On May 31, 2025, HRMC detected a cyber intrusion later attributed to the BEAST ransomware group, which exfiltrated 800GB of sensitive data, including PII (names, SSNs, financial accounts, addresses) and PHI (medical records, lab results, prescriptions, treatment histories, insurance details, and diagnostic images). The breach impacted at least 20 Montana residents, with broader exposure across multiple states. The attackers leveraged the Tor network to publicize the theft on the dark web (Aug. 21, 2025). HRMC confirmed the incident involved unauthorized access, data copying, and a ransomware demand, though the total victim count remains undisclosed. Affected individuals received 12 months of credit monitoring and fraud alerts, with HRMC establishing a dedicated support line. The breach poses severe risks of identity theft, financial fraud, and medical privacy violations, given the depth of exposed information.
Source: https://www.claimdepot.com/data-breach/huron-regional-medical-center-2025
TPRM report: https://www.rankiteo.com/company/huron-regional-medical-center
"id": "hur1602516091125",
"linkid": "huron-regional-medical-center",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '20 (Montana residents; total '
'unspecified)',
'industry': 'healthcare',
'location': 'Huron, South Dakota, USA',
'name': 'Huron Regional Medical Center (HRMC)',
'type': 'healthcare provider'}],
'attack_vector': ['network intrusion', 'Tor network for publicity'],
'customer_advisories': ['Enroll in 12-month single-bureau credit monitoring '
'(Cyberscout)',
'Vigilance against identity theft/fraud',
'Report suspicious activity to HRMC or credit '
'bureaus'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '800GB (total individuals '
'unspecified; 20 confirmed in '
'Montana)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (PII + PHI)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'protected health information '
'(PHI)',
'name',
'address',
'phone number',
'date of birth',
'Social Security number',
'Medicare number',
'Medicaid number',
'financial account information',
'health insurance details',
'date(s) and cost of service',
'lab results',
'medical diagnostic images',
'prescription information',
'medical diagnosis and treatment '
'information']},
'date_detected': '2025-05-31',
'date_publicly_disclosed': '2025-09-09',
'description': 'On May 31, 2025, Huron Regional Medical Center (HRMC) '
'detected suspicious activity within its computer network. An '
'investigation revealed that the BEAST ransomware group had '
'gained unauthorized access, copied 800GB of sensitive data '
'(including PII and PHI), and posted about the attack on the '
'dark web on Aug. 21, 2025. The breach affected at least 20 '
'Montana residents, with broader impact unspecified. HRMC '
'disclosed the incident publicly on Sept. 9, 2025, and offered '
'credit monitoring services to affected individuals.',
'impact': {'brand_reputation_impact': True,
'data_compromised': True,
'identity_theft_risk': True,
'operational_impact': True,
'payment_information_risk': True,
'systems_affected': True},
'initial_access_broker': {'data_sold_on_dark_web': True,
'high_value_targets': ['PII',
'PHI',
'financial data']},
'investigation_status': 'Completed (as of public disclosure on 2025-09-09)',
'motivation': ['financial gain', 'data theft'],
'post_incident_analysis': {'corrective_actions': ['Credit monitoring services',
'Public disclosure',
'Helpline setup']},
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'BEAST'},
'recommendations': ['Monitor credit reports and account statements for '
'suspicious activity',
'Place fraud alerts or credit freezes with major credit '
'bureaus',
'Notify financial institutions of the breach',
'Enroll in complimentary credit monitoring services '
'(Cyberscout)'],
'references': [{'source': 'Huron Regional Medical Center Breach Notification '
'(Website PDF)'},
{'source': 'Montana Attorney General Breach Filing'}],
'regulatory_compliance': {'regulatory_notifications': ['Montana Attorney '
'General']},
'response': {'communication_strategy': ['breach notification letters',
'website disclosure (PDF)',
'dedicated helpline (833-456-9193)'],
'incident_response_plan_activated': True,
'remediation_measures': ['credit monitoring services '
'(Cyberscout/TransUnion)',
'dedicated assistance line'],
'third_party_assistance': ['legal counsel',
'third-party forensic specialists']},
'stakeholder_advisories': ['Dedicated assistance line (833-456-9193)',
'Mail notifications to affected individuals'],
'threat_actor': 'BEAST ransomware group',
'title': 'Huron Regional Medical Center Ransomware Attack and Data Breach',
'type': ['ransomware', 'data breach']}