Yes — Lake Region Healthcare Corporation disclosed a data security incident affecting 294 Texas residents, according to a July 3, 2026 filing with the Texas Attorney General. This incident is part of our Texas OAG July 3, 2026 breach roundup.
The Fergus Falls, Minnesota–based nonprofit rural health system detected unauthorized network access on or about May 19, 2025, according to its official notice. Investigation concluded June 5, 2026; notification letters went out by U.S. Mail starting in July 2026, per Claim Depot.
Exposed data may include Social Security numbers, medical records, health insurance information, and financial data — a combination that raises both identity theft and medical identity misuse concerns.
We scanned lrhc.org to assess email and domain security posture relevant to this incident and follow-on impersonation risk.
What Happened
According to Lake Region Healthcare’s notice and Texas OAG records:
- May 19, 2025 — Unauthorized access to Lake Region Healthcare network detected.
- June 5, 2026 — Investigation concluded; affected individuals identified.
- July 1–3, 2026 — State AG filings (Texas, Massachusetts) and Texas OAG listing published.
Breach Impact at a Glance
| Field | Detail |
|---|---|
| Entity | Lake Region Healthcare Corporation (lrhc.org) |
| Sector | Rural nonprofit health system (Minnesota) |
| Texans affected | 294 |
| Discovery-to-notice gap | ~14 months |
| Consumer notice | Yes (U.S. Mail) |
| Support line | 1-844-507-9987 |
Data at Risk
Potentially impacted data varies by individual but may include:
- Names, addresses, contact information, dates of birth
- Social Security numbers
- Medical and treatment information
- Health insurance information
- Medical record and patient account numbers
- Government-issued identification and financial information

Lake Region is offering complimentary identity theft protection to affected individuals. Patients should review explanation-of-benefits statements for unfamiliar charges — a common sign of medical identity theft.
Independent Cybersecurity Audit
We ran an EmailMeNow Cybersecurity Audit of lrhc.org on July 7, 2026:
| Domain | Overall | Identity | Transport | Website | Risk |
|---|---|---|---|---|---|
| lrhc.org | 78% | 75% | 15% | 92% | Good |
Key findings:
- 78% overall (Good) — stronger than many rural hospitals, but still below the 100% ideal for PHI-handling organizations.
- 75% Identity & Spoofing — solid DMARC posture helps block spoofed
@lrhc.orgpatient-portal phishing during notification season. - 15% Transport Security — MTA-STS/TLS-RPT gaps remain; mail-path downgrade risk during breach-notification peaks.
- 92% Website Security — public web hardening is a relative strength.
- 100% Email Infrastructure — Microsoft 365 / Exchange hosted mail.

Audit link: lrhc.org audit
Priority Actions
If you received a Lake Region Healthcare notice:
- Call 1-844-507-9987 (7 a.m.–7 p.m. CT, Mon–Fri) for official enrollment instructions.
- Monitor credit and health-benefit statements; report unfamiliar medical billing.
For rural hospitals and clinics:
- Complete MTA-STS
mode=enforceto close the 15% transport gap. - Test incident timelines — 14-month discovery-to-Texas-filing gaps extend victim exposure.
Related Trackers
- Texas OAG July 3 roundup
- Texas healthcare breaches
- Healthcare AG breach tracker
- HIPAA breach statistics
- All state AG trackers
Run a free Instant Cybersecurity Audit at audit.emailmenow.com or contact EmailMeNow IT Consulting for healthcare DMARC enforcement and HIPAA-aligned email security.
Sources: Lake Region Healthcare — data security notice · Claim Depot — Lake Region Healthcare · Texas OAG — Data Security Breach Reports · EmailMeNow audit — lrhc.org