Home

Data Security Incident

Click here for the full Data Security Incident Notice.

March 6, 2026 – Murray County Medical Center (“MCMC”) is a county owned hospital and clinic based in Slayton, Minnesota. MCMC experienced a data security incident that may have impacted data belonging to current and former individuals served by MCMC. MCMC sent notification of this incident to potentially impacted individuals and has provided resources to assist them.

On January 27, 2026, it was discovered that certain personal information of certain patients and employees was potentially impacted as the result of suspicious activity initially learned of on August 21, 2025. Upon learning of this event, MCMC took steps to secure its network and engaged a leading, independent cybersecurity firm to investigate what happened and whether any sensitive data may have been impacted. The investigation subsequently revealed certain personal information and personal health information may have been accessed and acquired without authorization by an unknown actor during the incident. MCMC undertook a comprehensive review of the potentially impacted data to identify the individuals and information involved which concluded on January 27, 2026.

Based on the investigation, the personal and protected health information involved in the incident varied by individual but may have included patient name, Social Security number, driver’s license number, state identification number, date of birth, health insurance information, and medical treatment and/or history information.

As soon as MCMC discovered the incident, MCMC took the steps referenced above. In addition, MCMC has implemented several measures to enhance our security posture and reduce the risk of similar future incidents.

MCMC has established a toll-free call center with Kroll to answer questions about the incident and to address related concerns. The Kroll call center is available Monday through Friday from 9:00 a.m. to 6:30 p.m. Eastern Time (excluding major U.S. holidays) and can be reached at (844) 443-1669.

The privacy and protection of personal and protected health information is our top priority, and MCMC deeply regrets any inconvenience or concern this incident may cause.

We are providing the following information to help those wanting to know more about steps they can take to protect themselves and their personal information:

What steps can I take to protect my personal information?

• Please notify your financial institution immediately if you detect any suspicious activity on any of your accounts, including unauthorized transactions or new accounts opened in your name that you do not recognize. You should also promptly report any fraudulent activity or any suspected incidents of identity theft to proper law enforcement authorities.
• You can request a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting agencies. To do so, free of charge once every 12 months, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting agencies is listed below.
• You can take steps recommended by the Federal Trade Commission to protect yourself from identify theft. The FTC’s website offers helpful information at www.ftc.gov/idtheft.

How do I obtain a copy of my credit report?

You can obtain a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting agencies. To order your credit report, free of charge once every 12 months, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Use the following contact information for the three nationwide credit reporting agencies:

TransUnion

• P.O. Box 1000
• Chester, PA 19016
• 1-800-916-8800

www.transunion.com

Experian

• P.O. Box 9532
• Allen, TX 75013
• 1-888-397-3742

www.experian.com

Equifax

• P.O. Box 740241
• Atlanta, GA 30374
• 1-800-525-6285

www.equifax.com

How do I put a fraud alert on my account?

You may consider placing a fraud alert on your credit report. This fraud alert statement informs creditors to possible fraudulent activity within your report and requests that your creditor contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact Equifax, Experian or TransUnion and follow the Fraud Victims instructions. To place a fraud alert on your credit accounts, contact your financial institution or credit provider. Contact information for the three nationwide credit reporting agencies is also listed below.

How do I put a security freeze on my credit reports?

You have the right to place a security freeze on your credit report. A security freeze is intended to prevent credit, loans and services from being approved in your name without your consent. To place a security freeze on your credit report, you need to make a request to each consumer reporting agency. You may make that request by certified mail, overnight mail, or regular stamped mail, or online by following the instructions found at the websites listed below. You will need to provide the following information when requesting a security freeze (note that if you are making a request for your spouse, this information must be provided for him/her as well): (1) full name, with middle initial and any suffixes; (2) Social Security number; (3) date of birth; (4) address. You may also be asked to provide other personal information such as your email address, a copy of a government-issued identification card, and a copy of a recent utility bill or bank or insurance statement. It is essential that each copy be legible, display your name and current mailing address, and the date of issue. There is no charge to place, lift, or remove a freeze. You may obtain a security freeze by contacting any one or more of the following national consumer reporting agencies:

• Equifax Security Freeze
  PO Box 105788
  Atlanta, GA 30348
  1-800-685-1111
  www.equifax.com
• Experian Security Freeze
  PO Box 9554
  Allen, TX 75013
  1-888-397-3742
  www.experian.com
• TransUnion (FVAD)
  PO Box 2000
  Chester, PA 19022
  1-800-909-8872
  www.transunion.com

What should I do if I suspect that my family member was involved in the incident and is deceased?

You may choose to notify the three major credit bureaus, Equifax, Experian and Trans Union, and request they flag the deceased credit file. This will prevent the credit file information from being used to open credit. Mail your request with a copy of your family member’s death certificate to each company at the addresses above.

What should I do if I suspect that my minor child or protected person’s information was involved in the incident?

You can request that each of the three national credit reporting agencies perform a manual search for a minor’s or protected person’s Social Security number to determine if there is an associated credit report. Copies of identifying information for the minor and parent/guardian may be required, including birth or adoption certificate, Social Security card and government issued identification card. If a credit report exists, you should request a copy of the report and immediately report ay fraudulent accounts to the credit reporting agency. You can also report any misuse of a minor’s information to the FTC at https://www.identitytheft.gov/. For more information about Child Identity Theft and instructions for requesting a manual Social Security number search, visit the FTC website: https://www.consumer.ftc.gov/articles/0040-child-identity-theft. Contact information for the three credit reporting agencies may be found above.

Return