1 min read

Community Health Network of Indiana announces data breach linked to email

Picture of Abby Grifno Abby Grifno September 18, 2025

Healthcare cybersecurity news
3D illustration of database servers and security padlocks representing data protection

The non-profit health system recently announced a data breach linked to an employee’s email account. 

 

What happened

On September 12th, 2025, Community Health Network (“Community”), posted a data breach notice. According to the notice, an unknown actor accessed an employee email account between February 25, 2025 and February 26th, 2025. 

Community did not state when the threat was discovered, but noted that once it was, it was immediately contained and investigated. 

On May 8th, Community’s investigation determined that some protected health information (PHI) had been involved. The investigation concluded on July 15th, and it was determined that accessed information included patient names, medical information, and health insurance information. Community has now begun mailing out notices to impacted individuals. The breach impacted approximately 13,939 individuals. 

 

Going deeper

In 2022 the service provider announced a breach that impacted 1.5 million individuals. The breach was tied to the use of third-party tracking technologies used in the patient portal system and some scheduling sites. At the time, Community said they immediately investigated the incident and disabled the tracking software. 

 

Why it matters

In a Paubox report, Healthcare IT is Dangerously Overconfident About Email Security, researchers found that "email is the single largest vector for cyberattacks in the healthcare sector.Yet another Paubox report found thatModern healthcare relies heavily on email for patient care communication, administrative processes, and sensitive information sharing.” 

Despite healthcare’s reliance on email and the numerous breaches, many organizations still aren’t prioritizing email cybersecurity, and it could be costing them time, money, and patient trust.  

 

FAQs

How can employee email breaches be prevented? 

One of the best ways to prevent email attacks is through software, like Paubox, that automatically quarantines suspicious emails. Additionally, training employees on password security and spotting phishing techniques can go a long way.    

 

What is Community doing in response to the attack?

Community noted they arecommitted to maintaining the privacy of personal information in our possession and have taken many precautions to safeguard it. They are also operating a phone line for questions and providing guidance on keeping data safe. At this time, they do not appear to be offering credit monitoring services. 
Secure every email you send and receive HIPAA compliant. Threat-proof. Hassle-free.
red digital email icons

Georgia Urology email breach affects over 12,000

Caitlin Anthoney : April 11, 2025

On March 27, 2025, Georgia Urology announced that a cyberattack compromised two employee email accounts, exposing 12,398 current and former patients'...

Healthcare cybersecurity news
Read More
Abstract digital data visualization with glowing lines and particles

Navia Benefit Solutions announces breach impacting nearly 3 million

Picture of Abby Grifno Abby Grifno : March 23, 2026

The employee benefits service provider faced a breach that lasted approximately three weeks, impacting millions of clients.

Healthcare cybersecurity news
Read More
CommunityCare Plan logo

Employee email misuse at South Florida Community Care Network

Picture of Kapua Iao Kapua Iao : September 17, 2021

Employee email misuse at South Florida Community Care Network led to a data breach of protected health information (PHI). South Florida Community...

Healthcare cybersecurity news
Read More

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.