Happy New Year 2025

Tag: sensitive

Huge healthcare data breach exposes over 1 million Americans’ sensitive information

The healthcare industry has recently been a major target for hackers. You might remember the 2024 Ascension attack, which led to significant disruptions.

The Change Healthcare breach was also on a massive scale. UnitedHealth initially claimed that 100 million Americans were affected, but later raised that number to 190 million.

There have been countless other incidents, and now you can add another to the list. Community Health Center, Inc. (CHC), a Connecticut-based federally qualified health center, has disclosed a data breach following a criminal cyberattack on its systems.

The attack has affected over a million people in the U.S.

GET SECURITY ALERTS, EXPERT TIPS — SIGN UP FOR KURT’S NEWSLETTER — THE CYBERGUY REPORT HERE

A healthcare professional working on her laptop. (Kurt “CyberGuy” Knutsson)

What You Need to Know

Community Health Center, Inc. (CHC) detected a data breach on Jan. 2 after identifying unusual activity within its computer systems. An investigation confirmed that a skilled hacker had accessed and extracted data but did not delete or lock any information. If CHC’s claims are accurate, this is a positive outcome, as hackers often deploy ransomware, a type of attack in which they lock systems and demand payment before restoring access.

In a regulatory filing with the Maine Attorney General’s Office, CHC said that 1,060,936 people were affected by the data breach. The type of information compromised varies depending on an individual’s relationship with CHC. Patient data that may have been accessed includes names, dates of birth, addresses, phone numbers, email addresses, diagnoses, treatment details, test results, Social Security numbers and health insurance information.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

For individuals who are not regular CHC patients but received COVID-19 services at a CHC clinic, the breached data may include names, dates of birth, phone numbers, email addresses, addresses, gender, race, ethnicity and insurance details if provided. Additional information, such as test dates, results and vaccine details, including type, dose and administration date, may also have been affected. In rare cases, Social Security numbers were also included in the breach.

The organization did not disclose how the hackers gained access to the data or whether proper cybersecurity measures were in place at the time of the breach. While CHC has assured that its systems are no longer at risk, the same cannot be said for its patients, who may now be targets of various cyberattacks.

A healthcare worker looking at information on his phone. (Kurt “CyberGuy” Knutsson)

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

CHC’s response

CHC said the hacker’s access was terminated within hours, and daily operations were not disrupted. To strengthen cybersecurity, CHC claims it has implemented advanced monitoring software and reinforced system protections. The organization said there is no evidence at this time that the compromised data has been misused.

The health center is offering free identity theft protection services for all patients and COVID-19 service recipients whose Social Security numbers were involved in the breach. The organization is also encouraging individuals whose Social Security numbers were not affected to take additional steps to protect their information.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

Illustration of a hacker at work. (Kurt “CyberGuy” Knutsson)

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

6 ways to protect yourself from Change Healthcare data breach

1. Remove your personal information from the internet: The breach has exposed sensitive personal data, making it essential to reduce your online footprint. While no service can guarantee complete data removal, a reputable data removal service can significantly limit your exposure. These services systematically monitor and erase your personal information from numerous websites and data brokers. Check out my top picks for data removal services here.

2. Be wary of mailbox communications: With addresses among the compromised data, scammers may exploit this breach to send fraudulent letters. Be aware of mail claiming missed deliveries, account suspensions or security alerts. Always verify the authenticity of such communications before responding or taking action.

3. Be cautious of phishing attempts and use strong antivirus software: Scammers may use your compromised email or phone number to target you with phishing attacks. Be wary of messages asking for personal information or containing suspicious links. To protect yourself, ensure strong antivirus software is installed on all your devices. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

4. Monitor your accounts: Given the scope of this breach, regular monitoring of your bank accounts, credit card statements and other financial accounts is critical. Look for unauthorized transactions or suspicious activity, and report any issues immediately to your bank or credit card provider.

5. Recognize and report a Social Security scam: If your Social Security number is exposed, you could become a target for related scams. Official communication regarding Social Security issues usually comes via mail, not phone calls or emails. Learn more about spotting and reporting scams by visiting the Social Security Administration’s scam information page.

