1 min read

Compassion Health Care notifies patients of breach

Picture of Abby Grifno Abby Grifno May 27, 2025

Breaches
Compassion Health Care notifies patients of breach

The North Carolina-based provider announced the breach earlier this month. 

 

What happened

On March 21st, 2025, Compassion Health Care Inc. learned that an unauthorized third-party had potentially viewed and/or downloaded data stored on CHC’s systems. Data included information for both patients, employees, and vendors. 

Impacted data varied, but for patients, it may have included names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, health insurance information, claims information, and clinical/diagnostic information related to medical services.

For employees and vendors, information may have included names, addresses, dates of birth, Social Security numbers, income information, financial account information, and potentially bank account and routing numbers. 

The incident has not yet been reported to the Department of Health and Human Services, leaving it unclear how many individuals may have been impacted

 

Going deeper

In their data breach notice, CHC said they initially detected unusual activity on their network on March 17th, 2025. The incident resulted in some disruption to the network. Upon learning of the incident, CHC launched an investigation with the assistance of a third-party cybersecurity firm. 

Beginning May 16th, CHC sent written notifications to potentially impacted patients and employees for whom they had the contact information. 

In response to the incident, CHC is offering complimentary credit monitoring and identity theft restoration services. Individuals who have been patients at CHC may request credit monitoring regardless of if they received the letter. 

 

What to watch

Data breaches are becoming commonplace in North Carolina. According to a report by North Carolina Attorney General Jeff Jackson, 2024 was a record-breaking year for data breaches in the state. Approximately 2,258 breaches were reported to the North Carolina Department of Justice, over 200 more than the year prior. Breaches were not all healthcare-related, but many similar tactics are used across industries. 

Notably, the report found that ransomware attacks increased nearly 50%. Email breaches have also been steadily on the rise, with phishing attacks growing. 

The Change Healthcare Breach drew national attention to North Carolina, but data shows this incident was far from the only one. When it comes to data, any incident could lead to information getitng into the wrong hands. 

 

FAQs

Can impacted individuals receive compensation? 

Currently, no class action lawsuits are active against CHC, but it’s possible that they could form if impacted individuals wish to seek retribution. 

 

What caused the CHC data breach?

CHC did not list a specific cause for the breach and has not yet filled the incident with the HHS. Breaches can be caused by a variety of reasons, from a network attack to clicking on a malicious email. 
Send PHI securely—No portals required. The all-in-one email security suite for healthcare. HIPAA compliant email with Google and Microsoft.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.