George E. Weems Memorial Hospital notifies patients of email breach exposing protected health information

George E. Weems Memorial Hospital has begun notifying patients of a data security incident involving unauthorized access to two employee email accounts, potentially exposing sensitive personal and medical information.

The hospital, which serves residents of Franklin County and surrounding areas in Florida, said notification letters were mailed beginning October 20, 2025, following the completion of a detailed forensic investigation. The intrusion was initially detected on May 12, 2025, and investigators determined that the two email accounts had been accessed without authorization between May 6 and May 12, 2025.

A review of the compromised accounts revealed on September 22, 2025, that they contained protected health information (PHI) belonging to certain patients. The exposed data varied by individual but may have included names, addresses, phone numbers, email addresses, Social Security numbers, driver’s license numbers, account details, patient identification numbers, diagnoses, medical histories, provider names, dates of service, and health insurance information.

The hospital stated that there is no evidence to suggest any misuse of the information to date. However, out of an abundance of caution, complimentary credit monitoring services have been offered to individuals whose Social Security numbers were involved in the incident.

George E. Weems Memorial Hospital emphasized its commitment to patient privacy and data protection, noting that it has implemented multiple safeguards to reduce the likelihood of similar incidents. “We have taken many precautions to protect the privacy of patient information and will continue to enhance our security measures,” the hospital said in its statement.

As of this week, the incident has not yet appeared on the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) data breach portal, and the total number of affected individuals remains undetermined. The hospital said it is cooperating fully with authorities and continuing to evaluate its cybersecurity practices to prevent future breaches.