Data Breaches Announced by The Black Hills Regional Eye Institute & The Children’s Center of Hamden
Data breaches have recently been announced by Black Hills Regional Eye Institute in South Dakota and the Children’s Center of Hamden in New York.
Black Hills Regional Eye Institute
The Black Hills Regional Eye Institute in Rapid City, South Dakota, has fallen victim to a cyberattack that was identified on or around January 8, 2025. Systems were rapidly taken offline to prevent further unauthorized access and to contain the incident, and an investigation was launched to determine the nature and scope of the unauthorized activity. The investigation confirmed on or around February 7, 2025, that patient information had been accessed and acquired by the threat actor, who had access to certain systems from January 4, 2025, to January 8, 2025.
A comprehensive file review was conducted to determine the individuals affected and the types of data involved, which concluded on July 30, 2025. Black Hills Regional Eye Institute determined that the compromised data included patients’ first and last names in combination with one or more of the following: date of birth, Social Security number, driver’s license number, diagnoses, treatment information, medical history, medical record number, medications, provider name, surgical information, insurance information, and/or credit card information.
While sensitive data was acquired, Black Hills Regional Eye Institute has not found any evidence to indicate any misuse of that information. All staff and patients affected by the incident have been advised to remain vigilant against identity theft and fraud, and individuals whose Social Security numbers were involved have been offered complimentary credit monitoring and identity theft protection services. The HHS’ Office for Civil Rights breach portal indicates up to 106,763 individuals have been affected.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The Children’s Center of Hamden
The Children’s Center of Hamden (TCCOH), a nonprofit behavioral health organization in Connecticut, has notified more than 5,000 individuals about the exposure of some of their personal and health information. Potential unauthorized activity was identified within its computer network on December 28, 2024. Assisted by third-party cybersecurity experts, TCCOH confirmed that files containing patient information had been exposed and were potentially acquired by the attackers.
The file review was completed on June 29, 2025, and it was confirmed that employee and client data were compromised in the incident, including first and last names, Social Security numbers, and protected health information. Notification letters were mailed to the affected individuals on August 28, 2025. The incident is not yet shown on the HHS’ Office for Civil Rights portal; however, the Maine Attorney General was informed that 5,213 individuals have been affected. Complimentary credit monitoring services are being offered for 12 months.
