25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Premier Health Partners Announces July 2023 Data Breach

Posted By on Jul 22, 2025

Premier Health Partners, a Dayton, OH-based network of three hospitals and two major medical centers, has recently issued a press release about a data breach first identified over two years ago. The July 18, 2025, press release explains that on July 12, 2023, Premier Health identified suspicious activity within certain computer systems.

An investigation was launched, which confirmed that an unauthorized third party had access to its systems between July 7, 2023, and July 12, 2023, during which time files were acquired from its network. The files were reviewed to determine if any sensitive information had been compromised, and it was confirmed that the exposed data included names, dates of birth, driver’s license numbers, Social Security numbers, passport numbers, taxpayer identification numbers, digital signatures, login credentials, financial account information, medical information, and health insurance information. Premier Health said the security incident did not have any impact on its services, which remained fully operational throughout.

Notification letters have been mailed to the affected individuals, and complimentary credit monitoring and identity theft protection services have been offered as a precaution against identity theft and fraud. Premier Health also said no evidence has been found to indicate any misuse of the exposed data. In addition to signing up for the credit monitoring and identity theft protection services, Premier Health recommends that the affected individuals remain vigilant against identity theft and fraud, and if login credentials were involved, to change relevant passwords and implement multifactor authentication where possible.

The press release and website substitute breach notice do not state why it has taken two years from the date of discovery of the security incident to announce the data breach, only stating that the file review has recently concluded. The OCR data breach portal includes a listing for “Premier Health Partners and wholly owned covered entities listed in description section below,” which was submitted to OCR on October 12, 2023. The data breach is listed as a network server hacking/IT incident affecting 10,833 individuals, and is listed in the “under investigation” section of the OCR data breach portal.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The only other listing for Premier Health Partners is an October 2, 2020, breach report affecting 254,786 individuals. OCR’s investigation of that incident has closed. When an investigation is closed by OCR, a description is included in the listing, which confirms that the 2020 data breach was an email phishing incident. The timing of the October 12, 2023, listing suggests it relates to the July 2023 data breach.

Each month, The HIPAA Journal compiles healthcare data breach reports and retains the raw data used to compile those reports. The first time that the October 12, 2023, listing was included on the OCR breach portal was in the data downloaded by The HIPAA Journal on December 19, 2024. The data breach was therefore added to the OCR data breach portal at some point between November 19, 2024, and December 19, 2024.

It is unclear why it took so long for OCR to add the October 12, 2023, listing to its data breach portal. There is usually a delay between a data breach report being received by OCR and it being added to the data breach portal. OCR performs certain verification checks before adding data breaches to the breach portal. Typically, this can take up to two weeks, but there have been cases where it has taken longer. It is also unclear why it has taken so long for a media notice to be issued about the data breach. There could be several possible explanations; for instance, law enforcement may have requested notifications be delayed so as not to jeopardize an investigation, although such a lengthy delay would be highly unusual.

The HIPAA Journal has contacted Premier Health Partners for clarification, but a response was not immediately received. This post will be updated should a response be received or if other information about the data breach comes to light.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist