25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Massachusetts Mental Health Service Provider Suffers 46K-record Data Breach

Posted By on May 22, 2025

Data breaches have recently been announced by Community Counseling of Bristol County in Massachusetts, Community Hospital of Anaconda in Montana, and Radiology Chartered in Wisconsin.

Community Counseling of Bristol County, Massachusetts

Community Counseling of Bristol County (CCBC), a mental health service provider in Taunton, Massachusetts, has recently announced a data breach that occurred a year ago in May 2024. A security breach was detected on or around May 20, 2025, and the forensic investigation confirmed that an unauthorized third party had access to its network between May 18, 2024, and May 20, 2024.

CCBC conducted an extensive review of documents on the compromised parts of its network and that process was completed on April 25, 2025, when it was confirmed that the compromised information included full names, addresses, dates of birth, Social Security numbers, driver’s license or state ID numbers, financial account information, medical information, and health insurance information.

Notification letters were mailed to the affected individuals on May 19, 2025, and individuals whose Social Security numbers were involved have been offered complimentary credit monitoring services. The data breach is not yet shown on the HHS’ Office for Civil Rights breach portal. The Maine Attorney General has been informed that 45,960 individuals were affected, including 30 Maine residents.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Community Hospital of Anaconda, Montana

On May 19, 2025, Community Hospital of Anaconda in Montana announced a cyberattack and data breach that occurred in August 2024. The non-profit community hospital serves patients in the Anaconda-Deer Lodge County community. On August 12, 2024, unusual activity was identified within its computer network that disrupted certain IT systems. The forensic investigation confirmed there had been unauthorized access to its network from August 10 to August 12, 2024, during which time a threat actor potentially accessed or acquired files containing patient information.

The hospital worked with third-party data review experts to determine which patients had been affected and the types of data involved. That process was completed in May 2025, and notification letters were mailed to the affected individuals on May 19, 2025. The data compromised in the incident varied from individual to individual and included names in combination with some or all of the following: date of birth, Social Security number, driver’s license/state identification number, U.S. military identification number, passport number, financial account information, patient account number, medical record number, Medicare/Medicaid numbers, treatment information, and health insurance information. Complimentary credit monitoring and identity theft protection services have been offered to the affected individuals. The data breach was reported to the HHS’ Office for Civil Rights on May 19, 2025, as affecting 21,243 individuals.

Radiology Chartered, Wisconsin

Radiology Chartered, in Green Bay, Wisconsin, has confirmed it has been affected by a data breach at the debt collection agency, Nationwide Recovery Services (NRS). The incident was discovered by NRS on July 11, 2024, and the investigation confirmed that a threat actor had access to the NRS network between July 5, 2024, and July 11, 2024, during which time files were copied from the NRS network. At no point did the threat actor have access to Radiology Chartered’s systems.

Radiology Chartered was notified about the data breach on March 24, 2025, and has been working on reviewing the data to allow notifications to be sent. The compromised data included names, dates of birth, and Social Security numbers. Prior to that written notice, Radiology Chartered was unaware there had been a breach and was also not aware that NRS still held a copy of the data previously provided to the firm, since Radiology Chartered no longer works with NRS.

Radiology Chartered is issuing notification letters to the affected individuals and is offering single-bureau credit monitoring, credit score, and credit report services. The HHS’ Office for Civil Rights breach portal indicates 12,656 individuals were affected.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist