Patients of Philadelphia’s Laurel Health Centers Affected by Data Breach
Patients of Laurel Health Centers have been notified that their protected health information was exposed in a July 2025 security incident, and Modern Health has identified unauthorized access to member profiles.
Laurel Health Centers
Laurel Health Centers, a Federally Qualified Health Center network in Northern Pennsylvania, has discovered unauthorized access to its email environment. An investigation was launched on July 14, 2025, to determine the cause of unusual email activity. The investigation determined that an unauthorized third party had access to certain email accounts between July 11, 2025, and July 25, 2025. During that time, emails and files may have been viewed or copied.
The affected email accounts were reviewed and found to contain patient information. The types of information vary from individual to individual and may include names in combination with one or more of the following: address, telephone number, email address, date of birth, Social Security numbers, medical record number, date(s) of service, medical provider, Medicare information, insurance information, diagnostic information, treatment and diagnosis data, insurance carrier, procedure codes, disability status, dental and denture information, immunization record, behavioral health information, Pennsylvania Account ID, account number, credit card information, checking account information and claim information.
Laurel Health Centers said it took time to conclusively determine that the threat actor no longer had access to its systems, hence the delay between discovering the unauthorized activity and confirming that the threat actor had been eradicated from its email environment. The review of the email accounts concluded on December 30, 2025, and notification letters were mailed to the affected individuals shortly thereafter. Complimentary credit monitoring services have been offered to the affected individuals. The incident is not currently listed on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Modern Health
Modern Health, a management support organization that provides services to several affiliated entities, including Modern Health Arizona, Modern Health California, Modern Health New Jersey, Elevate Tele-Medicine Telehealth, and Modern Life, has recently notified the Massachusetts Attorney General about an incident involving unauthorized access to member profiles on its behavioral health platform.
In November 2025, Modern Health determined that an unauthorized individual had accessed a limited number of member profiles. Steps were immediately taken to disable those profiles, and an investigation was launched to determine the extent of the unauthorized activity. The affected profiles were reviewed and found to contain sensitive member data, although Social Security numbers and financial information were not exposed. The review of the affected profiles was completed on January 5, 2026, and the affected individuals were notified via email on January 12, 2026. It is currently unclear how many individuals were affected in total. The Massachusetts Attorney General was informed that two state residents were affected.
