One million patients of US non-profit healthcare provider Community Health Center (CHS) have had sensitive data exposed as a result of a cyberattack.
According to a document filed with Maine’s attorney general, CHC detected unusual activity on January 2, 2025, which it later identified as the work of a “skilled criminal hacker.”
It explains that the hacker stole the data, which “might include personal information.”
CHC further clarified that the hacker did not delete the data or lock any of its systems, nor did it affect daily operations.
“We believe we stopped the criminal hacker’s access within hours and that there is no current threat to our system.”
Personal information that may have been accessed includes names, dates of birth, addresses, and contact details, as well as diagnoses, treatment details, test results, and health insurance information.
The healthcare firm said it has strengthened security and added monitoring software to keep track of suspicious activity.
It also added that there’s no sign that the information has been misused and offered patients free identity theft protection, including a $1 million insurance reimbursement policy.
The news comes days after health conglomerate UnitedHealth Group revealed that its tech unit suffered a cyberattack last year that affected the personal information of 190 million people.
The cyberattack was disclosed in February 2024 and was perpetrated by the “Blackcat” ransomware group.
Similarly, health insurance member IDs, diagnoses, treatment information, and social security numbers are believed to have been exposed.
