McKenzie Memorial Hospital data breach affects over 50,000 individuals

McKenzie Memorial Hospital said a data security incident it suffered earlier this year compromised the sensitive personal data of more than 50,000 individuals.

 

Located in Sandusky, Michigan, McKenzie Memorial Hospital offers comprehensive rural healthcare, including emergency, family, inpatient/outpatient care, surgery, cardiopulmonary rehab, diagnostic imaging (MRI, 3D mammograms), and swing bed services.

 

In a data security incident notice filed with the Office of Maine Attorney General, McKenzie Memorial Hospital said that on April 15, it identified suspicious activity within its internal network. The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected network, contain the incident and notified relevant law enforcement authorities about the same.

 

“The investigation determined that limited information maintained on our network may have been accessed by an unauthorised actor between April 14, 2025, and April 15, 2025. On June 19, 2025, we completed our thorough review and determined that a limited

amount of personal information may have been accessed by an unauthorised party in connection with this incident,” McKenzie Memorial Hospital said.

 

The compromised data included names and other personal information including Social Security numbers. The filing with the Maine state regulator also states that McKenzie Memorial Hospital has identified at least 54,016 individuals impacted by the incident.

 

“Upon learning of this event We also reviewed our policies and procedures related

to data protection to help prevent similar incidents from occurring in the future,” the healthcare provider added.

 

McKenzie Memorial Hospital has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through TransUnion to all affected individuals

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on McKenzie Memorial Hospital. The healthcare provider also did not share details on who was behind the attack, how much data was compromised, or whether it had received a ransom demand.