Major Healthcare Data Breaches and Legal Fallout in the United States
Continuum Health Alliance, a health management provider based in New Jersey, agreed to settle a consolidated class action lawsuit following a data breach in October 2023 that compromised the personal information of over 377,000 patients from its client, Consensus Medical Group. The breach involved unauthorized access to sensitive data, including names and Social Security numbers, and led to multiple legal claims consolidated in New Jersey court. The settlement was reached after mediation, with all parties agreeing it was preferable to continued litigation, though the defendants denied liability.
Separately, Denton County MHMR Center in Texas reported a significant data breach affecting nearly 109,000 patients, with unauthorized access occurring in December 2024. The compromised data included a wide range of protected health information, and affected individuals were notified and offered credit monitoring services. Additionally, Conduent, a major medical services provider, disclosed that a 2024 hacking incident impacted nearly 14.8 million Texans, a substantial increase from previous estimates, highlighting the ongoing challenges in accurately assessing the scope of large-scale healthcare data breaches and the risks posed by third-party vendors.
Sources
Related Stories
Major Healthcare Data Breaches and Impacts in 2025
Healthcare organizations experienced a significant number of large-scale data breaches in 2025, with nearly 57 million individuals affected and at least 642 incidents reported to the Department of Health and Human Services (HHS) Office for Civil Rights. While this represents a notable decrease from the previous year, the sector continues to face substantial risks, with several high-profile breaches exposing sensitive patient information. Notable incidents include breaches at major healthcare providers and patient information portals, with some cases resulting in legal settlements and direct financial compensation to affected individuals. Among the most impactful breaches, Consulting Radiologists Ltd. agreed to a $2.2 million settlement after a 2024 breach exposed the personal and medical data of approximately 512,000 people. Additionally, New Zealand's ManageMyHealth platform reported a breach potentially affecting over 108,000 users, highlighting the global nature of healthcare data security challenges. These incidents underscore the ongoing threat to patient privacy and the financial and reputational consequences for healthcare organizations that fail to adequately protect sensitive information.
2 months ago
Healthcare Data Breach Disclosures and Litigation Affecting Hundreds of Thousands of Patients
**Bell Ambulance** reported that a February 2025 network intrusion led to the compromise of protected health information for **237,830 individuals**, after unauthorized activity was detected on **Feb. 13, 2025**. The organization said the exposed data can include **names, dates of birth, Social Security numbers, driver’s license numbers, financial account information, medical information, and health insurance information**; it offered **12–24 months** of credit monitoring/identity protection and stated it was not aware of misuse at the time of notification. The incident response included third-party forensic support, and notifications were issued in phases as the data review progressed, with additional letters sent into March 2026. Separately, **Cornerstone Specialty Hospitals** agreed to pay **$2.35 million** to settle a class action lawsuit tied to a data breach that reportedly affected **nearly 500,000 individuals**. The available reporting focuses on the settlement amount and impacted population size, indicating ongoing legal and financial consequences for large-scale healthcare data exposure even when technical details of the underlying intrusion are not publicly described in the same source.
5 days agoMajor Healthcare and Hospitality Data Breaches Expose Millions of Records
Over 4 million Texans have been affected by a significant data breach at Conduent Business Services, marking one of the largest such incidents in U.S. history. The breach has prompted legal action and investigations, with the potential for compensation for impacted individuals. In a separate incident, Doctor Alliance, a healthcare technology firm serving multiple providers, suffered a cyberattack resulting in the theft of over 1.2 million records. Attackers have threatened to release sensitive medical data, including diagnoses, prescriptions, and insurance information, unless a ransom is paid, raising serious concerns about identity theft and medical fraud. Additionally, The Thayer Hotel in New York experienced a breach in which more than 33,000 individuals had personal information stolen, including government-issued IDs and, in some cases, Social Security numbers. The hotel, located near the West Point Military Academy, has offered affected individuals free identity theft protection. While there is no evidence yet of misuse, the stolen data could be leveraged for phishing, identity theft, or malware attacks, especially given the military-affiliated clientele. These incidents highlight the ongoing risks posed by cyberattacks targeting organizations that handle sensitive personal and medical information.
4 months ago