The healthcare business has recently been a prime target for hackers. You probably recall the 2024 Ascension attack, which caused considerable problems.
The breach at Change Healthcare was similarly large. UnitedHealth first stated that 100 million Americans were affected, but then increased the figure to 190 million.
There have been several additional cases, and you can now add one to the list. Community Health facility, Inc. (CHC), a federally certified health facility in Connecticut, has acknowledged a data breach that occurred as a result of a criminal hack on its systems.
The attack affected more than a million individuals in the United States.
What You Need To Know
Community Health Center, Inc. (CHC) discovered a data breach on January 2 after seeing odd activity in its computer systems. An examination revealed that a sophisticated hacker had accessed and extracted data without deleting or locking any information. If CHC’s claims are correct, this is a great consequence, as hackers frequently use ransomware, a sort of attack in which they lock systems and demand money before regaining access.
In a regulatory filing with the Maine Attorney General’s Office, CHC said that the data breach affected 1,060,936 persons. The type of information exposed varies according to the individual’s relationship with CHC. Patient information that might have been accessed includes names, dates of birth, addresses, phone numbers, email addresses, diagnoses, treatment details, test results, Social Security numbers, and health insurance information.
Individuals who are not regular CHC patients but obtained COVID-19 services at a CHC clinic may have had their names, dates of birth, phone numbers, email addresses, addresses, gender, race, ethnicity, and insurance information compromised (if submitted). Additional information, such as test dates, results, and vaccination specifics, including kind, dosage, and administration date, may have been impacted. In rare situations, the leak contained Social Security numbers.
The firm did not say how the hackers acquired access to the data or if sufficient cybersecurity procedures were in place at the time of the attack. While CHC has ensured that its systems are no longer vulnerable, the same cannot be said for its patients, who may now be the target of a variety of cyberattacks.
CHC’s Response
CHC stated that the hacker’s access was removed within hours, and everyday operations were not interrupted. To improve cybersecurity, CHC claims to have adopted advanced monitoring tools and strengthened system safeguards. The business stated that there is currently no proof that the hacked data was abused.
The health institution is providing free identity theft protection services to all patients and COVID-19 service clients whose Social Security numbers were compromised in the attack. Individuals whose Social Security numbers were not compromised should likewise take extra precautions to secure their information, according to the group.
6 strategies to protect yourself from the Change Healthcare data leak.
- Remove your personal information from the internet: Because the hack revealed sensitive personal information, you must minimize your online footprint. While no service can guarantee total data erasure, a reliable data cleaning provider can greatly reduce your risk. These services routinely monitor and delete your personal information from various websites and data brokers. See my best selections for data removal services here.
- Be aware of mailbox communications: With addresses included in the exposed data, fraudsters may use this hack to send bogus letters. Be wary of emails alleging missing delivery, account suspensions, or security concerns. Before reacting or acting on such communications, always verify their validity.
- Be wary of phishing attempts and install good antivirus software: Scammers might use your hacked email or phone number to target you with phishing attacks. Be aware of communications that seek for personal information or include dubious links. To protect yourself, use robust antivirus software on all of your gadgets. Get my top selections for the greatest antivirus protection in 2025 for Windows, Mac, Android, and iOS.
- Monitor your accounts: Given the breadth of this breach, it is vital to regularly monitor your bank accounts, credit card bills, and other financial accounts. Look for fraudulent purchases or questionable behavior, and notify your bank or credit card issuer right away.
- Recognize and report a Social Security scam: If your Social Security number is compromised, you may become a victim of similar frauds. Official contact about Social Security concerns is normally sent by letter rather than phone calls or emails. To learn more about detecting and reporting frauds, go to the Social Security Administration’s scam website.
- Invest in identity theft protection: Data breaches occur on a daily basis, and the majority never make headlines; but, with an identity theft protection service, you will be alerted if and when you are affected. An identity theft protection service may track personal information such as your Social Security number (SSN), phone number, and email address and notify you if it is sold on the dark web or used to register an account. It can also help you freeze your bank and credit card accounts to prevent future unlawful usage by crooks.
One of the benefits of choosing an identity theft protection service is that it may include identity theft insurance for up to $1 million in damages and legal expenses, as well as a white glove fraud resolution team with a U.S.-based case manager to assist you in recovering any losses. See my top strategies and recommendations for preventing identity theft.
Kurt’s main takeaway.
The CHC breach may not be as huge as the UnitedHealth hack, but with over a million people affected, it is still a major issue. Cybercriminals can use stolen data in a variety of ways, including identity theft and targeted phishing schemes. CHC has taken efforts to safeguard its systems, but individuals affected should stay watchful. Be vigilant of unsolicited emails, phone calls, or texts demanding personal information, and consider monitoring bank and medical accounts for any unusual activity.