Almeida Law Group is investigating a data breach at Clarinda Regional Health Center. The breach occurred on October 6, 2025 and was discovered on December 15, 2025. If you were affected, contact Almeida Law Group.
About Clarinda Regional Health Center
Clarinda Regional Health Center is a not-for-profit, county-owned critical access hospital located in Clarinda, Iowa. Founded in 1939, it operates as a 25-bed rural facility serving Page County and surrounding communities in southwest Iowa and northwest Missouri. The hospital provides emergency care, primary care, specialty clinics, surgical services, rehabilitation, and wellness programs across five locations. Because Clarinda provides healthcare services, it maintains personal and health information about the patients it serves.
What Happened?
Clarinda Regional Health Center was listed in a Maine Attorney General filing on June 3, 2026, reporting an external system breach caused by hacking. On December 15, 2025, Clarinda discovered suspicious activity within its network. The subsequent investigation determined that certain files may have been acquired without authorization in or around October 2025. A comprehensive review of the affected files was completed on May 21, 2026. According to the Maine notice letter, the information potentially exposed includes first and last name and Social Security number. Clarinda’s own press release additionally confirmed that personal health information was involved, though specific health data categories beyond name and Social Security number were not enumerated. Consumer notifications began on or about June 1–2, 2026. A total of 24,341 people were affected. TransUnion credit monitoring and identity protection services are being offered at no cost for 12 months to affected individuals whose Social Security numbers were exposed.
Third-party threat intelligence sources, including Breachsense and reporting by Prism News, attributed the attack to the LockBit ransomware group. Prism News reported in February 2026 that a criminal marketplace listing claimed to contain approximately 22 gigabytes of data linked to Clarinda Regional Health Center. Clarinda’s own disclosures have not named a specific threat actor. Consumer notifications did not begin until approximately eight months after the breach occurred and nearly six months after discovery; Clarinda states the delay was due to the time required to complete the file review and identify affected individuals.
Key Facts at a Glance
- Company or Organization: Clarinda Regional Health Center
- Industry: Healthcare — Critical Access Hospital (rural)
- Location: 220 Essie Davison Drive, Clarinda, Iowa 51632
- Incident type: External system breach (hacking)
- Date of breach: October 6, 2025 (Maine filing); press release references unauthorized file acquisition in or around October 23, 2025
- Date breach discovered: December 15, 2025
- Date of consumer notification: June 1–2, 2026
- Total persons affected: 24,341
- Identity theft protection offered: Yes — 12 months of TransUnion credit monitoring and identity protection services
- Prior breach: None identified
- Source: Maine AG filing; PR Newswire press release; Prism News reporting; Breachsense
What Should You Do?
If you received a notice from Clarinda Regional Health Center, enroll in the 12-month TransUnion credit monitoring and identity protection services being offered before any enrollment deadline stated in your notice. You should also place a fraud alert or credit freeze with each of the three major credit bureaus — Equifax, Experian, and TransUnion — to help prevent new accounts from being opened in your name. Monitor your existing financial accounts for unauthorized activity and request your free annual credit reports at AnnualCreditReport.com. If you suspect misuse of your information, report it to the Federal Trade Commission at IdentityTheft.gov. Because personal health information was confirmed to be involved in this breach, you should also review any Explanation of Benefits statements from your insurer and check your medical records for services you did not receive.
Your Legal Rights
If your personal or health information was involved in this breach, you may have legal rights depending on the facts of the incident and the law in your state. Almeida Law Group represents consumers in data breach and privacy litigation and can help you evaluate whether you may have a claim. Contact us at (708) 529-5418 or through our contact page for a free case evaluation.
