Community Health Centre (CHC), a well-known non-profit healthcare organisation in Connecticut, has notified over one million patients about a data breach that exposed their personal and medical information.
It is believed that a skilled hacker gained access to the organisation’s IT systems, potentially leading to the loss of private data belonging to over a million people.
Community Health Centre provides general care, dental care, and mental health assistance, among other services, to its more than 145,000 active patients. Following the discovery of unusual activity in its computer systems on January 2, a complaint was sent to the Maine Office of the Attorney General.
Threat actors took files that included 1,060,936 patients’ personal and medical data. Notably, this does not appear to have been a ransomware attack. The healthcare organisation confirmed that the breach did not disrupt with its ability to conduct operations as usual and that none of the affected systems had encryption.
According to notification sent to Attorney General:
On January 2, 2025, we noticed unusual activity in our computer systems. That same day, we brought in experts to investigate and reinforce the security of our systems. They found that a skilled criminal hacker got into our system and took some data, which might include your personal information. Fortunately, the criminal hacker did not delete or lock any of our data, and the criminal’s activity did not affect our daily operations. We believe we stopped the criminal hacker’s access within hours, and that there is no current threat to our systems.
Sensitive Patient Data Stolen in Community Health Centre Hack
The CHC clinic’s hack affected a variety of individuals, including past and present patients, as well as everyone who received a COVID test or vaccination there. The compromised data includes names, dates of birth, addresses, phone numbers, email addresses, Social Security numbers, medical diagnoses, treatment details, test results, and health insurance information.
The New York Blood Centre, on the other hand, just experienced a ransomware attack. The blood donation process of a major supplier serving two hundred hospitals was disrupted by ransomware attackers, as reported on 1 February. This reckless act had severe consequences for healthcare services.
UnitedHealth disclosed that Change Healthcare’s ransomware attack last year resulted in the theft of almost 190 million Americans’ personal and medical information, almost twice the 100 million amount that was revealed in October.
The U.S. Department of Health and Human Services (HHS) has acted in response to an alarming rise in significant healthcare security breaches. They put out revisions to HIPAA, the statute that protects patient data, in late December.
Following the incident, Community Health Centre enhanced its security measures and implemented monitoring software to detect any suspicious activity. They informed customers that there was no indication of data exploitation.
Furthermore, the company is providing free identity theft protection through IDX, which covers 24 months of credit and cyber monitoring, a $1,000,000 insurance reimbursement policy, and identity recovery services.
HC has not disclosed any details of the attackers or whether extortion was attempted, and no known ransomware group has claimed responsibility for the attack.
In recent months, many ransomware groups have shifted their focus from encrypting data to stealing it. This method appears to be just as effective for securing ransom payments, yet it is both cheaper and easier to execute. In this case, CHC has not received a ransom demand.
Successful ransomware attacks are most-often preceded by phishing emails. Help your colleagues keep a security-first mindset and boost your human firewall by starting your Phishing Tackle security awareness training today with our two-week free trial.
