Community Health Center, Inc. (CHC) discloses data breach impacting over 1 million patients
Community Health Center, Inc. (CHC), a Connecticut-based federally qualified health center, disclosed a data breach on February 8, 2025, following a criminal cyberattack on its systems. The breach, discovered on January 2, potentially exposed the medical records and Social Security numbers of more than 1 million patients, including those who received COVID tests and vaccines.
Signal context
First seen: Feb 8, 2025
Last updated: Jun 30, 2026
Status: Public signal
Key points
- Criminal cyberattack on systems.
- Discovered on January 2, 2025.
- Disclosed on February 8, 2025.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Health Care and Social Assistance
Likely country: Location not provided
Watch internet-facing systems, credential abuse and exploit activity.
- Source type: outside the affected organization
Impact area: Confidentiality
Likely asset: User or customer data
- 6 signals in the same sector
- 88 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
February 2025 Data Breaches [LIST] - Pomeriumhttps://www.pomerium.com/blog/february-2025-data-breaches-listPublic source from pomerium.com.
Cyber News Roundup February 7th 2025 - Integrity360https://www.integrity360.com/en-us/resources/threat-intel-roundup/threat-intel-roundup-7-2-25Public source from integrity360.com.
Related signals
Grouped by why the signal is relevant.
Huntsville Hospital Health System Notifies Patients of Data Exposure from Cerner Breach
Huntsville Hospital Health System informed patients on June 26, 2026, about a data exposure stemming from a 2025 breach on Cerner's (now Oracle Health) legacy systems. The breach, which occurred on January 22, 2025, exposed personal and medical information. Cerner had notified its healthcare clients, including Huntsville Hospital, on August 12, 2025, but patient notification was delayed at the request of law enforcement.
ACLA Data Breach Exposes Social Security Numbers and Medical Information
Anatomic and Clinical Laboratory Associates P.C. (ACLA) disclosed a data breach involving unauthorized access to its computer network. The breach, discovered in December 2025, exposed personally identifiable information (names, dates of birth, Social Security numbers, taxpayer identification numbers) and protected health information (medical dates of service, diagnoses, medical history) for 69 Massachusetts residents.
Kentucky Mountain Health Alliance Discloses Data Breach Affecting SSNs and Medical Records
Kentucky Mountain Health Alliance Inc., a nonprofit health center, disclosed a data breach to the Massachusetts Office of Consumer Affairs and Business Regulation on June 19, 2026. The incident involved unauthorized access to patient data, some of which was copied. The exposed information included driver's licenses, medical records, and Social Security numbers. The specific method of attack, dates of the incident, or discovery date remain unknown. The organization is offering affected individuals a free, two-year membership to identity monitoring services.
Horizon Family Medical Group Data Breach
Reports emerged on June 18, 2026, of a possible data breach at Horizon Family Medical Group, a medical provider in New York's Hudson Valley region. Threat actor Incransom claimed to have stolen 7 TB of data, including medical information such as diagnoses, prescriptions, treatments, and lab results.
Novo Nordisk Discloses Breach of Clinical Trial Data
Danish pharmaceutical giant Novo Nordisk disclosed a data breach where attackers gained access to internal IT systems and copied pseudonymized clinical trial data from research systems. The exposed information included patient IDs, trial participation details, limited health data, and some contact information for healthcare professionals.
Aflac Life Insurance Japan Suffers Cybersecurity Breach Exposing Policyholder Data
Aflac Life Insurance Japan disclosed unauthorized access to its systems between June 15 and June 25, 2026. The breach affected files containing policy details, personal information, and bank account information of approximately 4.38 million customers. The company has suspended affected systems and is investigating the incident with third-party cybersecurity experts.