Beacon Health Three Rivers
December 2, 2024
•[ unauthorized access, third-party breach ]
Vendor Cps Solutions reported unauthorized email access Dec 24; hospital notified patients.
Humboldt Independent Practice Association (IPA)
June 26, 2024
•[ data leak, healthcare, unauthorized access ]
Between June 26 and July 1 2024, an unauthorized actor accessed a Humboldt Independent Practice Association email account containing protected health information. Exposed data may include patient names, contact details, birth dates, diagnoses, insurance, and identification numbers. No evidence of encryption or confirmed data exfiltration has been reported. The breach was disclosed to HHS in November 2024 and publicly announced on February 15 2025.
Maryhaven, Inc.
May 30, 2024
•[ data leak, healthcare, unauthorized access ]
Maryhaven, a behavioral health and addiction treatment provider in Ohio, detected unauthorized access to its systems on June 1 2024. An unknown actor accessed and exfiltrated patient and employee PHI/PII data (~7,000 records). No encryption or operational disruption occurred. Disclosure issued April 11 2025 through Cyberscout/TransUnion.
Gastroenterology Associates Of Central Florida
April 11, 2024
•[ data leak, unauthorized access ]
Orlando practice disclosed network intrusion exposing patient data including identifiers and health information.
Okanagan-Skaha school district
February 13, 2024
•[ unauthorized access, cyberattack, service disruption ]
On 13 February 2024 Okanagan Skaha School District detected unusual activity in its information systems, confirmed that an unauthorized third party had accessed school district technology systems and proactively took network services offline. The incident knocked out phones and email across School District 67 and also affected the Penticton Seniors Drop-In Centre that shared the network, though teaching continued in person and the
St. Joseph’s College Of Maine
January 24, 2024
•[ data leak, unauthorized access ]
College confirmed unauthorized network access in 20232024; notices sent March 2025.
Legacy Professionals LLP
January 4, 2024
•[ data leak, unauthorized access ]
Legacy Professionals LLP, an Illinois-based accounting and audit firm, reported that sensitive personal information in its custody may have been accessed and acquired following suspicious activity detected on its computer network in late April 2024. The firm investigated and determined an unauthorized third party may have viewed and obtained certain information. Legacy then reviewed the affected data to identify impacted individuals, completing its review on 01/06/2025, and began mailing breach notification letters on 02/27/2025. Information potentially exposed was described as varying by individual and included names, Social Security numbers, and financial account numbers. Public filings referenced in reporting suggested Legacy provided affected individuals with credit monitoring services. Specific technical details such as the attack vector, the duration of unauthorized access, and whether data was exfiltrated beyond the identified categories were not publicly disclosed.
