US-based non-profit healthcare provider Community Health Center (CHC) has announced that it suffered a data breach. The organisation is currently in the process of notifying the 1,060,936 individuals affected by the breach.
According to its filing with the Maine attorney general office, CHC doesn’t know the attackers’ identity at the moment. However, it did state that the intruders gained access to its systems in mid-October 2024. The breach wasn’t discovered until January 2, 2025.
Experts were brought in shortly after and discovered that a “skilled criminal hacker” had gained access to its systems. The criminal access was terminated in hours, and there’s no current threat to the company’s servers.
The hackers were able to steal patient files containing personal and health information, including names, birthdays, addresses, phone numbers, Social Security Numbers, medical diagnoses, treatment details, test results, and health insurance details.
The nature of the attack also remains undisclosed, however, CHC claimed that the hackers didn’t delete or lock any of its data and the criminal activity didn’t affect daily operations. There are also no signs that the stolen data has been misused yet, and Candid.Technology found no such data being sold or promoted on popular hacker forums.
As is the norm with such data breaches, CHC offers affected individuals 24 months of IDX identity protection service, including a $1,000,000 insurance reimbursement policy and fully managed identity theft recovery services.
Hospitals and healthcare organisations have become increasingly popular ransomware targets over the last year. However, as organisations amp up their cyber defences, criminals have switched tactics and have started carrying out data theft attacks instead of locking victims’ files. This means a ransomware gang could be behind the CHC attack.
In the News: Italy bans DeepSeek, starts investigation into data collection
