Cempa Community Care Reports Data Breach Affecting 1,341 Individuals via Third-Party Vendor
On January 30, 2026, Cempa Community Care a Chattanooga, Tennessee-based nonprofit health organization disclosed a data breach impacting 1,341 individuals across the U.S. The incident did not originate from Cempa’s systems but from a breach at an unnamed electronic health record (EHR) vendor. The unauthorized access occurred through a subcontractor providing insurance eligibility transaction services for the vendor.
Exposed data included highly sensitive information: names, addresses, dates of birth, Social Security numbers, health insurance details (including Medicare identifiers), provider names, and other demographic or health-related records. The breach was reported to the U.S. Department of Health and Human Services (HHS) on the same day, with details posted on the HHS breach portal.
The affected vendor responded by securing its systems, containing the unauthorized activity, and engaging cybersecurity experts to investigate. Cempa Community Care is offering complimentary identity monitoring and fraud assistance through Kroll to impacted individuals, with enrollment instructions to be mailed directly. Those with questions may contact Cempa’s Director of Compliance, Melissa White, at 423-265-2273 or via email.
Source: https://www.claimdepot.com/data-breach/cempa-community-care-2026
Cempa Community Care TPRM report: https://www.rankiteo.com/company/cempa-community-care
Unnamed electronic health record TPRM report: https://www.rankiteo.com/company/trinetx
"id": "tricem1771274108",
"linkid": "trinetx, cempa-community-care",
"type": "Breach",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1,341 individuals',
'industry': 'Healthcare',
'location': 'Chattanooga, Tennessee, USA',
'name': 'Cempa Community Care',
'type': 'Nonprofit Health Organization'}],
'attack_vector': 'Third-Party Vendor Compromise',
'customer_advisories': 'Complimentary identity monitoring and fraud '
'assistance through Kroll offered to impacted '
'individuals',
'data_breach': {'number_of_records_exposed': '1,341',
'personally_identifiable_information': 'Names, addresses, '
'dates of birth, '
'Social Security '
'numbers, Medicare '
'identifiers, health '
'insurance details',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal and health information'},
'date_publicly_disclosed': '2026-01-30',
'description': 'Cempa Community Care disclosed a data breach impacting 1,341 '
'individuals due to unauthorized access at an unnamed '
'electronic health record (EHR) vendor. The breach exposed '
'sensitive personal and health information, including Social '
'Security numbers, Medicare identifiers, and insurance '
'details.',
'impact': {'data_compromised': 'Names, addresses, dates of birth, Social '
'Security numbers, health insurance details '
'(including Medicare identifiers), provider '
'names, and other demographic or '
'health-related records',
'identity_theft_risk': 'High',
'systems_affected': 'Third-party EHR vendor and subcontractor '
'systems'},
'initial_access_broker': {'entry_point': 'Subcontractor providing insurance '
'eligibility transaction services'},
'investigation_status': 'Ongoing',
'references': [{'date_accessed': '2026-01-30',
'source': 'U.S. Department of Health and Human Services (HHS) '
'Breach Portal'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to the U.S. '
'Department of Health '
'and Human Services '
'(HHS)'},
'response': {'communication_strategy': 'Direct mailing of enrollment '
'instructions for identity monitoring '
'and fraud assistance',
'containment_measures': 'Securing systems and containing '
'unauthorized activity',
'third_party_assistance': 'Cybersecurity experts engaged by the '
'vendor'},
'title': 'Cempa Community Care Data Breach via Third-Party Vendor',
'type': 'Data Breach'}