Major Healthcare and Hospitality Data Breaches Expose Millions of Records
Over 4 million Texans have been affected by a significant data breach at Conduent Business Services, marking one of the largest such incidents in U.S. history. The breach has prompted legal action and investigations, with the potential for compensation for impacted individuals. In a separate incident, Doctor Alliance, a healthcare technology firm serving multiple providers, suffered a cyberattack resulting in the theft of over 1.2 million records. Attackers have threatened to release sensitive medical data, including diagnoses, prescriptions, and insurance information, unless a ransom is paid, raising serious concerns about identity theft and medical fraud.
Additionally, The Thayer Hotel in New York experienced a breach in which more than 33,000 individuals had personal information stolen, including government-issued IDs and, in some cases, Social Security numbers. The hotel, located near the West Point Military Academy, has offered affected individuals free identity theft protection. While there is no evidence yet of misuse, the stolen data could be leveraged for phishing, identity theft, or malware attacks, especially given the military-affiliated clientele. These incidents highlight the ongoing risks posed by cyberattacks targeting organizations that handle sensitive personal and medical information.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Conduent breach reported to affect 4 million Texans
A Statesman report said Conduent was tied to a major data breach affecting about 4 million Texans, prompting lawsuits and investigations in Texas. Because no earlier date is available in the provided content, the publication date is used for the event.
Doctor Alliance data theft claim alleges over 1.2 million records stolen
SC Media reported allegations that more than 1.2 million records were exfiltrated from Doctor Alliance. The reference does not provide a separate incident or disclosure date, so the publication date is used.
Thayer Hotel discloses breach affecting more than 33,000 people
SC Media reported that Thayer Hotel experienced a data breach impacting over 33,000 individuals. No earlier incident date or additional technical details were provided in the reference, so the publication date is used as the event date.
Sources
3 references tracked. Mallory keeps watching after this page renders.
What is Conduent? 4 million Texans impacted by one of biggest data breaches in US history
statesman.com
Open sourceOver 1.2M records allegedly pilfered from Doctor Alliance
scworld.com
Open sourceOver 33K impacted by Thayer Hotel breach
scworld.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Major Healthcare Data Breaches and Legal Fallout in the United States
Continuum Health Alliance, a health management provider based in New Jersey, agreed to settle a consolidated class action lawsuit following a data breach in October 2023 that compromised the personal information of over 377,000 patients from its client, Consensus Medical Group. The breach involved unauthorized access to sensitive data, including names and Social Security numbers, and led to multiple legal claims consolidated in New Jersey court. The settlement was reached after mediation, with all parties agreeing it was preferable to continued litigation, though the defendants denied liability. Separately, Denton County MHMR Center in Texas reported a significant data breach affecting nearly 109,000 patients, with unauthorized access occurring in December 2024. The compromised data included a wide range of protected health information, and affected individuals were notified and offered credit monitoring services. Additionally, Conduent, a major medical services provider, disclosed that a 2024 hacking incident impacted nearly 14.8 million Texans, a substantial increase from previous estimates, highlighting the ongoing challenges in accurately assessing the scope of large-scale healthcare data breaches and the risks posed by third-party vendors.
Mar 21, 2026
Multiple Healthcare and Retail Data Breaches Impacting US Organizations
Several US organizations have reported significant data breaches affecting thousands of individuals. Pearlman Aesthetic Surgery in New York disclosed a hacking incident compromising the protected health information of nearly 12,000 patients, though specific details remain undisclosed. Methodist Homes of Alabama and Northwest Florida notified residents and employees of a second breach within seven months, involving unauthorized access to an employee email account containing sensitive personal and medical information. Gulshan Management Services, which operates over 150 gas stations and convenience stores, confirmed a breach that exposed the personal data of more than 377,000 people, including Social Security numbers and financial information, with delayed notification to affected individuals. Community First Medical Center in Chicago reached a $1 million preliminary settlement following a 2023 breach that exposed the data of approximately 216,000 patients, with allegations of inadequate cybersecurity measures and delayed response. These incidents have led to regulatory filings, class action lawsuits, and increased scrutiny over the timeliness and adequacy of breach notifications. The breaches highlight ongoing challenges in protecting sensitive data across healthcare and retail sectors, with attackers exploiting both network vulnerabilities and email accounts. Organizations are facing legal and reputational consequences, emphasizing the need for robust cybersecurity practices and prompt communication with affected individuals.
Mar 21, 2026
Multiple Healthcare and Insurance Data Breaches Impacting Millions
Several major organizations in the healthcare and insurance sectors have disclosed significant data breaches affecting millions of individuals. ARC Community Services reported a ransomware attack by the INC Ransom group, resulting in the exfiltration of sensitive patient data, including health and financial information. Aflac confirmed that a June cyberattack led to the theft of files containing insurance claims, health data, and Social Security numbers for over 22 million customers, with no operational disruption but widespread exposure of personal information. The Louisiana Office of Student Financial Assistance (LOSFA) notified students of unauthorized access to its systems, exposing names and Social Security numbers, though certain savings accounts were not affected. Oklahoma Spine Hospital agreed to a $1.1 million settlement following a July breach that compromised the data of nearly 39,000 patients, including medical and financial details. These incidents highlight the ongoing threat posed by cybercriminals targeting sensitive data in the healthcare and insurance industries. Victims in these breaches are being offered credit monitoring and identity protection services, and regulatory notifications have been issued. The attacks have prompted legal action, regulatory scrutiny, and, in some cases, leadership changes within affected organizations. Law enforcement and cybersecurity experts have been engaged to investigate and mitigate the impact of these breaches, which are part of a broader trend of targeted attacks against organizations handling large volumes of personal and health-related information.
Mar 21, 2026