Thomas Davies recently disclosed a data breach involving unauthorized access to its systems, potentially compromising sensitive protected health information (PHI). The incident was formally reported to the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) on September 29, 2025, adhering to regulatory requirements for breaches affecting PHI. While full details remain undisclosed, the breach is confirmed to impact over 14,500 individuals, exposing their medical and personal data. The compromised information may include health records, treatment histories, or personally identifiable information (PII) linked to healthcare services. The company is expected to initiate notifications to affected individuals, though the exact scope of the breach such as whether the data was exfiltrated, misused, or publicly leaked has not been clarified. Given the healthcare sector’s critical nature, the breach poses risks of identity theft, medical fraud, or targeted phishing attacks against patients. The incident underscores vulnerabilities in safeguarding PHI and may trigger regulatory scrutiny, legal repercussions, and reputational damage for Thomas Davies.
Source: https://straussborrelli.com/2025/11/24/thomas-davies-data-breach-investigation/
Davies North America cybersecurity rating report: https://www.rankiteo.com/company/daviesnorthamerica
"id": "DAV2113421112625",
"linkid": "daviesnorthamerica",
"type": "Breach",
"date": "5/2025",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'customers_affected': '14,500+ individuals',
'industry': 'Healthcare',
'name': 'Thomas Davies',
'type': 'Organization'}],
'customer_advisories': 'Pending (notifications to affected individuals '
'planned)',
'data_breach': {'data_exfiltration': 'Possible (accessed)',
'number_of_records_exposed': '14,500+',
'personally_identifiable_information': 'Yes (included in PHI)',
'sensitivity_of_data': 'High (PHI)',
'type_of_data_compromised': 'Protected Health Information '
'(PHI)'},
'date_publicly_disclosed': '2025-09-29',
'description': 'Thomas Davies discovered a data breach where sensitive '
'protected health information (PHI) in its systems may have '
'been accessed. The breach was officially reported to the U.S. '
'Department of Health and Human Services’ Office for Civil '
'Rights on September 29, 2025. The breach likely impacted over '
'14,500 individuals, and notifications to affected individuals '
'are expected to begin soon.',
'impact': {'brand_reputation_impact': 'Potential (notifications pending)',
'data_compromised': ['Protected Health Information (PHI)'],
'identity_theft_risk': 'Likely (PHI exposed)'},
'investigation_status': 'Ongoing (limited details available)',
'references': [{'source': 'U.S. Department of Health and Human Services’ '
'Office for Civil Rights'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA (likely, due to PHI '
'exposure)'],
'regulatory_notifications': ['Filed with U.S. '
'Department of Health '
'and Human Services’ '
'Office for Civil '
'Rights (2025-09-29)']},
'response': {'communication_strategy': 'Planned notifications to affected '
'individuals'},
'title': 'Thomas Davies Data Breach Involving Protected Health Information',
'type': 'Data Breach'}