Notice of Data Privacy Incident

McLeod Health is committed to protecting the privacy and security of the information in our care. On June 4, 2026, we began mailing notification letters to certain Dillon Family Medicine patients whose information may have been involved in an incident.

On March 5, 2026, a suspicious file was found on a Dillon Family Medicine server that was in the process of being decommissioned. We immediately began an investigation with the assistance of  third-party experts and notified law enforcement. On April 14, 2026, we learned through the investigation that an unauthorized party had accessed the server containing Dillon Family Medicine patient information between October 17, 2025 and October 18, 2025.  Importantly, this incident was limited to the one server and did not involve any active McLeod Health systems, such as the practice’s current electronic medical record system.

Based on the files known to have been maintained on the accessed server, the incident may have involved information pertaining to certain patients, including names, dates of birth, Social Security numbers, and also potentially other information related to their care, such as diagnoses, medications, test results, images, health insurance, and treatment information.

We take this matter very seriously. To help prevent a similar incident, we will continue to implement and evaluate enhanced safeguards and security measures to further protect our systems. The server involved in this incident has also been fully decommissioned and is no longer in use.

We have set up a designated incident response line to answer patient questions. Patients can call 888-504-8534, Monday – Friday, 9 am to 9 pm Eastern Time, except for major U.S. holidays.