MercyOne Clinton Data Breach Investigation

Turke & Strauss LLP, a leading data breach law firm, is investigating MercyOne Clinton, which does business as MercyOne Clinics, regarding its recent data breach. The MercyOne Clinics data breach involved sensitive personal identifiable information and protected health information belonging to an undetermined number of individuals.


MercyOne Clinics is a faith-based community health system which offers the latest in health and medical services. Accordingly, MercyOne Clinics includes over 3,200 licensed hospital beds, employs more than 18,000 people, and has annual operating revenues of more than $2.5 billion. Founded in the 19th century by the Religious Sisters of Mercy in Dublin, Ireland, MercyOne Clinics has provided caring and compassionate care for over 130 years. Headquartered in Des Moines, Iowa, MercyOne Clinics is one of the largest multi-specialist physician group practices in Iowa.  


On April 4, 2023, MercyOne Clinics determined it had experienced a data breach in which the sensitive personal identifiable information and protected health information in its systems may have been accessed. Through its investigation, MercyOne Clinics determined that an unauthorized actor may have accessed this sensitive information between March 7 and April 4, 2022. On June 2, 2023, MercyOne Clinics began contacting individuals whose information may have been impacted. The type of information exposed includes:

  • Name
  • Social Security number
  • Date of birth
  • Driver’s license number
  • Address
  • Medical information (e.g., mental or physical treatment/condition information, diagnosis code/information, date of service, admission/discharge date, prescription information, personal representative or guardian name, medical record number, Medicare or Medicaid identification number, encounter number)
  • Financial account information (e.g., bank account number, billing/claims information)
  • Health insurance information

If you are a current or former patient of MercyOne Clinics:

We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at (608) 237-1775 or

If you were impacted by the MercyOne Clinics data breach, you may consider taking the following steps to protect your personal information.

  1. Carefully review any breach notice and retain a copy;
  2. Enroll in any free credit monitoring services provided by MercyOne Clinton d/b/a MercyOne Clinics;
  3. Change passwords and security questions for online accounts;
  4. Regularly review account statements for signs of fraud or unauthorized activity;
  5. Monitor credit reports for signs of identity theft; and
  6. Contact a credit bureau(s) to request a temporary fraud alert.

Share This Post: