Whitman Hospital Data Breach Exposes Social Security Numbers

On February 28, 2025, Whitman Hospital & Medical Clinics (WHMC) discovered unusual activity within their Information Technology (IT) environment, leading them to investigate a potential data breach. After detecting the suspicious activity, WHMC immediately secured their systems and notified law enforcement authorities. They also engaged a third-party forensic firm to assist with the investigation.

The investigation revealed that an unauthorized party gained access to certain systems within WHMC's IT environment between December 26, 2024, and February 28, 2025. During this period, the unauthorized individual may have accessed or acquired sensitive files containing both personally identifiable information (PII) and protected health information (PHI) of patients and members of WHMC’s Group Health Plan.

The exposed personally identifiable information (PII) includes names, dates of birth, addresses, Social Security numbers, and financial account information.
Protected health information (PHI) exposed includes diagnosis details, lab results, medications, treatment information, health insurance information, provider names, and dates of treatment.

Whitman Hospital & Medical Clinics has provided a detailed notice about the incident, which can be viewed in full at their official data breach notice.

Whitman Hospital & Medical Clinics's response

Beginning April 11, 2025, WHMC started mailing notification letters directly to individuals whose information may have been compromised in the breach. To assist affected individuals, WHMC is offering complimentary credit monitoring and identity protection services. Those who believe their information may have been involved or who have additional questions can contact WHMC directly at 855-549-2646, available Monday through Friday, from 6:00 a.m. to 6:00 p.m., Pacific Time, excluding major U.S. holidays.

Affected individuals are strongly encouraged to monitor statements from healthcare providers and health insurance plans closely. If any unfamiliar or unauthorized services appear, individuals should immediately contact their healthcare provider or insurance company.

WHMC has also implemented additional safeguards and technical security measures to further protect and monitor their systems, aiming to prevent future incidents.