Security
Headlines
HeadlinesLatestCVEs

Headline

Community Health Center Data Breach Affects 1M Patients

The CHC remains operational, but a host of personal data is now in the hands of a “skilled cybercriminal,” it said.

DARKReading
Open in Source
#auth

Source: Panther Media via Alamy Stock Photo

NEWS BRIEF

Nonprofit healthcare provider Community Health Center (CHC) has begun notifying more than a million patients of a breach that compromised its data.

This is the third healthcare institution to be targeted in the past week. Frederick Health and the New York Blood Center Enterprises were both targeted in separate ransomware attacks that it alerted the public to on Jan. 27 and Jan. 29, respectively.

It remains unclear who is behind the heists, and whether there is any connection between the attacks.

In a letter to victims from CHC, it reports that it noticed unusual activity on its computer systems on Jan. 2. It then launched an investigation and bolstered its security systems alongside cybersecurity experts. The investigation determined that a “skilled criminal hacker” was able to gain access to its systems and steal data, including some of the personal information of its patients. That includes names, dates of birth, addresses, phone numbers, emails, diagnoses, treatment details, test results, Social Security numbers, and health insurance information.

“Fortunately, the criminal hacker did not delete or lock any of our data, and the criminal’s activity did not affect our daily operations,” the CHC wrote in its letter. “We believe we stopped the criminal hacker’s access within hours, and that there is no current threat to our systems.”

“Incidents in this sector underscore the ongoing risks healthcare providers face, with attackers gaining access to sensitive data like names, medical diagnoses, and insurance details,” Emily Phelps, director of Cyware, wrote in an emailed statement to Dark Reading. “This incident highlights the urgency of securing healthcare infrastructures — protecting not just patient data, but the broader ecosystem of communication, collaboration, and care delivery.”

Though there is currently no sign that the information was misused, the CHC is offering free identity theft protection through IDX including two years of credit and CyberScan monitoring, $1,000,000 insurance reimbursement policy, and assistance recovering stolen identities.

The letter provides additional information regarding how customers can sign up for IDX protection services, which the CHC urges individuals to take advantage of, even if there is no current sign of foul play regarding their stolen information, as it remains unclear what the threat actor intends to do with the stolen data.

About the Author

Skilled writer and editor covering cybersecurity for Dark Reading.

DARKReading: Latest News

DeepSeek Jailbreak Reveals Its Entire System Prompt
DARKReading