Hillcrest Convalescent Center Announces 106K-Record Data Breach
Cyberattacks and data breaches have been announced by Hillcrest Convalescent Center in North Carolina, Bay Cove Human Services in Massachusetts, and SMC Corporation of America in Indiana. The Hillcrest incident involved the data of 106,194 individuals.
Hillcrest Convalescent Center
Hillcrest Convalescent Center in Durham, North Carolina has notified 106,194 individuals about a data security incident identified on June 27, 2024. Suspicious network activity was detected, and third-party cybersecurity experts were engaged to investigate and determine the nature and scope of the incident. They confirmed that an unauthorized third party had access to the network and acquired data from its systems. The data review was completed on February 13, 2025, and confirmed that names, dates of birth, Social Security numbers, medical information, treatment information, healthcare provider information, and health insurance information had been exposed. At the time of issuing notifications, Hillcrest Convalescent Center was unaware of any misuse of the affected data. The affected individuals have been offered between 12 and 24 months of complimentary credit monitoring and identity restoration services.
Bay Cove Human Services
Bay Cove Human Services in Boston, Massachusetts, has discovered unauthorized access to its network and potential data theft. Unusual network activity was identified on December 30, 2024, and cybersecurity experts were engaged to investigate the activity and confirmed that sensitive data had been exposed, including names, dates of birth, Social Security numbers, diagnosis/treatment information, and/or other health-related information. It was not possible to determine which patients had their data accessed or stolen, so the decision was taken to notify all 21,295 patients whose data was stored on the compromised parts of the network. Notification letters were mailed to all affected individuals on March 3, 2024. Bay Cove Human Services has also confirmed that steps have been taken to enhance security to prevent similar incidents in the future.
SMC Corporation of America
SMC Corporation of America in Indiana has alerted 6,566 current and former employees about an attempted ransomware attack. The security incident was detected on December 8, 2025, when a foreign threat actor breached its network and attempted to disrupt its IT infrastructure in a possible effort to deploy ransomware and solicit a ransom payment. The forensic investigation confirmed that the threat actor had access to internal systems that contained the personal information of current and former employees, and some of that information may have been copied.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The data review confirmed that employment data had potentially been compromised including first and last names, dates of birth, addresses, bank account information, driver’s licenses, payroll information, SMC employee account numbers and positions, Social Security Numbers, SMC employee benefit information, data related to certain medical information in connection with SMC benefits, and other identifying information. SMC Corporation of America said significant investments had been made in cybersecurity; however, they were not successful in preventing the attack on this occasion. SMC is working with its IT team and cyber security partner to evaluate its security protocols and processes to prevent similar incidents in the future.
