St. Anthony Regional Hospital Suffers Data Breach, Exposing Patient PII and PHI
In late August 2024, St. Anthony Regional Hospital, a faith-based healthcare provider in Carroll, Iowa, detected a data breach after identifying suspicious activity on its systems. An investigation revealed that unauthorized individuals accessed a portion of the hospital’s network between August 14 and 28, 2024, compromising sensitive patient data.
The breach exposed personally identifiable information (PII) and protected health information (PHI), including full names, addresses, dates of birth, Social Security numbers, driver’s license numbers, government-issued IDs, payment card details, and financial account information. While the total number of affected individuals remains unclear, at least 15 Massachusetts residents have been confirmed as impacted, with additional cases expected in other states.
The hospital reported the incident to the Massachusetts Attorney General on December 29, 2024, and posted a Notice of Privacy Event on its website. Affected individuals were notified by mail.
The breach raises concerns about potential phishing and social engineering attacks leveraging the stolen data. The responsible party has not been publicly identified, but the attack involved direct network intrusion and unauthorized file access.
In response, St. Anthony Regional Hospital secured its systems, launched a forensic investigation with cybersecurity experts, and is offering 24 months of free credit monitoring and identity theft protection through TransUnion. A dedicated call center (833-285-0683) has been established for affected individuals seeking assistance.
Source: https://www.claimdepot.com/data-breach/st-anthony-regional-hospital-2025
St. Anthony Regional Hospital cybersecurity rating report: https://www.rankiteo.com/company/st.-anthony-regional-hospital-&-nursing-home
"id": "ST.1767117019",
"linkid": "st.-anthony-regional-hospital-&-nursing-home",
"type": "Breach",
"date": "8/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'At least 15 residents of '
'Massachusetts, with additional '
'states expected to report',
'industry': 'Healthcare',
'location': 'Carroll, Iowa, USA',
'name': 'St. Anthony Regional Hospital',
'type': 'Healthcare Provider'}],
'attack_vector': 'Direct network intrusion',
'customer_advisories': 'Call center set up at 833-285-0683 for affected '
'individuals',
'data_breach': {'data_exfiltration': 'Files were accessed or downloaded '
'without authorization',
'personally_identifiable_information': ['Full name',
'Address',
'Date of birth',
'Social Security '
'number',
'Driver’s license '
'number',
'Other '
'government-issued '
'identification '
'numbers',
'Payment card '
'information',
'Financial account '
'information'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally identifiable '
'information (PII)',
'Protected health information '
'(PHI)']},
'date_detected': '2024-08-28',
'date_publicly_disclosed': '2025-12-29',
'description': 'In late August 2024, St. Anthony Regional Hospital '
'experienced a significant data breach that exposed personally '
'identifiable information (PII) and protected health '
'information (PHI) of current and former patients. '
'Unauthorized individuals gained access to a subset of the '
'hospital’s network between Aug. 14 and Aug. 28, 2024, '
'accessing or downloading certain files without authorization.',
'impact': {'brand_reputation_impact': 'Potential impact due to exposure of '
'sensitive patient data',
'data_compromised': 'Personally identifiable information (PII) and '
'protected health information (PHI)',
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': 'A subset of the hospital’s network'},
'investigation_status': 'Ongoing',
'recommendations': ['Sign up for free TransUnion identity theft protection '
'services',
'Monitor credit reports and financial accounts for '
'unusual activity',
'Be alert for phishing emails or phone calls',
'Consider placing a fraud alert or credit freeze with '
'major credit bureaus'],
'references': [{'source': 'St. Anthony Regional Hospital Notice of Privacy '
'Event'}],
'regulatory_compliance': {'regulatory_notifications': ['Reported to '
'Massachusetts '
'Attorney General']},
'response': {'communication_strategy': 'Notice of Privacy Event posted on '
'website, notifications mailed to '
'affected individuals',
'containment_measures': 'Secured network',
'incident_response_plan_activated': 'Yes',
'third_party_assistance': 'Cybersecurity experts'},
'title': 'St. Anthony Regional Hospital Data Breach',
'type': 'Data Breach'}