Sturgis Hospital Data Breach Lawsuit

In December 2024, Sturgis Hospital, located in Sturgis, Michigan, detected unauthorized activity within its computer network, signaling a serious data breach. The hospital’s swift investigation uncovered significant exposure of protected health information (PHI) and other personally identifiable information (PII), affecting tens of thousands of individuals. The breach has raised concerns regarding the security of patient data and the responsibility of healthcare institutions in safeguarding sensitive information.

Sturgis Hospital’s Data Breach Investigation

Sturgis Hospital first detected unauthorized activity on its network in December 2024, triggering an immediate response to investigate the breach. The hospital engaged third-party cybersecurity experts to assist in identifying the nature and extent of the security breach. However, while the investigation was still ongoing, a second wave of unauthorized activity was discovered in June 2025, prompting an additional round of investigation.

According to the disclosure filed with the Department of Health & Human Services (HHS), the breach affected at least 77,771 individuals. This number includes people whose protected health information (PHI) was exposed, but it’s believed the total number of impacted individuals may be higher, as additional personally identifiable information (PII) such as Social Security numbers and financial account details may have been exposed without the accompanying health information.

The first breach is believed to have occurred between December 11 and December 17, 2024, with an unauthorized third party gaining access to sensitive files containing both personal and medical data. The breach included a variety of information, including contact information, government identification numbers (such as Social Security numbers), financial account details, and health-related data like insurance details and clinical records.

In response, Sturgis Hospital has taken several steps to secure its systems, including working with external cybersecurity experts to address any vulnerabilities. Law enforcement has been notified, and while this did not delay the hospital’s notification to affected individuals, the investigation remains ongoing as of September 2025.

This breach underscores the critical importance of safeguarding sensitive healthcare data. Despite the efforts of the hospital’s cybersecurity team, the breach highlights the vulnerability of healthcare institutions to sophisticated cyberattacks and the significant impact on patients when such incidents occur.

When Did This Breach Occur?

The first wave of the data breach is believed to have taken place between December 11 and December 17, 2024. A second wave of unauthorized activity was discovered in June 2025, leading to an expanded investigation and further efforts to secure the hospital’s systems.

What Information Was Breached?

The breach at Sturgis Hospital compromised a wide range of sensitive information. The following types of data were exposed:

• Personally Identifiable Information (PII):
  • Name
  • Contact information
  • Government identification numbers (e.g., Social Security number)
  • Financial account details (e.g., bank account numbers)
• Protected Health Information (PHI):
  • Health insurance details
  • Medical records, including prescriptions and treatment histories

This sensitive data, particularly the combination of PII and PHI, can be used for identity theft, financial fraud, and medical fraud, creating significant risk for those affected.

What You Can Do

If you’ve been impacted by the Sturgis Hospital data breach, there are steps you can take to protect yourself from identity theft and misuse of your information:

1. Enroll in Identity Protection Services: Sturgis Hospital is offering complimentary identity theft protection through Experian’s IdentityWorks. Affected individuals should take advantage of this offer before the enrollment deadline.
2. Monitor Financial Accounts: Regularly review your bank statements and credit card accounts for any unauthorized charges or suspicious transactions.
3. Check Your Credit Reports: Obtain free credit reports from the three major credit bureaus—Equifax, Experian, and TransUnion—to identify any unusual activity or errors related to your exposed data.
4. Place Fraud Alerts or Credit Freezes: To prevent unauthorized access to your credit, consider placing a fraud alert or credit freeze with the major credit bureaus.
5. Report Suspicious Activity: If you notice any suspicious activity on your financial accounts or credit reports, report it to the authorities immediately.

If you need further guidance on protecting your information or have additional questions about this breach, fill out our quick, secure form. Our legal partners are available to provide you with expert advice and connect you to the next steps for holding Sturgis Hospital accountable.

File a Data Breach Lawsuit Against Sturgis Hospital

If you have been affected by the Sturgis Hospital data breach, you may be eligible to file a class action lawsuit to seek compensation for the harm caused by the exposure of your sensitive information.

This breach has the potential to cause significant long-term damage, from identity theft to financial fraud and medical misuse. If you received a notification about the breach or suspect you were impacted, you have legal options available to hold Sturgis Hospital accountable for its failure to protect your data.

At Class Action U, we can connect you with skilled attorneys who specialize in data breach class action lawsuits. These legal professionals can help you pursue justice and potential compensation for the damages you’ve suffered.

Fill out our secure form today for a free consultation. There’s no cost to reach out to our legal partners, and there’s no obligation to move forward unless you decide to take action. Join the fight for justice today—your voice matters.