UPDATED: June 8, 2026

McLeod Health Data Breach

McLeod Health has notified Dillon Family Medicine patients of a data breach involving a decommissioned server that was accessed by an unauthorized party in October 2025. The incident, discovered in March 2026, may have exposed names, dates of birth, Social Security numbers, medical records, health insurance information, and treatment details.

McLeod Health

Date of Breach: Clients of McLeod Health

Who was affected:

Clients of McLeod Health

Impacted Data:

Full names

Dates of birth

Social Security numbers

Diagnoses

Medications

Laboratory test results

Medical images

Health insurance information

Treatment records

McLeod Health, a regional healthcare system serving patients across the Carolinas, has disclosed a data breach that may have exposed sensitive personal and medical information belonging to patients of Dillon Family Medicine. The incident stems from unauthorized access to a legacy server that was in the process of being retired from service.

McLeod Health Data Breach Investigation

McLeod Health, headquartered in Florence, South Carolina, operates a network of hospitals, physician practices, and specialty care facilities throughout the region. The healthcare provider discovered the security incident on March 5, 2026, after identifying a suspicious file on a Dillon Family Medicine server that was being decommissioned.

Following the discovery, McLeod Health immediately launched an investigation with the assistance of third-party cybersecurity specialists and notified law enforcement authorities. The investigation concluded on April 14, 2026, revealing that an unauthorized individual had gained access to the server between October 17 and October 18, 2025.

According to the healthcare provider, the incident was isolated to a single server and did not affect any active McLeod Health systems, including the organization’s current electronic medical record (EMR) platform.

Patient Information Potentially Exposed

The compromised server contained information related to patient care at Dillon Family Medicine. Based on McLeod Health’s review, the following categories of information may have been exposed:

Full names
Dates of birth
Social Security numbers
Diagnoses
Medications
Laboratory test results
Medical images
Health insurance information
Treatment records

The organization noted that the specific information involved varies by individual.

What You Can Do

Enroll in the one-year credit monitoring and identity theft protection offered through Kroll to receive alerts and fraud assistance.

Monitor all financial accounts and credit reports for suspicious activity. Consider placing a fraud alert or security freeze with Equifax, Experian, and TransUnion to prevent unauthorized accounts from being opened.

Remain alert for phishing attempts or suspicious communications, and keep documentation of any fraudulent activity or identity misuse for potential legal or financial resolution.

File a Data Breach Lawsuit Against McLeod Health

If you received notification that your information was compromised in this incident, you may be eligible to join a class action lawsuit.

Class action lawsuits allow affected individuals to seek compensation for identity theft risks, financial losses, out-of-pocket expenses, and time spent mitigating the breach. Legal action can also encourage stronger cybersecurity protections and improved safeguards for personal information in the future.

Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.

Subscribe To Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

Other Data Breaches

Campbell University Data Breach

Date of Breach: March 2026

Horizon Eye Care Data Breach

Date of Breach: June 23, 2026

Circle Floors Data Breach

Date of Breach: March 9, 2026

Frequently Asked Questions

What Should I Do If I Believe My Data Has Been Breached?

A data breach occurs when sensitive, confidential, or protected information is accessed, stolen, or disclosed without authorization. Data breaches often occur through phishing emails, malware, weak passwords, insider threats, or unsecured databases. Indicators of a data breach can include unexpected password resets, suspicious account activity, unauthorized transactions, or notifications from companies about compromised information.If you suspect your data has been compromised, you must take measures and act quickly. Change passwords, enable two-factor authentication, review your financial accounts for unusual activity and consider freezing your credit.

What Happens to Your Data in a Data Breach?

Once stolen, your personal information may be sold on the dark web or used for identity theft and financial fraud. In some cases, hackers use the data to extort companies or launch further attacks. Victims often face long-term risks, including damage to credit and privacy.

How Should I Respond to a Data Breach Notification?

If you receive a data breach notification, don’t ignore it. Immediately change passwords for the affected account and any others that share credentials. Enroll in any free credit monitoring services offered and monitor financial statements closely.

What Evidence is Needed for a Data Breach Claim?

To pursue a data breach claim, you’ll need documentation showing your information was compromised and proof of resulting harm, such as fraudulent charges, credit score damage, or identity theft reports. Notification letters, financial records, and communication with the breached company can help support your claim.

Can a Company Be Sued for a Data Breach?

Yes. If a company fails to protect consumer data or delays notifying victims, it may be held liable under state and federal privacy laws. Many victims join class action lawsuits to recover financial losses and hold negligent organizations accountable.

What is the Average Settlement in a Data Breach Lawsuit?

Data breach settlements vary widely depending on the size of the breach, type of data compromised, and damages suffered by victims. Payouts may include cash compensation, identity theft protection, or reimbursement for losses. Many settlements range from a few hundred to several thousand dollars per person. A skilled data breach lawyer can guide victims through the complex legal process, ensuring their rights are protected. If you’ve received a data breach notification or believe your personal data was exposed, you may be eligible for compensation. Contact Class Action U to learn more about how to join a data breach lawsuit and understand the process of filing.