St. Anthony Healthcare Data Breach Exposes Sensitive Patient Information
St. Anthony, a healthcare provider, recently disclosed a data breach that may have compromised sensitive personal and medical information. The incident came to light in late August 2024 when the organization detected suspicious activity within its network systems.
An investigation confirmed that an unauthorized third party accessed or acquired protected data between August 14 and August 28, 2024. The exposed information varies by individual but includes:
- Personal identifiers: Names, Social Security numbers, addresses, dates of birth, driver’s license numbers, and other government-issued IDs.
- Financial data: Payment card details and financial account information.
- Medical records: Diagnoses, treatment details, prescription information, medical device serial numbers, biometric data, and health insurance details (including policy and Medicare/Medicaid IDs).
St. Anthony has posted a breach notice on its website and is mailing notifications to affected individuals. For Massachusetts residents, the notices include a breakdown of the compromised data and 24 months of complimentary credit monitoring services. The full breach notice is available on St. Anthony’s website.
Source: https://straussborrelli.com/2025/12/31/st-anthony-regional-hospital-data-breach-investigation/
Saint Anthony Hospital cybersecurity rating report: https://www.rankiteo.com/company/saint-anthony-hospital
"id": "SAI1767418812",
"linkid": "saint-anthony-hospital",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Impacted individuals (number '
'not specified)',
'industry': 'Healthcare',
'name': 'St. Anthony',
'type': 'Healthcare Provider'}],
'customer_advisories': 'Data breach notification letters mailed to impacted '
'individuals',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Name',
'Social Security number',
'Address',
'Date of birth',
'Driver’s license number',
'Other government issued '
'identification number',
'Payment card information',
'Financial account information',
'Medical information '
'(billing/claims information, '
'diagnoses code, doctor’s name, '
'medical record number, mental '
'or physical '
'condition/treatment, medical '
'device/serial number, biometric '
'data, prescription information, '
'disability information, '
'treatment location, patient '
'ID/account number, beneficiary '
'number)',
'Health insurance information '
'(subscriber member number, '
'group/plan number, policy '
'number, beneficiary number, '
'Medicare/Medicaid ID)']},
'date_detected': '2024-08-00',
'description': 'St. Anthony experienced a data breach in which sensitive '
'personal identifiable information and protected health '
'information may have been compromised. The breach was '
'detected due to suspicious activity affecting certain systems '
'within its computer network.',
'impact': {'data_compromised': 'Sensitive personal identifiable information '
'and protected health information',
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': 'Certain systems within its computer network'},
'investigation_status': 'Completed',
'recommendations': 'Providing affected individuals with 24 months of '
'complimentary credit monitoring services',
'references': [{'source': 'St. Anthony Breach Notice'}],
'response': {'communication_strategy': 'Posted notice on website and mailed '
'data breach notification letters',
'incident_response_plan_activated': 'Yes'},
'threat_actor': 'Unauthorized third party',
'title': 'St. Anthony Data Breach',
'type': 'Data Breach'}