Community Health Center (CHC), a major healthcare organization located in Connecticut, recently informed more than 1 million patients of a data breach that compromised both personal and health-related information.

CHC, a non-profit entity, offers comprehensive medical, dental, and mental health services to in excess of 145,000 actively engaged patients.

Details of the Network Breach

The breach involved unknown individuals who infiltrated CHC's network in mid-October 2024. It was not until January 2, 2025, that this security event was detected.

While attackers managed to steal sensitive files with personal and health data of 1,060,936 people, CHC assures that no system encryption occurred, and its operations continued unaffected.

Investigation Insights

An external team hired for post-incident analysis confirmed the involvement of skilled cybercriminals. According to CHC, the hackers didn’t destroy or lock any data, and their activities were halted promptly, leaving no ongoing risk to their systems.

Types of Stolen Information

The breach led to the theft of various types of data, including:

  • Personal details: names, dates of birth, addresses, phone numbers, emails, and Social Security numbers.
  • Health details: medical diagnoses, records of treatments, test results, and information regarding health insurance.

CHC could not provide additional specifics immediately when approached for further comments.

Context of Ransomware Shifts and Recent Incidents

Although CHC reported no encryption of systems, it is noteworthy that many ransomware operations now focus on data theft instead of encryption for extortion purposes. An illustrative case is the BianLian group, which decreased its use of encryption after a decryptor was made publicly available in January 2023.

Recent Attacks on Other Healthcare Entities

This same week, the New York Blood Center, a leading global blood collection institution, had to alter its schedule due to a ransomware attack. Similarly, UnitedHealth announced that about 190 million Americans were impacted by last year's Change Healthcare attack, a figure significantly higher than initially reported.

Regulatory Response to Healthcare Breaches

Amid this surge in healthcare data breaches, the U.S. Department of Health and Human Services (HHS) has proposed revisions to the HIPAA regulations. These changes aim to enhance the protection of patients’ health information.

The link has been copied!