Howard Memorial Hospital Breach Affects 17,703 Patients: Health Info Exposed

On January 30, 2025, Howard Health Systems dba Howard Memorial Hospital discovered that an unauthorized party had gained access to its network environment. The hospital, located in Nashville, Arkansas, determined through a forensic investigation and manual document review that the breach occurred on October 5, 2024. As a result, the personal and health information of 17,703 individuals in the United States was potentially accessed or acquired by the unauthorized party.

The types of information exposed in this incident included both personally identifiable information (PII) and protected health information (PHI). Specifically, the data accessed or acquired may have included first and last names (PII), as well as clinical or treatment information, medical provider names, medical record numbers, and/or patient account numbers (PHI). This combination of data is particularly sensitive, as it could be used for identity theft or medical fraud.

The breach was officially disclosed to the U.S. Department of Health and Human Services on March 31, 2025. You can review the official disclosure on the HHS breach portal. Additionally, Howard Memorial Hospital posted a detailed notice for affected individuals on its website, which is available as a PDF at the hospital’s data breach notice page.

Howard Health Systems' response

On March 31, 2025, the hospital notified all individuals whose information may have been included in the files accessed by the third party. The hospital has provided best practices for protecting personal information and has made resources available for those affected. The notice to consumers includes detailed instructions on placing a fraud alert or a security freeze on credit files, obtaining free credit reports, and monitoring for signs of identity theft or medical fraud.

If you believe you may have been affected but have not received a notification, you can contact the hospital’s incident response line at 1-833-998-8262, Monday through Friday, 8 a.m. to 8 p.m. Eastern Time. Given the nature of the information exposed, it is important for affected individuals to remain vigilant.

More information about the hospital and its services can be found on the Howard Memorial Hospital website.