Community Health Center reports data breach affecting over 1 million patients

Connecticut-based Community Health Center, Inc. (CHC) has disclosed a significant data breach impacting over one million patients following a cyberattack on its systems. The breach, first detected on January 2, 2025, was officially reported to the Office of the Maine Attorney General on January 30, 2025. According to CHC, the incident has compromised the sensitive personal and health information of individuals who have been patients or received COVID-19 services at its clinics.

CHC President and CEO Mark Masselli expressed regret over the incident, stating, "We sincerely regret any inconvenience resulting from this criminal activity and thank you for your continued support of CHC." He emphasized the organization’s swift response to the breach, including engaging cybersecurity experts immediately upon detecting unusual activity. These experts confirmed unauthorized access but found no data encryption or deletion evidence. CHC managed to terminate the hacker’s access within hours, ensuring that healthcare services remained unaffected.

The breach has potentially impacted 1,060,936 individuals, including regular patients and those who received COVID-19 testing or vaccinations at CHC facilities. The compromised information includes names, dates of birth, contact details, Social Security Numbers (SSNs), diagnostic data, treatment history, and health insurance information. Additionally, for individuals treated specifically for COVID-19, test results and vaccination records may also have been exposed.

CHC has taken proactive security measures in response to the breach and offers complimentary identity theft protection services through IDX to individuals whose SSNs were compromised. These services include 24 months of credit monitoring, identity recovery assistance, and insurance reimbursements of up to $1 million for victims of identity theft. CHC has also advised all potentially affected individuals to take additional precautionary steps to safeguard their personal information.

As part of its outreach efforts, CHC has sent notification letters to affected individuals and launched a dedicated website to assist those who may not have received direct communication. The organization remains committed to strengthening its cybersecurity framework to prevent future incidents.