Myrtue Medical Center Hospital 2025 Data Breach

Myrtue Medical Center Rural Hospital Breach (2025): Patient SSN & Driver's License Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

WorldLeaksRansomwareMedicalDriver's LicenseEmail AddressFull NamePhone NumberPhysical AddressSocial Security Number
High SeverityWebsite / service breach

Myrtue Medical Center Rural Hospital Breach (2025): Patient SSN & Driver's License Exposed

Rural hospital and health system in Iowa.

Verified by ObscureIQ Intelligence
67/100Breach Risk Index
27Data Value
40Market Recency
272dSince Breach

Breach Intelligence Summary

Entity: Myrtue Medical Center Hospital · Actor: WorldLeaks · Sources: 2 references
Attack: Ransomware
Profile: Healthcare provider · Hospital and medical services · Regional medical center · USA
Timeline: Breach (2025-06-24) · Indexed (Jul 29, 2025) · Year (2025)
Exposure: 44K records · 6 fields: Driver's License, Email Address, Full Name, Phone Number, Physical Address, Social Security Number
Status: Reported

Executive Summary

Myrtue Medical Center, a nonprofit critical-access hospital in Harlan, Iowa, suffered a data exfiltration attack discovered on June 13, 2025 when suspicious network activity was detected. The hospital immediately disconnected remote access, reset administrative credentials, and engaged a third-party cybersecurity firm. The WorldLeaks ransomware group claimed responsibility on June 24, 2025 by posting on its Tor-based leak site and asserting it had exfiltrated approximately 1.2 terabytes of data comprising 806,625 files.\n\nThe breach affected approximately 44,000 individuals based on records indexed by breach-tracking services. Compromised fields included names, email addresses, phone numbers, home addresses, dates of birth, driver's license numbers, and Social Security numbers. The high file count claimed by WorldLeaks (806,625 files) was misinterpreted by some early reporting as the count of affected individuals; the formal patient-individual count is substantially smaller and reflects the patient and employee population served by the hospital.\n\nFor affected patients and employees, the practical risk profile combines severe identity-fraud exposure with rural-hospital-specific risks. The combination of name, date of birth, address, Social Security number, and driver's license number is a strong base for synthetic identity fraud, fraudulent credit applications, and identity-verification bypass at financial institutions. Inclusion in the dataset confirms a hospital-care relationship in a small rural community where individuals may be readily identifiable based on name and address alone. Affected individuals should freeze credit at all three U.S. bureaus, monitor health-insurance statements, place fraud alerts at the major credit bureaus, and treat unsolicited contact referencing Myrtue Medical Center or related care relationships with caution.

ObscureIQ assessment: Severe risk of identity theft, medical fraud, insurance abuse, and targeted healthcare scams. Hospital data can also reveal sensitive treatment relationships.

Breach Impact

The institutional impact on Myrtue is substantial relative to the hospital's size. Federal HIPAA notification obligations, an Office for Civil Rights review, Iowa attorney-general filings, and emerging class-action litigation discussions are all underway. As a critical-access hospital with approximately 60 inpatient beds and limited cybersecurity budget and staffing, Myrtue faces operational challenges in remediation that are typical of small rural hospitals. The reputational impact is concentrated within the Harlan and Shelby County region where Myrtue is the primary local provider for acute and routine care, and where patient retention is unusually consequential. Operationally, the hospital continued to deliver care through paper-based workflows during system outages.

About Myrtue Medical Center Hospital

Myrtue Medical Center is a nonprofit critical-access hospital and rural health provider serving Harlan, Iowa, and surrounding Shelby County. Founded as a community hospital, Myrtue offers comprehensive medical, surgical, emergency, laboratory, radiology, and rehabilitation services to a primarily rural agricultural population in west-central Iowa. As a federally designated Critical Access Hospital, Myrtue receives Medicare reimbursement enhancements that support small rural hospitals serving geographically isolated communities. As a HIPAA-regulated rural hospital, Myrtue maintains patient identity, contact, insurance, billing, and clinical records across its emergency, inpatient, outpatient, and rehabilitation operations, alongside employee records typical of a community hospital with several hundred staff.

Why They Hold Your Data

Regional medical centers collect patient identity, contact, insurance, billing, appointment, and clinical records across hospital and administrative workflows.

Recent Developments

Myrtue Medical Center detected suspicious network activity on June 13, 2025 and immediately disconnected remote access, reset administrative credentials, and engaged a third-party cybersecurity firm. The WorldLeaks ransomware group claimed responsibility on June 24, 2025 by listing Myrtue on its Tor-based leak site and asserting it had exfiltrated 1.2 terabytes of data comprising approximately 806,625 files. Myrtue published a public notice on June 27, 2025 and established a toll-free hotline. The hospital has continued to provide patient care throughout the incident and indicated written notifications would be mailed once the forensic investigation concluded. The WorldLeaks group has been active throughout 2025 with multiple healthcare and small-business victims, including Coalinga Regional Medical Center, Family Farm and Home, and Heritage Communities.

Data Points Exposed

6 verified field types
Driver's License Critical
Email Address
Full Name High
Phone Number
Physical Address High
Social Security Number Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • Identity theft and synthetic identity construction using government-issued IDs
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Identity fraud & vehicle-related crime
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat
  • Full identity theft & synthetic identity fraud

Threat Actor: WorldLeaks

WorldLeaks
Ransomware

Attribution and method are based on available breach intelligence. Reported attack vector: Ransomware.

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
IdentityTheft.gov
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Myrtue Medical Center Hospital breach?

Myrtue Medical Center, a nonprofit critical-access hospital in Harlan, Iowa, suffered a data exfiltration attack discovered on June 13, 2025 when suspicious network activity was detected. The hospital immediately disconnected remote access, reset administrative credentials, and engaged a…

What data was exposed?

Verified fields include Driver's License, Email Address, Full Name, Phone Number, Physical Address, Social Security Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation