Pierluigi Paganini January 31, 2025

Community Health Center (CHC) data breach impacted over 1 million patients in Connecticut, the healthcare provider started notifying them.

Community Health Center (CHC) is a leading healthcare provider based in Connecticut, offering primary care, dental, behavioral health, and specialty services. It serves a diverse patient population, focusing on accessible and affordable healthcare, particularly for underserved communities.

The healthcare provider is notifying over 1 million patients of a data breach that exposed their personal and medical data.

According to the data breach notification shared with Maine’s attorney general, threat actors gained access to the CHC network in mid-October 2024, but the organization discovered the security breach only on January 2, 2025. The company that a skilled cybercriminal was behind the attack.

“On January 2, 2025, we noticed unusual activity in our computer systems. That same day, we brought in experts to investigate and reinforce the security of our systems. They found that a skilled criminal hacker got into our system and took some data, which might include your personal information.” reads the data breach notification sent to the impacted individuals. “Fortunately, the criminal hacker did not delete or lock any of our data, and the criminal’s activity did not affect our daily operations. We believe we stopped the criminal hacker’s access within hours, and that there is no current threat to our systems.”

CHC pointed out that threat actors did not delete or encrypt patients’ information.

The exposed data may include patient name, birth date, contact info, diagnoses, treatments, test results, Social Security number, and health insurance details. The compromised data varies for each individual.

The company responded to the incident by enhancing security measures and implementing monitoring software to detect suspicious activity. They assured customers that there is no evidence of data misuse. To further protect affected individuals, the company is offering free identity theft protection through IDX, including 24 months of credit and cyber monitoring, a $1,000,000 insurance reimbursement policy, and identity recovery assistance.

Recently, UnitedHealth revealed that the Change Healthcare data breach is worse than initially estimated, the incident has impacted 190 million people.

According to the Associated Press, UnitedHealth booked $1.1 billion in total costs from the cyberattack in the second quarter.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CHC)