NCH Corporation Employee Benefits Plan Member Data Stolen
Personal and protected health information has been compromised in security incidents affecting NCH Corporation Employee Benefits Plan members, and patients of Foundation Health Partners in Alaska and One Community Health in California.
NCH Corporation
The global industrial solutions provider, NCH Corporation, has announced a breach of the protected health information of 3,098 members of its Employee Benefits Plan. Like many organizations of its size, NCH Corporation uses Oracle’s E-Business Suite (EBS) software to help with the management of its operations.
A previously unknown vulnerability in the software – CVE-2025-61882 – was exploited by a threat actor to gain access to the Oracle EBS application, and sensitive data was exfiltrated. NCH Corporation was one of several organizations to be attacked in this manner in mid to late 2025. While not stated by NCH Corporation in its data breach notification letters, this was a mass exploitation by the Cl0p ransomware group, which specializes in exploiting zero-day vulnerabilities.
Assisted by third-party cybersecurity experts, NCH Corporation determined that the vulnerability was exploited in mid-August, and the threat actor obtained names, dates of birth, Social Security numbers, and benefits election information. NCH Corporation has resolved the vulnerability by deploying the patch developed by Oracle and has implemented other measures to improve security. The affected individuals have been offered complimentary credit monitoring and identity theft protection services.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Foundation Health Partners
Foundation Health Partners (FHP), a community-owned and operated health system in Alaska, has alerted certain patients about a mailing incident in November 2025 that resulted in an impermissible disclosure of limited patient information. FHP operates Fairbanks Memorial Hospital, Tanana Valley Clinic, Denali Center, and several outpatient clinics in the state.
On November 14, 2025, FHP was notified that letters had been mailed to incorrect addresses. An investigation was launched, which confirmed that an error had been made with a November 13, 2025, mailing to patients to advise them about a provider’s departure from an FHP Clinic. In each case, a letter was sent to an incorrect address and included the patient’s name and their status with the specific FHP clinic. FHP said it has provided additional training to the relevant individuals to prevent similar incidents in the future and has revised its procedures for mailings to include additional checks to confirm the accuracy of mailing addresses. The incident is currently listed on the HHS’ Office for Civil Rights breach portal using a placeholder figure of at least 501 affected individuals.
One Community Health
Sacramento, CA-based One Community Health has confirmed that it was affected by a cybersecurity incident at the healthcare clearinghouse Trizetto Provider Solutions. The Trizetto data breach involved unauthorized access to a web portal used by some of its healthcare clients, including One Community Health, between November 2024 and October 2025. Trizetto discovered the intrusion on October 2, 2025, and recently notified One Community Health that the threat actor had accessed historical eligibility transaction reports.
Those reports contained protected health information such as names, addresses, dates of birth, Social Security numbers, health insurance information, primary insured or dependent information, and other demographic and health information. The affected individuals have been offered complimentary credit monitoring, fraud consultation, and identity theft restoration services. At present, it is unclear how many One Community Health patients have been affected.
