LifePoint Health; Southwest Behavioral & Health Services; Nottingham Village Report Data Breaches
Data breaches have been announced by Lifepoint Health, Southwest Behavioral & Health Services, and Nottingham Village.
Lifepoint Health
Lifepoint Health Inc., a healthcare delivery network that operates more than 60 hospital campuses in 28 U.S. states, more than 30 rehabilitation and behavioral health hospitals, and over 170 acute rehabilitation units, discovered unauthorized activity within its network on February 23, 2026. The forensic investigation traced the activity to a compromised user account. Assisted by third-party cybersecurity experts, Lifepoint Health determined that an unauthorized third party gained limited access to certain internal databases on February 22, 2026. The incident was fully contained within 24 hours.
Lifepoint Health determined that the data breach was limited in scope and was restricted to employees of contracted vendors. Direct employees of the company and patients were not affected. The affected employees had their names, addresses, phone numbers, dates of birth, and Social Security numbers compromised in the incident. Notification letters were sent to those individuals on April 23, 2026, and complimentary credit monitoring and identity theft protection services have been made available.
Southwest Behavioral & Health Services
Southwest Behavioral & Health Services, a Phoenix, AZ-based non-profit behavioral health organization, has identified a breach of its email environment. Suspicious activity was identified within its email environment on April 1, 2026, and the forensic investigation determined that six employee email accounts were compromised.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The review of the affected email accounts was completed on April 30, 2026, and notification letters have now been sent to the 2,316 affected individuals. Southwest Behavioral & Health Services has published a substitute breach notice on its website, but it does not state the types of information exposed in the incident. No evidence has been identified to suggest any misuse of the exposed data; however, as a precaution, the affected individuals have been offered complimentary credit monitoring and identity theft protection services, and steps have been taken to improve email security to prevent similar incidents in the future.
Nottingham Village
Nottingham Village, a skilled nursing and assisted living facility in Northumberland, Pennsylvania, has notified 5,240 individuals about a security incident that was identified on November 9, 2025. After securing its network, an investigation was launched, and on May 12, 2026, it was confirmed that the exposed data included names, birth dates, Social Security numbers, driver’s license numbers/state government IDs, financial account information, medical information, and health insurance information. Nottingham Village said it continually evaluates and modifies its security practices and will continue to do so in the future.
