Cyber Incident Victim: McKenzie Health System

On April 14, 2025, McKenzie Memorial Hospital experienced an external system breach that was characterized as a hacking incident. The breach remained undetected until June 19, 2025, when the hospital’s security team discovered the unauthorized access. According to the breach notification filed with the Maine Attorney General, the incident compromised the personal information of 54,016 individuals, of whom six were residents of Maine. The notification did not specify the exact data elements that were compromised. The hospital’s location is listed as 120 Delaware Street, Sandusky, MI 48471.

Following discovery, the hospital arranged for written notification to be sent to all affected individuals, with the mailing date set for July 24, 2025. The notification informed recipients of the breach and offered them the opportunity to enroll in identity theft protection services. As part of the response, McKenzie Memorial Hospital provided twelve months of credit monitoring and identity theft protection through TransUnion at no cost to those who chose to participate. The offer was described in the notification as a protective measure for individuals wishing to mitigate potential misuse of their data. The breach notification was submitted by Amanda A. Ruggieri, counsel for the hospital, representing the law firm Cipriani & Werner, PC. No further details about the attacker’s methods or the specific systems involved were disclosed in the available source.