Data breaches have been announced by Clarinda Regional Health Center in Iowa, Community Connections in DC, Waveny Lifecare Network in Connecticut, and NJ Pain Care Specialists in New Jersey. Clarinda Regional Health Center Clarinda Regional Health Center, a Clarinda, IA-based non-profit hospital, has started notifying 24,341 individuals about a recent cybersecurity incident that exposed sensitive data.
Suspicious activity was identified within its computer network on December 15, 2026, and the forensic investigation determined that files containing patient data may have been accessed or acquired without authorization in October 2025. The LockBit5 ransomware group claimed responsibility for the incident. The file review confirmed that the exposed data included first and last names, dates of birth, medical information, health insurance information, financial account numbers, Social Security numbers, driver’s license numbers, and taxpayer identification numbers.
The types of data varied from individual to individual. The review of the affected files was completed on May 21, 2026, and notification letters started to be mailed to the affected individuals on June 2, 2026. Individuals whose Social Security numbers were exposed in the incident have been offered complimentary credit monitoring and identity theft protection services.
Clarinda Regional Health Center has confirmed that additional security measures have been implemented to reduce the risk of similar incidents in the future. Community Connections Community Connections, a Washington D. C.
-based non-profit provider of behavioral health, residential, and primary health care coordination services, has notified the HHS’ Office for Civil Rights about a breach of the protected health information of 18,943 individuals. The breach was reported to OCR on May 18, 2026. Details about the data breach have yet to be publicly disclosed; however, a ransomware group – Inc Ransom – claimed responsibility for the incident and listed Community Connections to its dark web data leak site in late March, although it does not appear to have leaked the stolen data.
A similarly sized data breach was experienced in 2024, affecting 18,943 individuals. According to the notifications issued on August 27, 2025. The incident was detected on October 21, 2024, and full names, addresses, dates of birth, Social Security numbers, financial information, driver’s license or state identification information, medical information, and health insurance information were potentially involved.
Following that incident, multiple steps were taken to reduce the risk of similar incidents in the future, including implementing new technical safeguards and retraining members of its workforce. Waveny Lifecare Network Waveny Lifecare Network, a New Canaan, CT-based community-focused non-profit providing residential care, skilled nursing, and in-home care services to seniors, has recently reported a data security incident to the Maine Attorney General that has affected 8,548 individuals.
Suspicious activity was identified within its computer systems on May 28, 2025. Third-party cybersecurity specialists were engaged to investigate the incident and confirmed that a limited amount of data was accessed by an unauthorized third party on May 28, 2025. Waveny Lifecare Network conducted a time-consuming review of the affected data, and that process was completed on March 23, 2026.
Up-to-date contact information was then obtained to allow notification letters to be mailed, which were sent on June 2, 2026. The notification letter to the Maine AG has the data types redacted, although they are detailed in the individual notification letters. As a precaution against data misuse, the affected individuals have been offered complimentary credit monitoring and identity theft protection services.
NJ Pain Care Specialists NJ Pain Care Specialists, LLC, an interventional spine and pain management practice in Ocean Township, New Jersey, has announced a data security incident. Unauthorized activity was identified within its computer network on or around February 28, 2026. The investigation confirmed unauthorized access to its network occurred between February 25, 2026, and February 28, 2026, during which time, files may have been removed from its network.
The investigation to date has determined that data compromised in the incident includes names, addresses, dates of birth, medical record numbers, driver’s license numbers or other ID numbers, clinical or treatment information, medical procedure information, medical provider names, prescription information, and health insurance information. NJ Pain Care Specialists said it has reviewed and enhanced its data security policies and procedures, and its technical, administrative, and physical safeguards.
The investigation is ongoing, and the number of individuals has yet to be determined. The breach has been reported to the HHS’ Office for Civil Rights using an interim total of at least 501 individuals. The total will be updated when the investigation is concluded.
The post Clarinda Regional Health Center Reports Data Breach Affecting 24K Patients appeared first on The HIPAA Journal .
Originally published at hipaajournal.com
