Deaconess Health System Data Breach

Deaconess Health System recently reported a data breach involving unauthorized access to patient information by an external vendor, MediCopy. The breach impacted certain patients’ personal and medical data, including Social Security numbers, medical records, and health insurance information. If you were affected, you may be eligible for compensation through a class action lawsuit.

Deaconess Health System’s Data Breach Investigation

Deaconess Health System (“Deaconess”) discovered a data security incident on February 2, 2026, when its Release of Information (ROI) vendor, MediCopy, notified the organization about unauthorized access to its cloud-based file-sharing platform. The breach occurred on January 13, 2026, when an unknown actor accessed and downloaded files containing sensitive patient information.

The investigation revealed that the breach did not involve Deaconess’s internal IT systems or electronic medical record systems. Instead, it was confined to specific records related to patients from Deaconess Henderson Hospital, Deaconess Union County Hospital, and their surrounding clinics. The affected patients had requested their information through MediCopy’s system for release, which ultimately resulted in the data breach.

While the breach did not affect Deaconess’s own records, it exposed patient data stored by MediCopy, an external service provider. This emphasizes the importance of third-party security, as data hosted by vendors can still be vulnerable to cyberattacks.

Upon discovering the breach, Deaconess and MediCopy initiated a comprehensive investigation and began a review of the impacted files to identify which individuals were affected. This process involved notifying impacted patients and offering them free credit monitoring and identity protection services.

When Did This Breach Occur?

• Breach Date: January 13, 2026
• Breach Discovered: February 2, 2026
• Consumer Notification Date: March 2026 (Letters mailed to affected patients)

What Information Was Breached?

The compromised data may have included:

• Names
• Social Security numbers
• Dates of birth
• Medical record numbers
• Dates of service
• Health insurance identification numbers
• Medical records related to treatment at Deaconess Health System

The exposure of such sensitive data puts affected individuals at risk for identity theft, medical fraud, and other types of personal and financial harm.

What You Can Do

If you received a notification from Deaconess Health System, it is important to take steps to protect your personal and financial information.

1. Enroll in Identity Protection Services: Deaconess is offering complimentary access to credit monitoring and identity protection services. These services will help you detect and prevent identity theft and monitor your credit reports for suspicious activity.
2. Monitor Your Financial Accounts: Keep an eye on your bank and credit card statements for any unauthorized transactions or unfamiliar activities. If you notice anything suspicious, report it immediately to your bank or financial institution.
3. Review Your Credit Reports: Under federal law, you are entitled to one free credit report annually from each of the three major credit bureaus—Equifax, Experian, and TransUnion. Request your free reports and look for any signs of identity theft or fraud.
4. Place Fraud Alerts or Credit Freezes: Consider placing a fraud alert or credit freeze on your credit file to prevent new credit from being issued in your name without your consent.
5. Stay Vigilant: Be cautious of phishing emails or phone calls that may use your compromised data to trick you into revealing more personal information. If you suspect fraud or identity theft, report it to the relevant authorities immediately.

File a Data Breach Lawsuit Against Deaconess Health System

If you received a data breach notification from Deaconess Health System or believe your personal information was compromised, you may be eligible to pursue compensation through a class action lawsuit. Victims of data breaches can recover damages for identity theft, financial losses, time spent resolving the breach, and other harms.

Class action lawsuits allow individuals to come together to hold companies accountable when they fail to protect sensitive information adequately. Participating in a class action can help ensure that your voice is heard and that you receive compensation for the potential harm caused by the breach.

Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to get started. There is no cost to reach out to our legal partner, and no obligation after speaking with someone from our team.