Middlesex Sheriff’s Office: Central Ozarks Medical Center Discloses Data Breach Affecting Almost 12,000 Patients

Cybersecurity Incidents Impact Healthcare and Law Enforcement Across Three States

Three recent data breaches affecting a Missouri healthcare provider, a Massachusetts law enforcement agency, and a Florida hospital have exposed sensitive personal and medical information of thousands of individuals.

Central Ozarks Medical Center (COMC), Missouri
Central Ozarks Medical Center (COMC), a Federally Qualified Health Center in mid-Missouri, disclosed a cyberattack compromising the data of 11,818 patients. The breach, detected around November 10, 2025, involved unauthorized access to names, dates of birth, Social Security numbers, financial account details, medical treatment records, and health insurance information. While the exact duration of the compromise remains undisclosed, COMC has offered affected individuals 12 months of credit monitoring and identity theft protection and implemented enhanced cybersecurity measures.

Middlesex Sheriff’s Office, Massachusetts
The Middlesex Sheriff’s Office reported a January 2025 breach involving protected health information, investigated with assistance from the FBI, Massachusetts State Police, and cybersecurity firms. A review completed on November 19, 2025, confirmed exposure of names, addresses, dates of birth, diagnoses, and other health data. Though no misuse has been detected, the office has strengthened security protocols. The breach was reported to the HHS’ Office for Civil Rights, initially listing 501 affected individuals a placeholder figure pending final confirmation.

AdventHealth Daytona Beach, Florida
AdventHealth Daytona Beach notified 821 individuals after paperwork containing protected health information was lost during a departmental relocation in late 2025. The incident, discovered on November 25, 2025, involved lab orders for outpatient services provided between September 1–14, 2025. Construction workers discarded the documents containing names, addresses, diagnoses, and insurance details after accessing an unauthorized area. No evidence of misuse has been found.

The incidents highlight ongoing vulnerabilities in healthcare and public sector data security, with organizations responding through remediation efforts and breach notifications.

Source: https://www.hipaajournal.com/central-ozarks-medical-center-data-breach/

Middlesex Sheriff's Office cybersecurity rating report: https://www.rankiteo.com/company/middlesex-sheriffs-office

"id": "MID1770222940",
"linkid": "middlesex-sheriffs-office",
"type": "Breach",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '11818',
                        'industry': 'Healthcare',
                        'location': 'Missouri, USA',
                        'name': 'Central Ozarks Medical Center (COMC)',
                        'type': 'Healthcare Provider'},
                       {'customers_affected': '501',
                        'industry': 'Public Sector',
                        'location': 'Massachusetts, USA',
                        'name': 'Middlesex Sheriff’s Office',
                        'type': 'Law Enforcement Agency'},
                       {'customers_affected': '821',
                        'industry': 'Healthcare',
                        'location': 'Florida, USA',
                        'name': 'AdventHealth Daytona Beach',
                        'type': 'Hospital'}],
 'customer_advisories': ['12 months of credit monitoring and identity theft '
                         'protection'],
 'data_breach': {'number_of_records_exposed': ['11818', '501', '821'],
                 'personally_identifiable_information': 'yes',
                 'sensitivity_of_data': 'high',
                 'type_of_data_compromised': ['names',
                                              'dates of birth',
                                              'Social Security numbers',
                                              'financial account details',
                                              'medical treatment records',
                                              'health insurance information',
                                              'addresses',
                                              'diagnoses']},
 'description': 'Three recent data breaches affecting a Missouri healthcare '
                'provider, a Massachusetts law enforcement agency, and a '
                'Florida hospital have exposed sensitive personal and medical '
                'information of thousands of individuals.',
 'impact': {'data_compromised': 'sensitive personal and medical information',
            'identity_theft_risk': 'high',
            'payment_information_risk': 'high'},
 'regulatory_compliance': {'regulatory_notifications': ['HHS’ Office for Civil '
                                                        'Rights']},
 'response': {'law_enforcement_notified': 'yes',
              'remediation_measures': ['enhanced cybersecurity measures',
                                       'strengthened security protocols'],
              'third_party_assistance': ['FBI',
                                         'Massachusetts State Police',
                                         'cybersecurity firms']},
 'title': 'Cybersecurity Incidents Impact Healthcare and Law Enforcement '
          'Across Three States',
 'type': ['data_breach', 'cyberattack']}

Middlesex Sheriff’s Office: Central Ozarks Medical Center Discloses Data Breach Affecting Almost 12,000 Patients

Booz Allen Hamilton: Sen. Scott Sues Booz Hamilton, IRS Leaker Over Data Breach

Microsoft and Bubble: Bubble AI app builder abused to steal Microsoft account credentials

NHS: March 25: Valdo Calocane Inquiry Exposes NHS Data Breach, Police Gaps