Community Health Center discloses massive patient data breach.gettyWith ransomware attacks reaching record numbers, and more than a billion stolen passwords for sale on the dark web, Im constantly amazed that there arent more data breaches, if Im honest. Not that it makes it any the less shocking when a healthcare provider discloses that the medical records of a million patients have been compromised. Heres what we know about the Community Health Center security incident.More Than A Million Medical Records StolenIn a Jan. 30 filing to the Office of the Maine Attorney General, Connecticut-based healthcare provider Community Health Center has disclosed a data breach, first discovered Jan. 2, has impacted more than a million patients following a successful attack by unknown threat actors who gained access to its networks.In a letter to impacted patients, seen by this reporter, Mark Masselli president and CEO at Community Health Center, Inc., said, that investigators had determined that a skilled criminal hacker got into our system and took some data, which might include your personal information. This doesnt appear to have been a ransomware attack, as Masselli said no data was deleted or encrypted, and the hack didnt impact healthcare operations. We believe we stopped the criminal hackers access within hours, Masselli said, and that there is no current threat to our systems.There is, however, the small matter of the files that the hacker stole: files containing patients personal and health information belonging to 1,060,936 individuals. The stolen data is understood to include:Patient NamesDates of BirthContact InformationSocial Security NumbersMedical DiagnosesTreatment DetailsTest ResultsHealth Insurance DetailsA Medical Records NightmareThis incident highlights the urgency of securing healthcare infrastructuresprotecting not just patient data, but the broader ecosystem of communication, collaboration, and care delivery, Emily Phelps, a director at Cyware, said, Incidents in this sector underscore the ongoing risks healthcare providers face, with attackers gaining access to sensitive data like names, medical diagnoses, and insurance details.Masselli, meanwhile, said that Community Health Center had strengthened our security and added special software to watch for suspicious activity, although this will be of cold comfort to those patients whose medical records have been compromised. Given that the attacker also has access to names, dates of birth and health insurance details, this could be an extortion nightmare waiting to unfold.