George E. Weems Memorial Hospital, a 25-bed critical access hospital in Florida, suffered a cybersecurity breach where two employee email accounts were compromised between May 6–12, 2025, exposing sensitive patient data. The breach was discovered on September 22, 2025, revealing that the accessed accounts contained personally identifiable information (PII) and protected health information (PHI), including full names, Social Security numbers, addresses, driver’s license numbers, medical histories, health insurance details, and account information.The hospital began notifying affected individuals in October 2025, offering credit monitoring services. The incident poses risks of identity theft, financial fraud, and unauthorized medical data exposure, potentially leading to long-term harm for patients. Legal investigations are underway, with class-action lawsuits being prepared for compensation claims. The breach underscores vulnerabilities in healthcare cybersecurity, particularly in safeguarding employee email systems and patient confidentiality.
Source: https://www.claimdepot.com/investigations/weems-memorial-hospital-data-breach-2025
TPRM report: https://www.rankiteo.com/company/weems-memorial-hospital
"id": "wee3992439102225",
"linkid": "weems-memorial-hospital",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Franklin County, Florida, USA',
'name': 'George E. Weems Memorial Hospital',
'size': '25-bed critical access hospital '
'(not-for-profit)',
'type': 'Hospital'}],
'attack_vector': 'Compromised Employee Email Accounts',
'customer_advisories': ['Review and save notification letters',
'Enroll in credit monitoring services (if offered)',
'Monitor accounts for suspicious activity',
'Consider placing a fraud alert',
'Request free credit reports',
'Seek legal help if needed'],
'data_breach': {'data_exfiltration': 'Likely (data accessed by unauthorized '
'party)',
'personally_identifiable_information': ['Full name',
'Social Security '
'number',
'Address',
'Email',
'Phone number',
'Driver’s license '
'number',
'Patient ID number',
'Medical diagnosis '
'and history',
'Health insurance '
'information'],
'sensitivity_of_data': 'High (includes SSNs, medical history, '
'and health insurance information)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-09-22',
'date_publicly_disclosed': '2025-10-20',
'description': 'George E. Weems Memorial Hospital experienced a cybersecurity '
'incident involving unauthorized access to two employee email '
'accounts, exposing sensitive patient information including '
'full names, Social Security numbers, medical history, and '
'other personally identifiable information (PII). The breach '
'was discovered on September 22, 2025, with the incident '
'occurring between May 6 and May 12, 2025. Affected '
'individuals were notified beginning October 20, 2025.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive patient data',
'data_compromised': ['Full name',
'Social Security number',
'Address',
'Email',
'Phone number',
'Driver’s license number',
'Account information',
'Patient ID number',
'Medical diagnosis and history',
'Provider name',
'Health insurance information',
'Dates of service'],
'identity_theft_risk': 'High (due to exposure of SSNs, driver’s '
'license numbers, and other PII)',
'legal_liabilities': 'Potential lawsuits and compensation claims '
'from affected individuals',
'systems_affected': ['Employee Email Accounts']},
'initial_access_broker': {'entry_point': 'Compromised employee email accounts',
'high_value_targets': 'Patient data (PII/PHI)'},
'investigation_status': 'Ongoing (as of October 2025)',
'recommendations': ['Enroll in free credit monitoring services (if offered)',
'Monitor financial statements for suspicious activity',
'Place a fraud alert on credit reports',
'Request free annual credit reports from major bureaus',
'Seek legal counsel if affected'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'},
{'source': 'George E. Weems Memorial Hospital Notice of Data '
'Security Incident'}],
'regulatory_compliance': {'legal_actions': 'Potential lawsuits by affected '
'individuals (investigation '
'ongoing by Shamis & Gentile '
'P.A.)'},
'response': {'communication_strategy': 'Public notice published on hospital '
'website; mail notifications sent to '
'affected individuals beginning '
'October 20, 2025',
'incident_response_plan_activated': 'Yes (investigation '
'conducted)',
'recovery_measures': 'Notification letters sent to affected '
'individuals; credit monitoring services '
'offered (if applicable)'},
'stakeholder_advisories': 'Affected individuals notified via mail; public '
'notice published on hospital website',
'threat_actor': 'Cybercriminal (unspecified)',
'title': 'George E. Weems Memorial Hospital Data Breach',
'type': 'Data Breach'}