Data Breaches Announced by Community Health Network; Mid South Rehab Services
Cybercriminals have gained access to employee email accounts at Community Health Network in Indiana and Mid South Rehab Services in Mississippi and may have exfiltrated patient information.
Community Health Network, Indiana
Community Health Network, a non-profit health system with more than 200 locations and affiliates in Central Indiana, has recently notified 13,939 Indiana residents about a security incident involving unauthorized access to an employee’s email account. The intrusion was identified on February 26, 2025, and the threat was immediately contained. An investigation was launched to determine the nature and scope of the unauthorized activity, and it was confirmed that the breach was limited to a single email account, which was accessed by an unauthorized individual between February 25 and February 26, 2025.
The email account was reviewed, and on May 8, 2025, it was confirmed that the account contained patients’ protected health information. Following a comprehensive manual document review, on July 15, 2025, Community Health Network confirmed the number of individuals affected and the types of information involved. The exposed data was limited to names, dates of birth, medical information, and health insurance information, which was potentially copied from the email system. After verifying contact information, the affected individuals were notified by mail on September 12, 2025, and advised to remain vigilant against misuse of their data by checking their accounts, free credit reports, and explanation of benefits statements. Credit monitoring services do not appear to have been offered.
Mid South Rehab Services Inc., Mississippi
Mid South Rehab Services Inc., a Ridgeland, Mississippi-based provider of physical, occupational, and speech therapy services, has recently notified patients about a breach of its email environment. Unauthorized activity was identified in an employee’s email account on or around January 16, 2025. The email account was immediately secured, and an investigation was launched to determine the nature and scope of the activity. The investigation covered its entire email environment and confirmed that two email accounts had been accessed by an unauthorized third party.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The review of those accounts confirmed that emails and attachments contained patient information such as names, dates of birth, Social Security numbers, and medical/health information. The affected individuals have been advised to monitor their account statements, credit reports, and explanation of benefit statements for unusual activity. The data breach has been reported to regulators, but the incident is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.
