Artisans’ Bank and Harvard Pilgrim disclose breaches exposing personal data
Artisans’ Bank disclosed a data security incident after detecting suspicious activity in an employee email account on March 20, 2024 and determining that an unauthorized actor had access to a limited number of employee mailboxes between January 24 and March 20, 2024. The bank said the exposed information varied by individual and may have included names and other personal data found in affected emails and files; by May 30, 2024, it concluded that some individuals’ information was potentially accessed or acquired. Artisans’ Bank said it secured its email tenant, reviewed relevant content to identify affected people, and offered 24 months of complimentary Experian IdentityWorks credit monitoring and identity restoration services, while stating it had no indication of identity theft or fraud tied to the incident at the time of notice.
Harvard Pilgrim Health Care separately disclosed a ransomware-related breach affecting systems used to service members, accounts, brokers, and providers after discovering the incident on April 17, 2023. The insurer said an unauthorized party copied data from its systems between March 28 and April 17, 2023, and later determined by August 18, 2024 that the affected files may have contained personal information and protected health information. Harvard Pilgrim said it took systems offline, notified law enforcement and regulators, engaged third-party cybersecurity experts, implemented additional safeguards, and offered two years of IDX credit monitoring and identity protection services; it also said it was not aware of misuse of the impacted information when the notice was issued.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Harvard Pilgrim identifies personal and health data in affected files
By August 18, 2024, Harvard Pilgrim determined that the affected files may have contained individuals’ personal information and protected health information. The company said it was not aware of misuse at the time of notice and offered two years of IDX credit monitoring and identity protection services.
Artisans’ Bank confirms potentially accessed personal data
On May 30, 2024, Artisans’ Bank determined that affected individuals’ names and other personal data elements were potentially accessed and/or acquired in the email account incident. The bank prepared notifications and offered 24 months of complimentary Experian IdentityWorks services.
Artisans’ Bank detects suspicious activity in employee email account
On March 20, 2024, Artisans’ Bank discovered suspicious activity related to an employee email account and began investigating. The bank later secured its email tenant and reviewed relevant emails and files to identify impacted individuals.
Artisans’ Bank email accounts accessed by unauthorized actor
Artisans’ Bank determined that an unknown unauthorized actor had access to a limited number of employee email accounts between January 24, 2024 and March 20, 2024. Information in the affected accounts varied by individual and could include personal information.
Harvard Pilgrim discovers ransomware-related cybersecurity incident
On April 17, 2023, Harvard Pilgrim discovered a ransomware-related incident affecting its systems. The organization took systems offline and notified law enforcement, regulators, and third-party cybersecurity experts.
Harvard Pilgrim data was copied during ransomware intrusion
Harvard Pilgrim Health Care said an unauthorized party copied and took data from its systems between March 28, 2023 and April 17, 2023. The affected systems were used to service members, accounts, brokers, and providers.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Delayed patient notifications following healthcare data breaches at providers and vendors
Multiple healthcare organizations and vendors reported **delayed patient notifications** after discovering unauthorized access to protected health information (PHI), in some cases more than a year after the underlying compromise. In Colorado, **Alpine Ear, Nose, and Throat (Alpine ENT)** notified **65,648** individuals that an attacker accessed and exfiltrated files containing PHI in an incident identified on **Nov. 19, 2024**; the **BianLian** ransomware group later claimed responsibility and posted the organization to its leak site. Exposed data was described as highly sensitive, including medical information and, for some individuals, **financial account data and payment card details** (including CVC/expiration) and **Social Security numbers**; Alpine ENT reported no confirmed identity theft at the time of notification and offered credit monitoring. Separately, **Bayada Home Health Care** disclosed exposure risk tied to a **third-party vendor (Doctor Alliance)** after Doctor Alliance reported unauthorized network access during **Oct.–Nov. 2025**, potentially affecting Home Health Certification and Plan of Care forms containing patient identifiers and clinical/insurance details (and **SSNs for a subset**). Bayada said it discontinued using Doctor Alliance and reported the matter to regulators. In another vendor-related incident, **TriZetto Provider Solutions (Cognizant)**—an insurance verification provider—suffered a cyberattack impacting PHI across multiple states; Oregon providers began notifying additional patients after the breach was reported as occurring in **Nov. 2024** but not discovered until **Oct. 2, 2025**, with no financial data reportedly compromised and no evidence of misuse so far; the incident has prompted **class-action lawsuits**, engagement of **Mandiant**, and law enforcement notification.
Mar 21, 2026
Healthcare Provider Data Breaches and Ransomware-Linked Patient Data Exposure
Multiple U.S. healthcare organizations reported **unauthorized network access and patient data exposure**, with several incidents involving confirmed **data exfiltration** and follow-on notification/credit-monitoring actions. **QualDerm Partners** disclosed unauthorized access between **Dec. 23–24, 2025** with files exfiltrated and notifications being sent on a rolling basis, while **Carolina Foot & Ankle Associates** reported a **Dec. 2025** intrusion detected after a network disruption and confirmed exfiltration of files containing PHI (e.g., demographics, MRNs, insurance data, and treatment/billing codes). Additional breach disclosures included **Cedar Point Health** (intrusion detected around **June 16, 2025**, with a months-long data review concluding in late Jan. 2026 and impacted data potentially including SSNs/ITINs and government IDs) alongside separate notifications from **Wee Care Pediatrics** and **Easterseals Northeast Indiana**. Legal and regulatory consequences continued to surface from earlier healthcare incidents. **Asheville Eye Associates** agreed to settle consolidated class-action litigation tied to a **Nov. 2024** attack claimed by **DragonForce ransomware**, which allegedly exfiltrated **~540 GB** before encrypting systems and later leaked data when ransom was not paid; the breach was reported to HHS OCR as affecting **204,984** individuals. Sector-wide reporting also indicated **46** large healthcare breaches logged for **Jan. 2026** on the HHS OCR portal (500+ individuals), exposing **~1.44 million** individuals’ PHI, amid discussion that late-2025 reporting backlogs may have influenced recent month-to-month trends.
Mar 21, 2026
Healthcare Data Breach and Ransomware Incident Roundup
Several healthcare-related organizations disclosed **separate data breach incidents** involving ransomware, unauthorized network access, and third-party compromise. CommonSpirit Health said patient data was exposed through a downstream vendor chain after **Pinnacle Holdings Ltd** suffered a ransomware attack, with attackers present in the network from November 11 to November 25, 2024, and exfiltrating files before the incident was later relayed through **NorthGauge Healthcare Advisors**. Meadowlark Hills and MedPeds also disclosed breaches tied to the **Beast ransomware** group, while Tieu Dental reported unauthorized access to its network in July 2025 that exposed patient information including Social Security numbers, medical and insurance data. These incidents led to regulatory notifications and offers of credit monitoring or identity theft protection for affected individuals. A separate legal development involved **Geisinger Health** and **Nuance Communications**, where a judge approved a **$5 million settlement** over claims tied to a former Nuance employee's theft of medical records affecting about 1.3 million patients. That matter differs from the ransomware and breach notifications because it concerns civil litigation over an earlier insider data theft rather than a newly disclosed intrusion. Overall, the reporting reflects ongoing exposure of protected health information across the healthcare sector through both direct attacks and third-party relationships, with delayed notification timelines and incomplete early visibility into the full scope of compromised data remaining recurring issues.
Apr 17, 2026