Sturgis Hospital

Sturgis Hospital, based in Sturgis, Michigan, experienced two separate data breaches in **December 2024** and **June 2025**, resulting in the theft of sensitive personal and medical information of patients and former patients. The compromised data includes **names, contact details, government IDs (e.g., Social Security numbers), financial account information (e.g., bank account numbers), health insurance details, and clinical records** (such as prescriptions, treatment histories, and medical data). The breach has led to concerns that the stolen data is being **sold on the dark web**, exposing affected individuals to potential identity theft, financial fraud, and misuse of medical information. The hospital is notifying impacted parties, and a law firm (Wolf Haldenstein) is investigating claims on behalf of victims to assess legal recourse for damages arising from the incident. The breach underscores significant risks to **patient privacy, financial security, and trust in healthcare institutions**, with long-term repercussions for both the hospital’s reputation and the affected individuals’ safety.

Source: https://www.globenewswire.com/news-release/2025/09/29/3158161/6819/en/Sturgis-Hospital-Data-Breach-Alert-Issued-By-Wolf-Haldenstein.html

TPRM report: https://www.rankiteo.com/company/sturgis-hospital

"id": "stu0502205093025",
"linkid": "sturgis-hospital",
"type": "Breach",
"date": "12/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Patients and former patients '
                                              '(exact number not specified)',
                        'industry': 'Healthcare',
                        'location': 'Sturgis, Michigan, USA',
                        'name': 'Sturgis Hospital',
                        'type': 'Healthcare Provider'}],
 'customer_advisories': 'Direct notifications sent to affected patients and '
                        'former patients',
 'data_breach': {'data_exfiltration': True,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High (includes PII, financial, and '
                                        'medical data)',
                 'type_of_data_compromised': ['Names',
                                              'Contact Information',
                                              'Government Identification '
                                              'Numbers (e.g., Social Security '
                                              'numbers)',
                                              'Financial Account Details '
                                              '(e.g., bank account numbers)',
                                              'Health Insurance Details',
                                              'Clinical Information (e.g., '
                                              'prescriptions, treatment '
                                              'records)']},
 'date_publicly_disclosed': '2025-09-29',
 'description': 'Sturgis Hospital, located in Sturgis, Michigan, announced '
                'that the personal information of patients and former patients '
                'may have been stolen as part of two separate data breaches '
                'which occurred in December 2024 and June 2025. The '
                'compromised data includes names, contact information, '
                'government identification numbers (e.g., Social Security '
                'numbers), financial account details (e.g., bank account '
                'numbers), health insurance details, and clinical information '
                '(e.g., prescriptions, treatment records). The data is '
                'reportedly being offered for sale on the dark web.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'exposure of sensitive patient data',
            'data_compromised': True,
            'identity_theft_risk': 'High (personal and financial data exposed)',
            'legal_liabilities': 'Under investigation by Wolf Haldenstein '
                                 'Adler Freeman & Herz LLP for potential '
                                 'consumer rights violations',
            'payment_information_risk': 'High (financial account details '
                                        'compromised)'},
 'initial_access_broker': {'data_sold_on_dark_web': True,
                           'high_value_targets': ['Patient medical records',
                                                  'Financial data']},
 'investigation_status': 'Ongoing (legal investigation by Wolf Haldenstein)',
 'motivation': ['Financial Gain', 'Data Theft'],
 'ransomware': {'data_exfiltration': True},
 'references': [{'date_accessed': '2025-09-29',
                 'source': 'Wolf Haldenstein Adler Freeman & Herz LLP Press '
                           'Release'}],
 'regulatory_compliance': {'legal_actions': 'Investigation by Wolf Haldenstein '
                                            'Adler Freeman & Herz LLP for '
                                            'potential consumer rights '
                                            'litigation'},
 'response': {'communication_strategy': 'Public disclosure via press release '
                                        '(September 29, 2025); direct '
                                        'notifications to affected '
                                        'individuals'},
 'stakeholder_advisories': 'Affected individuals advised to monitor for '
                           'suspicious activity; legal firm offering '
                           'consultation for impacted parties',
 'title': 'Sturgis Hospital Data Breach (December 2024 & June 2025)',
 'type': ['Data Breach', 'Unauthorized Access']}