Myrtue Medical Center Data Breach Investigation

The data breach lawyers at The Lyon Firm are investigating a suspected data security incident involving the Myrtue Medical Center in Iowa. The incident has not been confirmed as a data breach and an investigation into the nature and scope of the incident is ongoing.

Our attorneys have settled numerous data breach lawsuits on behalf of plaintiffs nationwide. Contact our legal team to learn more about the next steps following a data theft incident and to consider filing a class action complaint.

What Happened at Myrtue Medical Center?

On June 13, 2025, Myrtue Medical Center (Shelby County Chris A. Myrtue Memorial Hospital) allegedly detected suspicious activity on its IT systems, potentially indicating a data breach. According to the hospital, an unauthorized party gained access to its network, prompting them to contact a third-party cybersecurity firm.

A well-known threat actor known as Worldleaks has indeed claimed responsibility for the breach, posting on the Tor network on June 24, saying claiming they accessed and exfiltrated 1.2 terabytes of data, including 806,625 files.

At this point, Myrtue Medical Center has not confirmed many details, and the exact number of individuals affected or the specific types of information exposed remain unknown. The hospital, however, has stated that it is in the process of identifying all impacted individuals and we expect data breach notification letters to be sent to anyone affected.

For more information, you may view the full notice provided by the hospital in their official data breach disclosure.