Minnesota-based Lake Region Healthcare has disclosed that it experienced a significant data security incident last year that compromised the sensitive personal information of patients and staff.
Headquartered in Fergus Falls, Minnesota, Lake Region Healthcare is a nonprofit healthcare provider that operates two hospitals, more than 10 clinics, a cancer center, and assisted living facilities, providing healthcare services to communities across west-central Minnesota.
In a data security incident notice filed with the Office of Massachusetts Attorney General, LRH said that on May 19, 2025, it identified unauthorised access within its internal network. The healthcare service provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.
It also took steps to secure the affected systems and notified relevant law enforcement authorities about the same.
The investigation determined that “certain files may have been accessed or removed by the unauthorised individual(s) on or about May 19, 2925.”
The compromised data included names, addresses, contact information, dates of birth, Social Security numbers, financial information and government-issued identification numbers, medical and treatment information, health insurance information, medical record numbers and patient account numbers. While the total number of affected individuals is yet to be confirmed, according to reports, the breach affected at least 167,617 individuals.
While LRH found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.
It has also offered complimentary identity protection and credit monitoring services through Cyberscout to all affected individuals.
At the time of publishing, no known hacker group claimed responsibility for the cyber attack on LRH. The healthcare provider also did not share details on who was behind the attack, how much data was compromised, or whether it had received a ransom demand.
