Three Healthcare Providers Report Data Breaches Impacting Patient Information
Three U.S. healthcare organizations the Center for Advanced Eye Care, Southwest C.A.R.E Center, and Evergreen Healthcare Group have disclosed cybersecurity incidents involving unauthorized access to patient data.
Center for Advanced Eye Care (Pennsylvania/Delaware)
On December 16, 2025, the Center for Advanced Eye Care detected suspicious activity in its legacy systems. A forensic investigation confirmed that an unauthorized third party accessed and exfiltrated protected health information (PHI). While the exact data types remain undisclosed, affected individuals have been offered credit monitoring and identity theft protection services after a hacker claimed to be selling the stolen data. The breach has not yet been listed on the HHS’ Office for Civil Rights (OCR) breach portal, leaving the total number of impacted patients unknown.
Southwest C.A.R.E Center (New Mexico)
Southwest C.A.R.E Center, a New Mexico-based nonprofit, reported a cybersecurity incident detected on June 3, 2025. A forensic investigation revealed that patient data including names, personal information, and PHI was exposed and potentially stolen. Though no misuse has been confirmed, the Medusa ransomware group claimed responsibility, alleging the theft of 143 GB of data. The organization has strengthened its security measures and provided 12 months of credit monitoring to affected individuals. The breach is not yet reflected in the OCR portal.
Evergreen Healthcare Group (Washington)
Evergreen Healthcare Group, operating as Couve Healthcare Consulting, identified unauthorized activity in its cloud-based healthcare platform on December 3, 2025. A forensic review completed on February 24, 2026, confirmed that names, dates of birth, Social Security numbers, and medical information were accessed or exfiltrated. The platform has since been secured, and additional safeguards have been implemented. Affected individuals have been offered credit monitoring and identity theft restoration services. The breach remains unlisted on the OCR portal.
All three incidents highlight ongoing cybersecurity risks in the healthcare sector, with investigations still determining the full scope of exposure.
Southwestern Eye Center cybersecurity rating report: https://www.rankiteo.com/company/southwestern-eye-center
EvergreenHealth cybersecurity rating report: https://www.rankiteo.com/company/evergreenhealth
"id": "SOUEVE1772103925",
"linkid": "southwestern-eye-center, evergreenhealth",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Pennsylvania/Delaware, USA',
'name': 'Center for Advanced Eye Care',
'type': 'Healthcare Provider'},
{'industry': 'Healthcare',
'location': 'New Mexico, USA',
'name': 'Southwest C.A.R.E Center',
'type': 'Nonprofit Healthcare Provider'},
{'industry': 'Healthcare',
'location': 'Washington, USA',
'name': 'Evergreen Healthcare Group (Couve Healthcare '
'Consulting)',
'type': 'Healthcare Provider'}],
'attack_vector': 'Unauthorized Access',
'customer_advisories': ['Credit monitoring and identity theft protection '
'services offered'],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Protected Health Information '
'(PHI)',
'Names',
'Personal Information',
'Dates of Birth',
'Social Security Numbers',
'Medical Information']},
'date_detected': ['2025-12-16', '2025-06-03', '2025-12-03'],
'description': 'Three U.S. healthcare organizations (Center for Advanced Eye '
'Care, Southwest C.A.R.E Center, and Evergreen Healthcare '
'Group) have disclosed cybersecurity incidents involving '
'unauthorized access to patient data.',
'impact': {'brand_reputation_impact': True,
'data_compromised': True,
'identity_theft_risk': True,
'systems_affected': ['Legacy systems',
'Cloud-based healthcare platform']},
'initial_access_broker': {'data_sold_on_dark_web': True},
'investigation_status': 'Ongoing',
'motivation': ['Data Theft', 'Ransomware'],
'post_incident_analysis': {'corrective_actions': ['Strengthened security '
'measures',
'Additional safeguards']},
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'Medusa'},
'references': [{'source': 'HHS’ Office for Civil Rights (OCR) breach portal'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA'],
'regulatory_notifications': ['Not yet listed on '
'HHS’ Office for Civil '
'Rights (OCR) breach '
'portal']},
'response': {'communication_strategy': ['Credit monitoring and identity theft '
'protection services',
'Customer advisories'],
'containment_measures': True,
'incident_response_plan_activated': True,
'remediation_measures': ['Strengthened security measures',
'Additional safeguards']},
'threat_actor': ['Unknown', 'Medusa ransomware group'],
'title': 'Three Healthcare Providers Report Data Breaches Impacting Patient '
'Information',
'type': 'Data Breach'}