Data Breaches Announced by North Atlantic States Carpenters Health Benefits Fund & Millcreek Pediatrics
Data breaches have recently been announced by the North Atlantic States Carpenters Health Benefits Fund in Massachusetts and Millcreek Pediatrics in Delaware.
Millcreek Pediatrics, Delaware
Millcreek Pediatrics, a Wilmington, Delaware-based pediatric medical practice, has recently reported a data security incident to the HHS Office for Civil Rights involving the protected health information of 14,095 individuals. Unauthorized access to its network was detected on or around February 25, 2025. A leading digital forensics firm was engaged to investigate the activity, which confirmed unauthorized network access between February 17, 2025, and February 25, 2025.
On October 27, 2025, the file review confirmed that protected health information had been exposed, including full names, birth dates, medical record numbers, patient identification numbers, driver’s license numbers/state identification numbers, dates of service, claims information, provider information, and clinical/treatment information. A limited number of the affected individuals also had their Social Security numbers exposed.
Notification letters started to be sent to the affected individuals on November 21, 2025. Individuals whose Social Security numbers were involved have been offered complimentary credit monitoring services. Millcreek Pediatrics said it will continue to review and modify its privacy and data security practices to enhance protections and prevent similar incidents in the future.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
North Atlantic States Carpenters Health Benefits Fund, Massachusetts
North Atlantic States Carpenters Health Benefits Fund has recently disclosed a cybersecurity incident that was detected on or around August 18, 2025, when suspicious network activity was identified within its Hamden, CT office. Immediate action was taken to secure its network, including resetting passwords, and third-party specialists were engaged to investigate the incident. The investigation has confirmed unauthorized access or acquisition of files containing sensitive member data, which may include individuals who received benefits from the North Atlantic States Carpenters Pension Fund, the Guaranteed Annuity Fund, the Health Benefit Fund, the Annuity Fund, or the Vacation Fund.
The incident has been reported to the HHS’ Office for Civil Rights using a placeholder figure of 501 individuals. The total will be updated when the file review is concluded. The categories of information likely involved includes names, dates of birth, Social Security numbers, financial account/payment card information (including access codes), login credentials, tax information, military identification numbers, diagnoses, medical treatment information, medical histories, health insurance information, biometric information, driver’s license or state issued identification numbers, passport numbers, and/or license plate numbers. All individuals potentially affected have been advised to remain vigilant against incidents of identity theft and fraud by reviewing their account statements and credit reports.
