Another Healthcare Data Breach Compromised A Million Patients' Information

The healthcare sector is one of the most common targets for hackers and cyber criminals, and yet another data breach has put the personal data of more than a million patients at risk. Community Health Center (CHC), a nonprofit healthcare provider in Connecticut, has disclosed that hackers gained access to its system in October and stole sensitive health and personal information belonging to 1,060,936 individuals.

What happened with CHC?

According to reporting by Bleeping Computer, hackers had access to the CHC network for several hours on October 14, 2024, though the breach was not discovered until January 2, 2025. Stolen data may include names, birthdates, addresses, phone numbers, emails, and Social Security numbers as well as medical records and health insurance information. CHC has indicated that it was not a ransomware attack, and no data was locked or deleted.

What you can do if your data was stolen

While you can't un-leak your personal data, you can (and should) be on the lookout for signs that it is being used maliciously. CHC is offering 24 months of free identity theft protection through IDX, including credit and cyber monitoring and ID theft recovery. According to CHC's filing with the Maine attorney general, those affected by the breach were notified by letter beginning on Jan. 30—and that consumer notice includes a QR code to activate monitoring services, or you can go to the IDX website and enter the enrollment code provided. The deadline to sign up for identity theft protection is April 30.

You should also commit to other best practices for securing your data, including utilizing credit monitoring services (even if you don't qualify for IDX enrollment), activating credit freezes and fraud alerts, staying skeptical of requests for your personal information (don't give anything out via text, email, or phone until you've verified), and never clicking strange links.

Of course, the CHC incident isn't the only one to compromise patient data—and it's far from the largest. The major breach of UnitedHealth Group subsidiary Change Healthcare (first reported in October 2024) is now believed to impact nearly twice as many people as previously disclosed. That ransomware attack included the health insurance, billing, and payment information as well as medical records and sensitive personal data of nearly 190 million patients. Ascension Health suffered a similar breach in February 2024, which affected nearly 6 million individuals.