25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Over 1 Million Patients Affected by Community Health Center Data Breach

Posted By on Feb 3, 2025

Community Health Center, a nonprofit healthcare provider in Middletown, Connecticut, has notified more than 1 million individuals about a recent data breach. Unauthorized activity was identified in its computer systems on January 2, 2025, and external cybersecurity experts were engaged to assist with the investigation and determine the nature and scope of the unauthorized activity.

The investigation confirmed that a criminal hacker accessed its computer systems and exfiltrated data from its network. Community Health Center did not confirm whether a ransom demand was issued; however, explained that no data was deleted from its network and files were not encrypted, therefore the incident had no impact on daily operations. Community Health Center explained in the notification to the Maine Attorney General that “We believe we stopped the criminal hacker’s access within hours, and there is no current threat to our systems.” The Maine Attorney General breach notice states that the breach first occurred on October 14, 2024.

The file review has now been completed and Community Health Center has confirmed that the following information may have been exfiltrated: names, addresses, phone numbers, email addresses, dates of birth, diagnoses, test results, treatment information, health insurance information, and Social Security numbers. Up to 1,060,936 individuals have been affected, including pediatric patients and their parents and guardians. Some of the affected patients have deceased, and notifications are being sent to their next of kin. While the majority of affected patients are likely Connecticut residents, the California Attorney General has also been sent a notification about the data breach. At more than 1 million records, this is the largest healthcare data breach reported so far this year. Employees of Moses-Weitzman Health System were also affected.

Community Health Center said security has been strengthened and software implemented to monitor its systems for suspicious activity. While there are currently no indications that any of the stolen data has been misused, Community Health Center has offered the affected individuals complimentary identity theft protection services for 24 months.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist