A data breach at Nura Clinics has exposed the personal information of at least 5,207 patients. The breach represents another example of the persistent and ongoing cybersecurity challenges affecting healthcare providers.
According to Claim Depot, Nura Clinics discovered that unauthorized parties accessed its systems and potentially obtained sensitive data on more than five thousand individuals. While the exact method used by the attackers has not been publicly detailed, the US Department of Health and Human Services (HHS) has classified it as a hacking/IT incident in the practice’s email system.
The compromised information may include:
While Nura has notified the HHS, they are yet to release a comprehensive public statement detailing the full scope of the breach or steps taken to investigate and contain it.
This incident is part of a broader trend of rising cybersecurity threats targeting the healthcare sector by hacking into their email systems.
In August 2025, Marshfield Clinic Health System also experienced a hacking incident in its email system. The affected data differed by individual; however, it may include name, address, phone number, date of birth, insurance ID number, medical record number, dates of service, treatment/diagnosis information, lab results, and medications.
Go deeper: Marshfield Clinic confirms data breach after employee email compromised
According to Paubox, healthcare organizations reported 107 email-related breaches to HHS between January and July of 2025, demonstrating how easy it is for exposed inboxes to reveal large amounts of PHI, stressing the need for more stringent protections regarding the sharing of sensitive information via email, more staff training, and stronger account security measures.
Investing in safer email platforms, such as Paubox Email Suite, could reduce the risk of unauthorized access by encrypting messages by default, limiting exposure from compromised accounts, and helping organizations maintain compliance with HIPAA’s technical safeguard requirements.
See also: HIPAA Compliant Email: The Definitive Guide (2025 Update)
Healthcare providers store highly sensitive data, including medical records and Social Security numbers, which can be sold or exploited for identity theft, insurance fraud, and medical fraud.
Yes. Under the Health Insurance Portability and Accountability Act (HIPAA), healthcare providers must notify affected individuals and federal regulators when protected health information is compromised.
Depending on the findings of regulatory investigations, penalties may include fines, corrective action plans, or increased oversight by federal authorities.