Community Health Center notifies 1 million patients of data breach

What happened

Community Health Center (CHC) filed a data breach notice to the Maine attorney general on January 30th. According to the notice, approximately 1,060,936 individuals were impacted in the breach. 

Data accessed during the breach included names, dates of birth, addresses, phone numbers, emails, Social Security numbers, medical diagnoses, treatment details, test results, and health insurance.

Going deeper

According to the notice, attackers accessed CHC’s network in mid-October, 2024, but CHC did not discover the breach for several months. When the breach was discovered, on January 2nd, 2025, CHC immediately brought in experts to investigate and reinforce their systems. 

In response, the company said they added new “special” software to watch for suspicious activity. CHC is also providing free identity theft protection. 

What was said

In the notice, the CHC said that their investigators determined a skilled criminal hacker was behind the attack, but did not release any information on who may have been responsible. 

“Fortunately, the criminal hacker did not delete or lock any of our data, and the criminal’s activity did not affect our daily operations. We believe we stopped the criminal hacker’s access within hours, and that there is no current threat to our systems,” CHC said. “We are also working to make sure your information stays safe in the future.”  

Why it matters

Breaches against non-profit organizations can be devastating. These organizations often fill crucial needs within the community–CHC offers services to individuals throughout Connecticut who may be uninsured or underinsured. Despite being critical, these organizations may lack the necessary funding to protect their IT environment. 

With known vulnerabilities, non-profit organizations face increasing attacks. On the international scale, it’s estimated that these organizations are the second-most targeted by threat criminals.

It’s well-known that breaches can affect the operational status of healthcare organizations, from diverting ambulances to preventing payment processing. For non-profit organizations, the situation can be more dire if the organization is not able to immediately resolve the incident. 

The big picture

While incidents like these can be difficult to resolve, they are preventable with the right cybersecurity software and management. CHC claims they will now be using specialized technology to monitor their systems. While it’s unclear what technology they are using, monitoring the network is a great step to prevent future data breaches. 

Related: HIPAA Compliant Email: The Definitive Guide.