Idaho hospital notifies 34K people of data breach that compromised SSNs, health info

Weiser Memorial Hospital this week confirmed it notified 34,249 people of a September 2024 data breach that compromised the following private info:

• Names
• Social Security numbers
• Government-issued ID numbers
• Treatments and procedures
• Medical diagnoses
• Health insurance info
• Dates of birth

Ransomware gang Embargo claimed responsibility for the breach in September 2024, saying it stole 200 GB of data from the hospital.

Weiser has not verified Embargo’s claim. It announced the hospital had suffered a data breach on October 2, 2024, days after Embargo posted its claim. The attack disrupted hospital computer systems throughout September 2024. “We are aware that a cyber actor group has claimed responsibility for this incident, and to be in possession of WMH data,” the post on Facebook states.

We do not know if Weiser paid a ransom, how much Embargo demanded, or how attackers breached the hospital’s network. Comparitech contacted Weiser Memorial Hospital for comment and will update this article it if replies.

“The investigation determined that certain Weiser data may have been acquired without authorization on or about September 4, 2024,” says Weiser’s latest notice to victims.

Weisman is offering eligible victims free credit monitoring through Cyberscout. The deadline to enroll is 90 days from receipt of the letter.

Who is Embargo?

Embargo is a ransomware gang that started claiming attacks in April 2024. The group operates a ransomware-as-a-service business in which affiliates pay Embargo to use its malware and infrastructure to launch attacks and collect ransoms.

Embargo has claimed 14 confirmed ransomware attacks since it began, compromising about 736,000 records. Another 10 unconfirmed claims haven’t been acknowledged by the targeted organizations.

The vast majority of those records stem from attacks on US healthcare companies, including:

In 2025, Embargo has claimed confirmed attacks on Heritage South Credit Union (USA) and Kingsmen Creatives (Singapore). Embargo says it stole 80 GB of data from the latter.

Ransomware attacks on US healthcare

Comparitech researchers logged 161 confirmed ransomware attacks on US hospitals, clinics, and other direct care providers in 2024, compromising 27.2 million records. In 2025 to date, we tracked 20 such attacks affecting nearly 1.6 million records. The average ransom across all attacks is about $1.03 million.

Other recently confirmed attacks on US healthcare include:

• Orthopaedic Specialists of Connecticut notified 22,541 people of a March 2025 data breach claimed by Inc
• Drug and Alcohol Treatment Service notified 22,215 people of an October 2024 breach claimed by Interlock
• Sonrisas Dental Health notified 15,644 people of a March 2025 data breach claimed by BianLian
• Neurological Spine Institute of Savannah notified 32,548 people of a June 2024 data breach claimed by RansomHub

Ransomware attacks on US hospitals, clinics, and other care providers can cripple key systems and endanger the privacy and security of patients. Providers must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk of fraud. Hospitals and clinics might have to resort to pen and paper, cancel appointments, and divert patients elsewhere until systems are restored.

About Weiser Memorial Hospital

Founded in 1950, Weiser Memorial Hospital is a 25-bed hospital in Washington County, Idaho. According to its website, the hospital served 228 inpatients and 15,544 outpatients in 2023. It employs more than 100 people.