MediCopy Data Breach Exposes Sensitive Patient Information in 2026 Incident
In February 2026, MediCopy a health information management company specializing in secure data release for healthcare providers reported a data breach affecting patients of Deaconess Health System. The incident, disclosed to Deaconess on February 2, 2026, involved an unauthorized actor accessing MediCopy’s cloud-based file-sharing platform and downloading files on January 13, 2026.
The breach did not compromise Deaconess’s internal IT or electronic medical record systems but exposed sensitive data for patients whose records were processed by MediCopy. Affected individuals were limited to those treated at Deaconess Henderson Hospital, Deaconess Union County Hospital, and associated clinics, specifically those whose records were part of a release-of-information request.
Exposed data included:
- Names
- Social Security numbers
- Dates of birth
- Medical record numbers
- Dates of service
- Health insurance identification numbers
- Medical records
MediCopy, acquired by MRO Corp. in 2022, operates as a division of the company, focusing on compliant workflows for handling protected health information. The law firm Shamis & Gentile P.A. is investigating the breach, noting that affected individuals may be eligible for compensation under data protection laws. The incident underscores ongoing risks in third-party health data management.
Source: https://www.claimdepot.com/investigations/medicopy-data-breach-2026
Deaconess Health System cybersecurity rating report: https://www.rankiteo.com/company/deaconess-health-system
MediCopy, an MRO company cybersecurity rating report: https://www.rankiteo.com/company/medi-copy-services-inc
"id": "DEAMED1773945852",
"linkid": "deaconess-health-system, medi-copy-services-inc",
"type": "Breach",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Patients of Deaconess Health '
'System',
'industry': 'Healthcare',
'name': 'MediCopy (MRO Corp.)',
'type': 'Health Information Management Company'},
{'customers_affected': 'Patients treated at Deaconess '
'Henderson Hospital, Deaconess '
'Union County Hospital, and '
'associated clinics',
'industry': 'Healthcare',
'location': 'Henderson, Union County, and associated '
'clinics',
'name': 'Deaconess Health System',
'type': 'Healthcare Provider'}],
'attack_vector': 'Unauthorized access to cloud-based file-sharing platform',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (Protected Health Information)',
'type_of_data_compromised': ['Names',
'Social Security numbers',
'Dates of birth',
'Medical record numbers',
'Dates of service',
'Health insurance identification '
'numbers',
'Medical records']},
'date_detected': '2026-01-13',
'date_publicly_disclosed': '2026-02-02',
'description': 'In February 2026, MediCopy, a health information management '
'company specializing in secure data release for healthcare '
'providers, reported a data breach affecting patients of '
'Deaconess Health System. The incident involved an '
'unauthorized actor accessing MediCopy’s cloud-based '
'file-sharing platform and downloading files, exposing '
'sensitive patient data.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to '
'MediCopy and Deaconess Health System',
'data_compromised': 'Sensitive patient information',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential legal actions under data '
'protection laws',
'systems_affected': 'MediCopy’s cloud-based file-sharing platform'},
'initial_access_broker': {'entry_point': 'Cloud-based file-sharing platform'},
'investigation_status': 'Ongoing (investigated by Shamis & Gentile P.A.)',
'references': [{'source': 'Incident disclosure by MediCopy'}],
'regulatory_compliance': {'legal_actions': 'Potential legal actions by Shamis '
'& Gentile P.A.',
'regulations_violated': ['Data protection laws '
'(unspecified)']},
'response': {'third_party_assistance': 'Shamis & Gentile P.A. (law firm '
'investigating the breach)'},
'threat_actor': 'Unauthorized actor',
'title': 'MediCopy Data Breach Exposes Sensitive Patient Information',
'type': 'Data Breach'}