By HFT Staff

Community Health Network, Inc. (Community) are making individuals aware of a data security incident that may affect the privacy of certain individuals’ information. They are providing notice of the incident so that potentially affected individuals may take steps to protect their information.  

Community recently learned that an unknown person not connected to Community gained unauthorized access to one employee email account between February 25, 2025, and February 26, 2025. Upon detecting the incident, they contained the threat and immediately commenced a prompt and thorough investigation. As part of their investigation, they have been working very closely with external cybersecurity professionals experienced in handling these types of incidents.  

On May 8, 2025, Community’s investigation revealed that a limited amount of protected health information was potentially impacted as a result of the incident. After the completion of this extensive investigation, which included a comprehensive manual document review, they discovered on July 15, 2025 that the impacted email account contained a limited amount of protected health information pertaining to a limited number of Community patients that may have been accessed or acquired by the unauthorized actor. This information included patient names, medical information and health insurance information.  

Community has no evidence that any personal information has been or will be misused as a direct result of this incident. However, out of abundance of caution, commencing on September 12, 2025, Community notified the potentially impacted individuals via U.S. Mail to the extent it had a last known home address. The potentially impacted individuals have been provided with best practices to protect their health information.