Healthcare Sector Data Breaches Involving Unauthorized Email and System Access
Wilbarger General Hospital in Texas and Excellent Home Care Services in New York both reported data breaches involving unauthorized access to employee email accounts. In both cases, investigations revealed that sensitive patient information, including protected health information and, in some cases, Social Security numbers and medical details, may have been accessed or copied by unauthorized parties. Both organizations have notified affected individuals and are offering guidance or identity monitoring services, though the total number of impacted patients has not yet been disclosed.
Separately, the Louisiana Office of Student Financial Assistance (LOSFA) notified students of a data security incident involving unauthorized access to certain systems and the removal of files containing names and Social Security numbers. The incident did not affect the START Saving Program or 529 accounts. LOSFA is continuing its investigation and has issued public statements to inform those potentially affected.
Timeline
Dec 23, 2025
Wilbarger and Ochsner LSU Health publicly announce data breaches
Wilbarger General Hospital and Ochsner LSU Health – Regional Urology publicly disclosed their respective breaches. Ochsner said it was offering credit monitoring to affected individuals, while Wilbarger said no evidence of misuse had been identified at that time.
Dec 22, 2025
Excellent Home Care Services notifies affected individuals
Following its investigation, Excellent Home Care Services notified affected individuals across several New York counties and offered identity monitoring services. The breach involved protected health information and required patient notification, but it was not yet listed on the HHS OCR breach portal at the time of reporting.
Nov 25, 2025
Excellent Home Care Services detects employee email breach
Excellent Home Care Services in New York discovered unauthorized access to an employee's email account on 2025-11-25. Potentially exposed data included patient names, contact details, Social Security numbers, and medical information, though the total number affected was not yet public.
Oct 20, 2025
Wilbarger General Hospital detects suspicious email account activity
Wilbarger General Hospital in Vernon, Texas detected suspicious activity in an employee email account on 2025-10-20. The hospital later confirmed protected health information was present in the compromised account, though the full scope and number of affected individuals remained under review.
Oct 10, 2025
Ochsner LSU Health discovers access to retired urology systems
Ochsner LSU Health System – Regional Urology identified unauthorized access to retired systems on 2025-10-10. The incident ultimately affected up to 4,519 patients, and accessed data included names, Social Security numbers, and medical histories.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
Healthcare Data Breaches and Patient Data Exposure Reports
Multiple organizations reported or were alleged to have suffered **data breaches involving sensitive personal and health information**. Telehealth provider **Call-On-Doc** was allegedly breached in early December, with a hacking-forum listing claiming exfiltration of **1,144,223 patient records** including contact details and highly sensitive visit metadata (e.g., *medical category/condition*, including STD-related entries), though the company had not publicly commented at the time of reporting. Separately, **Laurel Health Centers** (a Federally Qualified Health Center network in Northern Pennsylvania) reported **unauthorized access to its email environment** from July 11–25, 2025; emails and attachments may have been viewed or copied, potentially exposing a wide range of PHI/PII (including SSNs, insurance/Medicare data, diagnostic/treatment information, and some financial data). Laurel stated it took time to confirm the threat actor was fully removed, completed mailbox review by Dec. 30, 2025, and then began notifying affected individuals and offering credit monitoring. Outside healthcare delivery, the **Civil Service Employees Association (CSEA)** labor union reported a May intrusion (May 3–31) resulting in theft of data for **47,000+ members**, including names and **Social Security numbers**, and said it took systems offline, reset passwords, and implemented additional security controls; it reported no evidence of misuse but advised vigilance for identity theft. A separate HIPAA Journal item summarized academic research on **insider risk**—finding many students would hypothetically sell patient data for money—which is not tied to a specific breach incident but underscores the broader threat environment for healthcare data.
1 months ago
Multiple Healthcare and Insurance Data Breaches Impacting Millions
Several major organizations in the healthcare and insurance sectors have disclosed significant data breaches affecting millions of individuals. ARC Community Services reported a ransomware attack by the INC Ransom group, resulting in the exfiltration of sensitive patient data, including health and financial information. Aflac confirmed that a June cyberattack led to the theft of files containing insurance claims, health data, and Social Security numbers for over 22 million customers, with no operational disruption but widespread exposure of personal information. The Louisiana Office of Student Financial Assistance (LOSFA) notified students of unauthorized access to its systems, exposing names and Social Security numbers, though certain savings accounts were not affected. Oklahoma Spine Hospital agreed to a $1.1 million settlement following a July breach that compromised the data of nearly 39,000 patients, including medical and financial details. These incidents highlight the ongoing threat posed by cybercriminals targeting sensitive data in the healthcare and insurance industries. Victims in these breaches are being offered credit monitoring and identity protection services, and regulatory notifications have been issued. The attacks have prompted legal action, regulatory scrutiny, and, in some cases, leadership changes within affected organizations. Law enforcement and cybersecurity experts have been engaged to investigate and mitigate the impact of these breaches, which are part of a broader trend of targeted attacks against organizations handling large volumes of personal and health-related information.
1 months ago
Healthcare Data Breach Disclosures Involving Unauthorized Access to Patient Information
Multiple healthcare organizations disclosed **data security incidents** involving potential exposure of patient and personal information. Jackson Hospital and Clinic (Montgomery, Alabama) notified **14,485** individuals about a breach at its former debt-collection vendor **Nationwide Recovery Services**, where suspicious activity was identified in July 2024 and an unauthorized party accessed the vendor’s network between **July 5–15, 2024**. Jackson Hospital stated its own IT systems were not affected, but data shared for collections work may have been compromised, including **names, contact details, dates of birth, Social Security numbers, account/insurance information, and dates of service**; affected individuals were offered credit monitoring and identity theft protection. Separately, **Community Health Action of Staten Island** reported a data security incident that may have involved unauthorized access to sensitive personal and medical information, and **Insight Hospital and Medical Center** (Chicago) reported a cyber incident involving unauthorized access to its network between **Aug. 22 and Sept. 11, 2025**, with potential exposure of patient and financial data. The disclosures underscore ongoing third-party and direct-network intrusion risks in the healthcare sector, with notification timing and scope varying by organization and investigation status.
1 months ago