Cyber Incident Victim: Regions Hospital

In August 2022, Regions Hospital in Saint Paul, Minnesota, experienced a data breach involving unauthorized network access. The health system discovered that an individual had infiltrated its secure network with the intent of stealing payments from a health insurer. The attacker successfully accessed a document containing the personal information of approximately 980 patients. This document specifically included affected individuals' Social Security numbers along with their first and last names. No medical records or financial details beyond Social Security numbers were present in the compromised file. The hospital did not publicly disclose the exact method of network intrusion or whether the perpetrator succeeded in stealing insurer payments. The breach timeline indicates the incident occurred on or around August 1, with Regions Hospital identifying the security compromise during that month.

Upon confirming the breach, Regions Hospital initiated notification procedures for all 980 impacted patients by August 30, 2022. The organization provided affected individuals with details about the specific types of exposed personal data while clarifying that broader medical or financial records remained secure. As remediation, the hospital offered all notified patients one complimentary year of identity theft protection services. Regions Hospital did not report whether law enforcement investigations were ongoing or if additional security measures were implemented following the incident. The breach exclusively affected patients whose Social Security numbers and names were contained within the single accessed document, with no indication of wider system compromise or operational disruption to hospital services.