Madison Healthcare Services 2025 Data Breach

Madison Healthcare Services Long-Term Care Breach (2025): Patient SSN & Home Address Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

WorldLeaksMedicalEmail AddressFull NamePhone NumberPhysical AddressSocial Security Number
High SeverityWebsite / service breach

Madison Healthcare Services Long-Term Care Breach (2025): Patient SSN & Home Address Exposed

Regional healthcare organization offering clinic, senior, and specialty services.

Verified by ObscureIQ Intelligence
88/100Breach Risk Index
27Data Value
60Market Recency
124dSince Breach

Breach Intelligence Summary

Entity: Madison Healthcare Services · Actor: WorldLeaks · Sources: 2 references
Attack: Unknown
Profile: Healthcare provider · Long-term care and rehabilitation services · Regional care provider · USA
Timeline: Breach (2025-09-23) · Indexed (Dec 24, 2025) · Year (2025)
Exposure: 24K records · 5 fields: Email Address, Full Name, Phone Number, Physical Address, Social Security Number
Status: Reported

Executive Summary

Madison Healthcare Services, a regional healthcare organization based in Madison, Minnesota offering family medicine, primary care, behavioral health, senior services, and specialty care, suffered a data exfiltration attack between July 2025 and August 2025. MHS identified suspicious network activity, engaged outside cybersecurity specialists, and confirmed unauthorized access through forensic investigation. The WorldLeaks ransomware group claimed responsibility on September 23, 2025 by listing MHS on its Tor-based leak site. MHS posted a public notice on December 1, 2025 and filed with HHS on December 2, 2025 using a 500-individual placeholder figure pending file review. The breach affected approximately 24,000 individuals based on records indexed by breach-tracking services. Compromised fields included names, email addresses, phone numbers, home addresses, and Social Security numbers. As an integrated rural healthcare organization with senior and rehabilitation services, the underlying records exfiltrated by the attackers also include patient and resident identity, insurance, billing, clinical, and treatment information typical of family medicine, behavioral health, and long-term care operations, beyond the more limited field set surfaced publicly. For affected patients, residents, and family members, the practical risk profile is unusually severe given the inclusion of senior-care patients. The combination of name, address, and Social Security number is a strong base for synthetic identity fraud and fraudulent credit applications. Inclusion in the dataset confirms a healthcare relationship in a small rural community where individuals may be readily identifiable based on name and address alone. Senior-care residents and their family members are an unusually attractive target for fraud schemes that exploit cognitive vulnerability or family-emergency framings. Affected individuals should freeze credit at all three U.S. bureaus, monitor health-insurance and Medicare statements closely, alert family members of elderly patients to be cautious of unsolicited contact, and treat unsolicited communications referencing MHS, senior services, or behavioral health programs with caution.

ObscureIQ assessment: High sensitivity. Exposure enables identity theft, medical fraud, and exploitation of elderly or dependent residents and their families. Long-term care records can also reveal disability or vulnerability status.

Breach Impact

The institutional impact on Madison Healthcare Services is substantial relative to the organization's size and the vulnerability of its patient population. Federal HIPAA notification obligations, an Office for Civil Rights review, Minnesota attorney-general filings, and active class-action litigation discussions are all underway. The vulnerability of MHS patients, particularly elderly residents in senior services and rehabilitation programs, increases regulatory and litigation exposure because such populations are categorically more susceptible to fraud. As a rural healthcare provider, MHS faces operational challenges in remediation that are typical of small rural health systems with limited cybersecurity budgets and staffing. The reputational impact is concentrated within western Minnesota where MHS is one of the few local healthcare options and patient retention is unusually consequential.

About Madison Healthcare Services

Madison Healthcare Services (MHS) is a regional healthcare organization based in Madison, Minnesota, serving individuals and families across western Minnesota's Lac qui Parle County and surrounding rural communities. The provider offers a broad range of services including family medicine, primary care, behavioral health services, senior services, and specialty providers in dermatology, surgery, and other clinical fields. MHS employs over 200 individuals across its clinic and senior care operations. As a HIPAA-regulated rural healthcare provider, MHS maintains comprehensive protected health information including patient and resident identity, contact, insurance, billing, treatment, and family or guardian records, alongside long-term care and rehabilitation records typical of an integrated rural health system serving a primarily elderly and family patient population.

Why They Hold Your Data

Long-term care and rehabilitation providers collect patient or resident identity, contact, insurance, billing, treatment, and family or guardian records across care operations.

Recent Developments

Madison Healthcare Services identified suspicious network activity in late summer 2025 and engaged third-party digital forensics specialists. The forensic investigation confirmed unauthorized access to its network between July 2025 and August 2025. The WorldLeaks ransomware group, an active 2025 threat actor that has also targeted Coalinga Regional Medical Center, Myrtue Medical Center, Family Farm and Home, and Heritage Communities, claimed responsibility on September 23, 2025 by listing MHS on its Tor-based leak site. MHS posted a public notice of the incident on December 1, 2025 and reported the breach to the U.S. Department of Health and Human Services on December 2, 2025 using a placeholder figure of 500 affected individuals pending the file review. Class-action investigations by U.S. plaintiff law firms began organizing in December 2025.

Data Points Exposed

5 verified field types
Email Address
Full Name High
Phone Number
Physical Address High
Social Security Number Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • Identity theft and synthetic identity construction using government-issued IDs
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat
  • Full identity theft & synthetic identity fraud

Threat Actor: WorldLeaks

WorldLeaks
Unknown

Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
IdentityTheft.gov
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Madison Healthcare Services breach?

Madison Healthcare Services, a regional healthcare organization based in Madison, Minnesota offering family medicine, primary care, behavioral health, senior services, and specialty care, suffered a data exfiltration attack between July 2025 and August 2025. MHS identified suspicious network…

What data was exposed?

Verified fields include Email Address, Full Name, Phone Number, Physical Address, Social Security Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation