Genoa Community Hospital, aka Genoa Medical Facilities (“Genoa“) in Nebraska has issued a press release concerning a breach involving patient data. According to the release, in March 2025, Genoa learned of unusual activity involving one employee email account. The release does not indicate when the breach actually occurred or how the attacker gained access to the employee’s email account. They only reveal that unusual activity in the account was discovered in March.
The following types of information “could have been involved” in the incident: name, date of birth, Social Security number or other government ID number, financial account information, medical treatment or diagnosis information, and/or health insurance information. As is frequently the case, not all types of information was involved for all individuals.
Genoa states that it is not aware of any misuse of the potentially affected data. They do not state whether any extortion demand was involved in this incident or whether they heard from any attacker or group. Genoa is not listed on any ransomware gang’s leak site at this time or any of a few hacking forums this site checked.
As of publication today, there is no notice on their website or Facebook account, but the press release indicates that individual notification letters have already been sent to those affected. The number affected is not disclosed in the press release, and the incident does not yet appear on HHS’s public breach tool.