The sensitive personal and medical data of more than 257,000 patients was exposed after a January data breach impacted Nacogdoches Memorial Hospital (NMH) in East Texas.

A Texas hospital says a January cyberattack exposed the personal and medical data of more than 257,000 patients.
The stolen details include Social Security numbers and medical record information – the kind of data attackers can use for identity theft and phishing.
No hacker group has claimed the attack yet, leaving open questions about who was behind it and whether the stolen data could surface later.

Key Takeaways by nexos.ai, reviewed by Cybernews staff.

NMH says it first became aware of the unauthorized intrusion on January 31st, has since re-secured its systems, and began sending breach notifications to affected patients on March 31st.

“On January 31st, 2026, NMH became aware of a data security incident because of a cyberattack in which an unauthorized party compromised NMH’s computer network and information systems,“ the letter states.

Nacogdoches Memorial Hospital breach notice — The Nacogdoches Memorial Hospital began sending out breach notices to 257,073 patients on March 31st, 2026. Image by Cybernews

According to the Office of the Maine Attorney General, the initial breach took place on January 15th, meaning the hackers had been inside the hospital's network for almost two weeks before being observed.

The regional medical center says it immediately notified authorities, initiated an incident response plan, and launched an investigation – determining the attackers had accessed a treasure trove of private patient information stored on its servers.

“We sincerely regret any concern or inconvenience that this matter may cause its patients and remain dedicated to protecting patients’ personal information,” the hospital said.

medical data breach 3 — The attackers were in the system for about two weeks before the hospital became aware of the intrusion. Image by Guitar photographer | Shutterstock

What data was compromised?

Founded in 1928, the state-of-the-art, 226-bed acute care facility serves over 60,000 patients each year and is home to the region’s largest 24-hour emergency room and the only Level III (IAP) Trauma Center.

NMH is owned by the Nacogdoches County Hospital District and operates across seven locations, including the Nacogdoches Memorial HealthCare First Clinics and the Cecil Bomar Rehabilitation Center.

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.

18,611,353,922

Breached accounts

36,030

Breached websites

Total patient revenue for the hospital is listed at approximately $227.9 million.

NMH revealed the patient data at risk includes:

Patient’s name
Address and phone number
Email address
Social Security number
Date of birth
Medical record number
Medical account number
Health plan beneficiary number
Photographic image of the patient (possible)

The healthcare organization says it has no indication that anyone’s information has been misused so far. However, attackers often retain stolen data to craft targeted phishing attacks and commit identity theft, which may become apparent later on.

NMH has roughly 500 medical and support staff, but has not mentioned whether employee data was also affected.

It's also unknown whether the attack is ransomware-related, as no hacker group has claimed responsibility so far.

Don't miss our latest stories on Google News. Add us as your Preferred Source on Google

NMH says it has reinforced and enhanced its network security, updated security procedures, and implemented additional security awareness training “to prevent a similar event from occurring in the future.”

While the hospital is declining to offer free credit monitoring, according to the Maine Attorney General, it has established a toll-free phone and email hotline for patients with further questions or concerns.

Unlock more exclusive Cybernews content on YouTube.