Michigan hospital hack exposes over 54K patients

A breach of McKenzie Memorial Hospital has exposed numerous patients’ data, including personal identifiable information (PII) and, in some cases, financial account data.

McKenzie wrote in a breach notification letter sent to thousands of affected individuals that attackers breached the hospital in mid-April this year. Information submitted to the Maine Attorney General’s Office revealed that over 54,000 people were impacted by the hacker attack.

“McKenzie Memorial Hospital also notified law enforcement and engaged third-party specialists to conduct an investigation. The investigation determined that an unauthorized actor accessed certain files on McKenzie Memorial Hospital’s network between April 14th, 2025, and April 15th, 2025,” the data breach notice reads.

Information the hospital submitted to authorities in New Hampshire revealed that the data breach may have exposed patients’ first and last names, together with Social Security numbers (SSNs) and financial account information.

Exposing personal details hampers individuals‘ privacy, opening them up to identity theft and phishing attacks. Attackers could try to craft tailor-made intrusions, developing healthcare scams and social engineering attacks. For example, cybercriminals could impersonate medical staff by extracting additional details from unsuspecting victims.

“Upon learning of this event, we took steps to strengthen our network security, conducted a thorough investigation, and took actions to mitigate the risk to the data. We also reviewed our policies and procedures related to data protection to help prevent similar incidents from occurring in the future,” the hospital said.

To help exposed individuals mitigate privacy concerns, McKenzie Memorial Hospital said it will provide them with complimentary credit monitoring services.