U.S Community Health Center Hacked – 1 Million Patients Data Stolen

Community Health Center, Inc. (CHC), a Connecticut-based federally qualified health center, has disclosed a data breach following a criminal cyberattack on its systems.

The breach potentially exposed the sensitive personal and health information of patients and individuals who received COVID-19 tests or vaccines at CHC clinics.

The organization has issued letters to affected individuals and set up a dedicated website to assist those who may not have received direct communication.

In a regulatory filing with the Maine Attorney General’s Office, CHC reported that the data breach impacted 1,060,936 individuals.

Details of the Incident

According to CHC report, the breach was detected on January 2, 2025, when unusual activity was identified within its computer systems. Cybersecurity experts were immediately brought in to investigate and secure the network.

It was determined that a skilled hacker had accessed and extracted data but did not delete or lock any information.

CHC stated that the hacker’s access was terminated within hours, and daily operations were not disrupted. The organization believes there is no ongoing threat to its systems.

The type of information involved varies depending on the individual’s relationship with CHC:

• CHC Patients: Data potentially accessed includes names, dates of birth, addresses, phone numbers, email addresses, diagnoses, treatment details, test results, Social Security Numbers (SSNs), and health insurance information.
• COVID-19 Test or Vaccine Recipients: For individuals who are not regular CHC patients but received COVID-19 services at a CHC clinic, the compromised data may include names, dates of birth, phone numbers, email addresses, addresses, gender, race, ethnicity, and insurance details (if provided). Additional information such as test dates and results or vaccine details (e.g., type, dose, and administration date) may also have been affected. In rare cases where an SSN was collected for these individuals, it may have been included in the breach.

CHC has taken immediate steps to enhance its cybersecurity by implementing advanced monitoring software and reinforcing system protections. The organization has assured the public that there is no evidence of misuse of the compromised data at this time.

Mark Masselli, President and CEO of Community Health Center, Inc., expressed regret over the incident: “We sincerely regret any inconvenience resulting from this criminal activity and thank you for your continued support of CHC.”

To support affected individuals, CHC is offering free identity theft protection services through IDX for all patients and COVID-19 service recipients whose SSNs were involved. These services include:

• 24 months of credit and CyberScan monitoring
• A $1 million insurance reimbursement policy
• Identity recovery assistance in case of theft

Individuals whose SSNs were not impacted are encouraged to follow recommended steps for additional protection.

CHC advises those who may be impacted to contact IDX at 1-877-229-9277 for assistance or to enroll in the free identity protection services. IDX representatives are available to address questions and provide guidance on safeguarding personal information.

Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Try 14 Day Free Trial.