6. Invest in identity theft protection: Data breaches happen every day, and most never make the headlines, but with an identity theft protection service, you’ll be notified if and when you are affected. An identity theft protection service can monitor personal information like your Social Security number (SSN), phone number and email address and alert you if it is being sold on the dark web or being used to open an account. It can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

One of the best parts of using an identity theft protection service is that it might include identity theft insurance of up to $1 million to cover losses and legal fees and a white glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

Kurt’s key takeaway

The CHC breach may not be as large as the UnitedHealth attack, but with over a million individuals affected, it’s still a serious incident. Cybercriminals can exploit stolen data in various ways, from identity theft to targeted phishing scams. While CHC has taken steps to secure its systems, those impacted should remain vigilant. Be wary of unexpected emails, calls or messages requesting personal information, and consider monitoring financial and medical accounts for any suspicious activity.

CLICK HERE TO GET THE FOX NEWS APP

Do you think these companies are doing enough to protect your data, and is the government doing enough to catch those behind cyberattacks? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels for the latest tech tips and tricks:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

February 8, 2025
Democratic AGs from 19 states sue Trump admin over DOGE access to sensitive, personal data at Treasury

Democratic attorneys general from 19 states have filed a federal lawsuit against the Trump administration over the Department of Government Efficiency’s (DOGE) access to sensitive, personal data belonging to Americans at the Treasury Department.

The lawsuit claims the Elon Musk-run agency illegally accessed the Treasury Department’s central payment system at the Trump administration’s behest.

On Thursday, the Treasury agreed to limit the Musk team’s access to its payment systems while a judge hears arguments in a previous lawsuit filed by a group of employee unions and retirees.

The lawsuit, filed Monday, claimed Musk’s team violated the law by being given “full access” to the Treasury’s payment systems.

FEDERAL JUDGE ORDERS LIMITED DOGE ACCESS TO SENSITIVE TREASURY DEPARTMENT PAYMENT SYSTEM RECORDS

Democratic attorneys general from 19 states have filed a federal lawsuit against the Trump administration over the Department of Government Efficiency’s access to sensitive, personal data belonging to Americans at the Treasury Department. (Anna Moneymaker/Getty Images)

The payment systems have information about Americans’ Social Security, Medicare and veterans’ benefits, tax refund information and much more.

U.S. Treasury Secretary Scott Bessent told FOX Business Wednesday the concerns are not valid.

“DOGE is not going to fail,” he said. “They are moving a lot of people’s cheese here in the capital, and when you hear this squawking, then some status quo interest is not happy.

“At the Treasury, our payment system is not being touched. We process 1.3 billion payments a year. There is a study being done — can we have more accountability, more accuracy, more traceability that the money is going where it is? But, in terms of payments being stopped, that is happening upstream at the department level.”

ELON MUSK DUNKS ON SEN. CHUCK SCHUMER, DECLARING ‘HYSTERICAL REACTIONS’ DEMONSTRATE DOGE’S IMPORTANCE

DOGE was launched to root out wasteful spending in the government, and it has already come close to closing the U.S. Agency for International Development (USAID).

The lawsuit claims the Elon Musk-run agency illegally accessed the Treasury Department’s central payment system at the Trump administration’s behest. (AP Photo/Patrick Semansky)

The lawsuit was filed in New York by the office of New York Attorney General Letitia James, a vocal Trump critic.

It includes attorneys general from Arizona, California, Colorado, Connecticut, Delaware, Hawaii, Illinois, Maine, Maryland, Massachusetts, Minnesota, Nevada, New Jersey, North Carolina, Oregon, Rhode Island, Vermont and Wisconsin.

“President Trump does not have the power to give away Americans’ private information to anyone he chooses, and he cannot cut federal payments approved by Congress,” James said in a statement. “Musk and DOGE have no authority to access Americans’ private information and some of our country’s most sensitive data.”

The lawsuit by the attorneys general was filed in New York by the office of New York Attorney General Letitia James, a vocal Trump critic. (Michael M. Santiago/Getty Images)

CLICK HERE TO GET THE FOX NEWS APP

Treasury officials on Wednesday denied violating privacy laws, saying only two members of the DOGE team had been given “read-only” access to information in the payment systems.

The Associated Press and Reuters contributed to this report.

February 8, 2025
Federal judge orders limited DOGE access to sensitive Treasury Department payment system records

A federal judge on Friday temporarily blocked the Department of Government Efficiency (DOGE) from obtaining access to certain Treasury Department payment records.

Treasury officials “will not provide access to any payment record or payment system of records maintained within the [Treasury] Bureau of Fiscal Service,” Judge Colleen Kollar-Kotelly wrote in a temporary restraining order.

Elon Musk, the chair of DOGE, has been leading an investigation into USAID’s spending practices as the agency comes to a standstill. (Getty Images)

This is a developing story. Please check back for updates.

Greg Norman is a reporter at Fox News Digital.

February 6, 2025