CommuniCare Data Breach Exposes Sensitive Health and Personal Information
CommuniCare, a healthcare provider, disclosed a data breach in which unauthorized access to an employee email account may have compromised sensitive personal and health-related information. The incident was first detected on September 16, 2025, when suspicious activity prompted an internal investigation.
The investigation confirmed that an unauthorized third party accessed emails containing protected data. After a months-long review, CommuniCare determined on February 19, 2026, that the breach potentially exposed a range of personal and medical details, including:
- Personal identifiers: Names, dates of birth
- Health insurance data: Member numbers, account numbers, group numbers
- Medical records: Diagnoses, treatment details, prescriptions, provider locations, and patient account numbers
CommuniCare publicly acknowledged the breach on March 6, 2026, via a notice on its website. Affected individuals are being notified of the specific data involved and offered complimentary credit monitoring services. The breach highlights ongoing risks to healthcare data security, particularly through phishing or compromised employee accounts.
Source: https://straussborrelli.com/2026/03/10/communicare-data-breach-investigation-2/
CommuniCare Health Services cybersecurity rating report: https://www.rankiteo.com/company/communicare-health-services
"id": "COM1773182256",
"linkid": "communicare-health-services",
"type": "Breach",
"date": "9/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Affected individuals',
'industry': 'Healthcare',
'name': 'CommuniCare',
'type': 'Healthcare Provider'}],
'attack_vector': 'Compromised Employee Email Account',
'customer_advisories': 'Affected individuals notified of specific data '
'involved and offered complimentary credit monitoring '
'services',
'data_breach': {'personally_identifiable_information': ['Names',
'Dates of birth',
'Member numbers',
'Account numbers',
'Group numbers',
'Diagnoses',
'Treatment details',
'Prescriptions',
'Provider locations',
'Patient account '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal identifiers',
'Health insurance data',
'Medical records']},
'date_detected': '2025-09-16',
'date_publicly_disclosed': '2026-03-06',
'description': 'CommuniCare, a healthcare provider, disclosed a data breach '
'in which unauthorized access to an employee email account may '
'have compromised sensitive personal and health-related '
'information. The incident was first detected on September 16, '
'2025, when suspicious activity prompted an internal '
'investigation. The investigation confirmed that an '
'unauthorized third party accessed emails containing protected '
'data. After a months-long review, CommuniCare determined on '
'February 19, 2026, that the breach potentially exposed a '
'range of personal and medical details.',
'impact': {'brand_reputation_impact': 'Ongoing risks to healthcare data '
'security highlighted',
'data_compromised': 'Sensitive personal and health-related '
'information',
'identity_theft_risk': 'High',
'systems_affected': 'Employee email account'},
'investigation_status': 'Completed',
'post_incident_analysis': {'root_causes': 'Phishing or compromised employee '
'account'},
'references': [{'source': 'CommuniCare Website'}],
'response': {'communication_strategy': 'Public notice on website, individual '
'notifications, complimentary credit '
'monitoring services'},
'title': 'CommuniCare Data Breach Exposes Sensitive Health and Personal '
'Information',
'type': 'Data Breach',
'vulnerability_exploited': 'Phishing or Credential Compromise'}