '
'(1-833-918-1845)'],
'references': [{'source': 'Hampton Regional Medical Center Website Notice'}],
'regulatory_compliance': {'regulatory_notifications': [{'date_notified': '2025-09-12',
'regulator': 'South '
'Carolina '
'Attorney '
'General'}]},
'response': {'communication_strategy': ['Detailed notice to consumers on '
'website',
'Written letters to affected '
'individuals (pending review '
'completion)',
'Toll-free assistance line '
'(1-833-918-1845, Mon-Fri 9 a.m. to 9 '
'p.m. ET)',
'Notification to government '
'regulators (e.g., South Carolina '
'Attorney General)'],
'containment_measures': 'Secured computer environment',
'incident_response_plan_activated': True,
'remediation_measures': 'Reviewing and updating administrative '
'and technical safeguards',
'third_party_assistance': True},
'threat_actor': 'Unauthorized actor',
'title': 'Hampton Regional Medical Center Data Breach',
'type': 'Data Breach'}