Open Accessibility Menu
Hide

Notice of Cybersecurity Incident

North Oaks Health System takes the confidentiality and security of our patients’ information very seriously. Regrettably, we recently addressed a cybersecurity incident involving some of that information. This notice explains the incident and the measures we have taken in response.

On June 4, 2025, we became aware of suspicious activity associated with certain employee email accounts. Upon identifying the activity, we promptly took steps to secure the accounts and began our investigation. We also reported the incident to law enforcement. The investigation revealed that an unauthorized person
accessed a subset of emails and attachments within certain employee email accounts between May 28, 2025 and June 5, 2025.

We analyzed the emails and attachments the unauthorized actor viewed and determined that patient information was involved. The information involved varied by individual, but may have included demographic information, including names and dates of birth, health insurance information, clinical information relating to patient care at North Oaks, and, in some instances, Social Security numbers.

We are mailing letters to individuals whose information was involved in the incident and offering those individuals with Social Security numbers involved complimentary credit monitoring and identity theft protection services. If you believe you were affected by this incident and do not receive a letter by October 2, 2025, please call our dedicated, confidential call center, which is available at 866-559-4681, 8:00 am – 5:30 pm, Central Time, Monday through Friday, excluding major U.S. holidays.

We want to assure you that we take this matter very seriously and regret any concern this may cause you. To that end, we continue to make significant investments in technology, education, and other resources. To help prevent something like this from happening again, we are enhancing our security protocols and technical safeguards to further protect and monitor our systems, as well as bolstering employee cybersecurity awareness through ongoing employee training.