Regional healthcare systems report data breaches affecting more than 1.5 million

Avatar

Two healthcare networks reported data breaches this week that will impact more than 1.5 million people. 

Connecticut’s Community Health Center Inc. and California’s NorthBay Healthcare Corporation filed breach notifications with regulators in multiple states warning that breaches last year exposed troves of patient data including healthcare data, financial information, Social Security numbers and more. 

Community Health Center, which runs dozens of facilities and clinics across Connecticut, said 1,060,936 current and former patients had data stolen during a cyberattack discovered on January 2. 

“That same day, we brought in experts to investigate and reinforce the security of our systems. They found that a skilled criminal hacker got into our system and took some data, which might include your personal information,” the company said.

“Fortunately, the criminal hacker did not delete or lock any of our data, and the criminal’s activity did not affect our daily operations. We believe we stopped the criminal hacker’s access within hours, and that there is no current threat to our systems.”

But the hacker did access health records that included names, addresses, phone numbers, diagnoses, treatment details, test results, health insurance information and Social Security numbers. 

Victims are being offered two years of identity protection services and a $1 million insurance reimbursement policy for those who may face issues due to the data breach.

Another regional healthcare system, California-based NorthBay Healthcare, reported its own data breach impacting 569,012 people. The nonprofit organization runs two hospitals in northern California, a 100-provider primary and specialty care medical group, a cancer center and other facilities.

The organization told regulators in Maine that hackers breached their systems last year and had access from January 11 to April 1.

The cybercriminals gained access to Social Security numbers, passport numbers, financial information, medical data, health insurance info, credit card and debit card numbers that included expiration dates, security codes and PIN numbers. 

Those affected are being given one year of identity protection services. 

The attack on NorthBay Healthcare was claimed by the Embargo ransomware gang in April 2024. The hospital was forced to turn patients away and cancel appointments following the ransomware attack. 

CybercrimeNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Insurance firm Globe Life to warn 850,000 of potential data theft following extortion attempt

Next Post

Japanese sportswear company Mizuno confirms data breach after 2024 ransomware claims

Related Posts

⚡ Weekly Recap: APT Intrusions, AI Malware, Zero-Click Exploits, Browser Hijacks and More

If this had been a security drill, someone would’ve said it went too far. But it wasn’t a drill—it was real. The access? Everything looked normal. The tools? Easy to find. The detection? Came too late. This is how attacks happen now—quiet, convincing, and fast. Defenders aren’t just chasing hackers anymore—they’re struggling to trust what their systems are telling them. The problem isn’t too
Avatar
Read More

New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks

Cybersecurity researchers have called attention to a new campaign that's actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware. "Attackers use the vulnerability to execute downloader scripts on compromised Langflow servers, which in turn fetch and install the Flodrix malware," Trend Micro researchers Aliakbar Zahravi, Ahmed Mohamed
Avatar
Read More

Email Security Is Stuck in the Antivirus Era: Why It Needs a Modern Approach

Picture this: you’ve hardened every laptop in your fleet with real‑time telemetry, rapid isolation, and automated rollback. But the corporate mailbox—the front door for most attackers—is still guarded by what is effectively a 1990s-era filter. This isn't a balanced approach. Email remains a primary vector for breaches, yet we often treat it as a static stream of messages instead of a dynamic,
Avatar
Read More