National Association on Drug Abuse Problems Announces Data Breach Affecting 90,000 Individuals
The National Association on Drug Abuse Problems has experienced a data breach affecting up to 90,000 individuals. An insider data breach has been discovered by Weill Cornell Medicine, and Commonwealth Care Alliance has identified a mis-mailing incident.
The National Association on Drug Abuse Problems Hacking Incident Affects 90K Individuals
The National Association on Drug Abuse Problems (NADAP), a New York-based nonprofit, has disclosed a cybersecurity incident that has affected up to 90,000 individuals. Suspicious activity was identified within its network on or around January 10, 2026. Immediate action was taken to secure its network, and an investigation was launched to determine the nature and scope of the activity. On or around January 27, 2026, NADAP determined that the protected health information of certain clients, employees, and related individuals was present in files that were subject to unauthorized access.
The files have been reviewed and found to contain names, Social Security numbers, dates of birth, medical or health information, health care treatment or diagnostic information, health insurance information, and tax or financial information. The types of data involved vary from individual to individual. NADAP has implemented additional measures to enhance network security, including strengthening password requirements and implementing conditional access policies, and the incident has been reported to regulators and law enforcement. No known threat group has claimed responsibility for the incident.
The substitute data breach notice makes no mention of complimentary credit monitoring services. The affected individuals have been advised to remain vigilant against identity theft and fraud by monitoring their accounts and explanation of benefits statements for suspicious activity.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Weill Cornell Medicine Identifies Insider Data Breach
Weill Cornell Medicine, the medical school of Cornell University in New York, has identified an insider breach involving the electronic medical records of 516 patients. Following an internal investigation, Weill Cornell Medicine confirmed that a former employee had accessed patient records for reasons unrelated to their job duties.
The potential for misuse of patient data is limited due to the nature of the data accessed, which was limited to name, contact information, and reason for visit. No Social Security numbers, clinical information, or financial information were accessed. Weill Cornell Medicine did not state the reason for the access but confirmed that the employee is no longer with the organization. All affected individuals have been notified by mail, and additional security measures have been implemented to reduce the risk of similar incidents in the future.
Commonwealth Care Alliance Announces Mis-Mailing Incident
Commonwealth Care Alliance, a Massachusetts-based health plan and care delivery system, has notified 634 individuals about a recent mis-mailing incident. The incident was identified on December 29, 2025, and involved letters intended for one member being mailed to an incorrect member. The letters included a member’s name, CCA Member ID number, and their Medicare eligibility status only. An investigation was launched to identify the cause of the error, and additional safeguards have been implemented to reduce the risk of similar incidents in the future, including supplemental quality checks with its mailing process.
