Treasure Coast Hospice recently notified patients of a data breach resulting in unauthorized access to individuals’ personal information.
Health & Palliative Services of the Treasure Coast, Inc, also known as Treasure Coast Hospice, recently disclosed to the Department of Health and Human Services (HHS) of a breach that took place approximately a year ago.
According to their notice posted online, Treasure Health first detected suspicious activity on September 25th, 2024. After Treasure Health discovered the incident, they began taking steps to secure their digital environment and investigate the incident.
The investigation, which included data mining, was completed on July 15th, 2025. Treasure Coast determined that the following information may have been accessed: names, dates of birth, demographic information, Social Security numbers, driver’s license numbers, medical information, financial information, and health insurance information.
Treasure Coast reported the incident to the HHS on September 19th, 2025, noting that 13,234 individuals were impacted.
Treasure Health noted that they have not received any reports of identity theft since the date of the incident. However, it’s unclear when the notice may have been sent to individuals, and thus, individuals may not have known that identity theft issues could have been linked to the breach.
Treasure Health has said they are “committed to ensuring the privacy and security of all personal information.” They stated they are taking additional steps to mitigate future issues, including “retraining employees, updating policies, and implementing a weekly security scan of the site to determine if there are any issues.”
Treasure Health is also offering complimentary credit monitoring and identity theft protection. They are encouraging all potentially impacted individuals to “remain vigilant against incidents of identity theft and fraud.”
Although Treasure Health did not mention an attack vector, they reported the incident to the HHS as connected to email. Briana Contreras, a Managed Healthcare Executive, notes, “While email remains the main communication tool in healthcare, it still poses as the weakest form of security.”
Despite often not being as secure as it should be, one Paubox report found that security incidents in email “consistently ranks among the top reasons healthcare organizations face enforcement actions and hefty fines.”
Data mining is the process of analyzing large amounts of data for hidden trends or patterns. In the context of cybersecurity, it can help determine abnormalities in the system or what information may have been accessed.
The investigation of a breach can depend significantly on the complexity of the case and what resources the practice has available. Smaller or more rural practices, for instance, may need to seek out additional assistance if they don’t have it in-house. Furthermore, some tasks, like data mining, can be time-consuming. Investigations can generally take anywhere from a month to a year to be completed.