Myrtue Medical Center, a nonprofit critical-access hospital in Harlan, Iowa, suffered a data exfiltration attack discovered on June 13, 2025 when suspicious network activity was detected. The hospital immediately disconnected remote access, reset administrative credentials, and engaged a third-party cybersecurity firm. The WorldLeaks ransomware group claimed responsibility on June 24, 2025 by posting on its Tor-based leak site and asserting it had exfiltrated approximately 1.2 terabytes of data comprising 806,625 files.\n\nThe breach affected approximately 44,000 individuals based on records indexed by breach-tracking services. Compromised fields included names, email addresses, phone numbers, home addresses, dates of birth, driver's license numbers, and Social Security numbers. The high file count claimed by WorldLeaks (806,625 files) was misinterpreted by some early reporting as the count of affected individuals; the formal patient-individual count is substantially smaller and reflects the patient and employee population served by the hospital.\n\nFor affected patients and employees, the practical risk profile combines severe identity-fraud exposure with rural-hospital-specific risks. The combination of name, date of birth, address, Social Security number, and driver's license number is a strong base for synthetic identity fraud, fraudulent credit applications, and identity-verification bypass at financial institutions. Inclusion in the dataset confirms a hospital-care relationship in a small rural community where individuals may be readily identifiable based on name and address alone. Affected individuals should freeze credit at all three U.S. bureaus, monitor health-insurance statements, place fraud alerts at the major credit bureaus, and treat unsolicited contact referencing Myrtue Medical Center or related care relationships with caution.

Regional medical centers collect patient identity, contact, insurance, billing, appointment, and clinical records across hospital and administrative workflows.

Myrtue Medical Center detected suspicious network activity on June 13, 2025 and immediately disconnected remote access, reset administrative credentials, and engaged a third-party cybersecurity firm. The WorldLeaks ransomware group claimed responsibility on June 24, 2025 by listing Myrtue on its Tor-based leak site and asserting it had exfiltrated 1.2 terabytes of data comprising approximately 806,625 files. Myrtue published a public notice on June 27, 2025 and established a toll-free hotline. The hospital has continued to provide patient care throughout the incident and indicated written notifications would be mailed once the forensic investigation concluded. The WorldLeaks group has been active throughout 2025 with multiple healthcare and small-business victims, including Coalinga Regional Medical Center, Family Farm and Home, and Heritage Communities.