Springfield Hospital Data Breach Exposes Sensitive Patient Information
Springfield Hospital, a not-for-profit critical access hospital in Springfield, Vermont, is under investigation following a data breach that compromised sensitive patient information. The incident, discovered on December 17, 2025, involved unauthorized access to an employee email account.
After detecting the breach, the hospital secured its email system and initiated an investigation to assess the scope of the exposure. By February 10, 2026, the probe confirmed that the compromised account contained personally identifiable information (PII) and protected health information (PHI) for certain individuals. Exposed data included:
- Full names
- Dates of birth
- Social Security numbers
- Reasons for medical visits
- Treating physician names
- Medical record numbers
The hospital serves communities across Windsor, Windham, and portions of Bennington counties in Vermont, as well as parts of Sullivan and Cheshire counties in New Hampshire, providing inpatient, outpatient, and emergency care services.
A class action law firm, Shamis & Gentile P.A., is now investigating potential legal claims for affected individuals, who may be eligible for compensation. The breach highlights ongoing risks to healthcare data security and the potential consequences for patients whose information was exposed.
Source: https://www.claimdepot.com/investigations/springfield-hospital-data-breach-2026
Springfield Hospital, Inc. cybersecurity rating report: https://www.rankiteo.com/company/springfield-hospital-vt
"id": "SPR1776191398",
"linkid": "springfield-hospital-vt",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Patients across Windsor, '
'Windham, and portions of '
'Bennington counties in Vermont, '
'as well as parts of Sullivan '
'and Cheshire counties in New '
'Hampshire',
'industry': 'Healthcare',
'location': 'Springfield, Vermont, USA',
'name': 'Springfield Hospital',
'type': 'Hospital'}],
'attack_vector': 'Unauthorized access to employee email account',
'data_breach': {'personally_identifiable_information': ['Full names',
'Dates of birth',
'Social Security '
'numbers',
'Reasons for medical '
'visits',
'Treating physician '
'names',
'Medical record '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally identifiable '
'information (PII)',
'Protected health information '
'(PHI)']},
'date_detected': '2025-12-17',
'date_publicly_disclosed': '2026-02-10',
'description': 'Springfield Hospital, a not-for-profit critical access '
'hospital in Springfield, Vermont, is under investigation '
'following a data breach that compromised sensitive patient '
'information. The incident involved unauthorized access to an '
'employee email account, which contained personally '
'identifiable information (PII) and protected health '
'information (PHI).',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'data breach',
'data_compromised': 'Personally identifiable information (PII) and '
'protected health information (PHI)',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential class action lawsuit investigation',
'systems_affected': 'Employee email system'},
'investigation_status': 'Ongoing',
'references': [{'source': 'Cyber incident report'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuit '
'investigation by Shamis & Gentile '
'P.A.',
'regulations_violated': ['HIPAA']},
'response': {'containment_measures': 'Secured email system',
'incident_response_plan_activated': 'Yes'},
'title': 'Springfield Hospital Data Breach Exposes Sensitive Patient '
'Information',
'type': 'Data Breach'}