Community Health Network of Indiana announces data breach linked to email

The non-profit health system recently announced a data breach linked to an employee’s email account. 

What happened

On September 12th, 2025, Community Health Network (“Community”), posted a data breach notice. According to the notice, an unknown actor accessed an employee email account between February 25, 2025 and February 26th, 2025. 

Community did not state when the threat was discovered, but noted that once it was, it was immediately contained and investigated. 

On May 8th, Community’s investigation determined that some protected health information (PHI) had been involved. The investigation concluded on July 15th, and it was determined that accessed information included patient names, medical information, and health insurance information. Community has now begun mailing out notices to impacted individuals. The breach impacted approximately 13,939 individuals. 

Going deeper

In 2022 the service provider announced a breach that impacted 1.5 million individuals. The breach was tied to the use of third-party tracking technologies used in the patient portal system and some scheduling sites. At the time, Community said they immediately investigated the incident and disabled the tracking software. 

Why it matters

In a Paubox report, Healthcare IT is Dangerously Overconfident About Email Security, researchers found that "email is the single largest vector for cyberattacks in the healthcare sector.” Yet another Paubox report found that “Modern healthcare relies heavily on email for patient care communication, administrative processes, and sensitive information sharing.” 

Despite healthcare’s reliance on email and the numerous breaches, many organizations still aren’t prioritizing email cybersecurity, and it could be costing them time, money, and patient trust.  

FAQs

How can employee email breaches be prevented? 

One of the best ways to prevent email attacks is through software, like Paubox, that automatically quarantines suspicious emails. Additionally, training employees on password security and spotting phishing techniques can go a long way.    

What is Community doing in response to the attack?

Community noted they are “committed to maintaining the privacy of personal information in our possession and have taken many precautions to safeguard it.” They are also operating a phone line for questions and providing guidance on keeping data safe. At this time, they do not appear to be offering credit monitoring services.