Vibra Hospital of Southeastern Massachusetts, a long-term acute care facility, suffered a data breach after a threat actor gained unauthorized access to six employee email accounts between March 11–22, 2025. The breach was detected on March 13, 2025, but the full impact was confirmed only on August 4, 2025, revealing that sensitive patient data including names and Social Security numbers was compromised. The incident affected at least two hospitals under Vibra Healthcare, with potential exposure of current and former patients across multiple locations. The breach was formally disclosed to authorities in October–November 2025, and impacted individuals were notified via mail. In response, Vibra secured its email systems, engaged cybersecurity experts, and offered 12 months of free credit monitoring to victims. The exact number of affected individuals remains undisclosed, but the exposure of personally identifiable information (PII) poses significant risks of identity theft, fraud, and phishing attacks.
Source: https://www.claimdepot.com/data-breach/vibra-hospital-2025
TPRM report: https://www.rankiteo.com/company/vhsemass
"id": "vhs2703027110425",
"linkid": "vhsemass",
"type": "Breach",
"date": "3/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown (current and former '
'patients from multiple Vibra '
'Hospital locations)',
'industry': 'Healthcare',
'location': 'New Bedford, Massachusetts, USA',
'name': 'Vibra Hospital of Southeastern Massachusetts',
'type': 'Hospital (Long-term Acute Care)'},
{'industry': 'Healthcare',
'location': 'Sacramento, California, USA',
'name': 'Vibra Hospital of Sacramento',
'type': 'Hospital'}],
'attack_vector': 'Compromised Email Accounts',
'customer_advisories': ['Mail notifications to affected individuals.',
'Dedicated call center for inquiries '
'(1-833-519-0410).',
'Offer of 12 months of free TransUnion Cyberscout '
'credit monitoring.'],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High (includes Social Security '
'Numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2025-03-13',
'date_publicly_disclosed': '2025-10-03',
'description': 'Vibra Hospital of Southeastern Massachusetts, a long-term '
'acute care hospital in New Bedford, experienced a data breach '
'where a threat actor gained unauthorized access to six '
'internal employee email accounts. The breach exposed '
'sensitive patient information, including names and Social '
'Security numbers. The incident impacted two hospitals under '
'Vibra Healthcare, with notifications sent to affected '
'individuals by mail. The hospital responded by securing its '
'email environment, engaging cybersecurity specialists, and '
'offering 12 months of free credit monitoring services to '
'impacted individuals.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive patient data',
'data_compromised': ['Names', 'Social Security Numbers'],
'identity_theft_risk': 'High (due to exposure of SSNs)',
'systems_affected': ['Email Accounts (6)']},
'initial_access_broker': {'entry_point': 'Employee email accounts (6 '
'compromised)',
'high_value_targets': ['Patient data (PII)']},
'investigation_status': 'Completed (review finalized on 2025-08-04)',
'post_incident_analysis': {'corrective_actions': ['Secured email environment.',
'Engaged cybersecurity '
'specialists to improve '
'security measures.']},
'recommendations': ['Sign up for free credit monitoring services (TransUnion '
'Cyberscout).',
'Monitor credit reports and financial accounts for '
'unusual activity.',
'Be alert for phishing attempts using exposed '
'information.',
'Consider placing a fraud alert or credit freeze with '
'major credit bureaus.'],
'references': [{'source': 'Vibra Hospital of Southeastern Massachusetts '
'website'},
{'date_accessed': '2025-11-03',
'source': "Massachusetts Attorney General's Office "
'(disclosure)'}],
'regulatory_compliance': {'regulatory_notifications': ['Massachusetts '
'Attorney General '
'(disclosed '
'2025-11-03)',
'Federal disclosures '
'(unspecified)']},
'response': {'communication_strategy': ['Disclosure to Massachusetts Attorney '
'General (2025-11-03)',
'Mail notifications to affected '
'individuals',
'Dedicated call center '
'(1-833-519-0410, Mon-Fri 8 a.m. to 8 '
'p.m. ET)'],
'containment_measures': 'Secured email environment',
'enhanced_monitoring': 'Improved security measures implemented',
'incident_response_plan_activated': True,
'third_party_assistance': 'Cybersecurity specialists engaged'},
'title': 'Vibra Hospital of Southeastern Massachusetts Data Breach',
'type': 'Data Breach'}