Recent Data Breaches: Who Was Hacked and How to Protect Yourself

Stay informed on the latest data breaches to protect yourself and your information. Here's what you need to know:

Week of March 31, 2025

Chord Specialty Dental Partners

• What happened? Unauthorized individuals gained access to several employee email accounts.
• When? The data breach occurred from August 19, 2024, to September 25, 2024. Suspicious activity was first identified on or around September 11, 2024.
• Who is affected? Approximately 173,000 people have potentially been compromised. 
• What type of data was exposed? Patient health information. 
• What should I do? Monitor your financial accounts to be aware of any unauthorized activity and be cautious of unsolicited communications requesting your information

Dove Healthcare

• What happened? A data security incident occurred involving unauthorized access to files on the company’s IT network.
• When? The unauthorized access occurred on July 6, 2024. Dove Healthcare discovered the breach on March 6, 2025, and filed a notice on March 18, 2025.
• Who is affected? Notification letters were sent to 16,225 impacted individuals
• What type of data was exposed? Names, dates of birth, Social Security numbers, driver's license numbers, medical information, health insurance information, and identifying images.

• What should I do? Consider enrolling in credit monitoring services that can alert you to potential identity theft. 

   

Millennium Home Healthcare

• What happened? Suspicious activity was identified via employee email accounts, potentially exposing patient information. 
• When? The unauthorized access occurred on or around October 25, 2024.
• Who is affected? 12,398 patients may have had their information stolen. 
• What type of data was exposed? Names, addresses, Social Security numbers, driver’s license numbers, treatment/diagnosis, medical history, dates of birth, COVID vaccination history, and health insurance information. 
• What should I do? Review your medical history to ensure no unauthorized procedures, prescriptions, or claims have been made using your information.

Week of March 17, 2025

AuthoraCare Collective

• What happened? An unauthorized party accessed its network from an external source. 
• When? The incident occurred on August 18, 2024, and was discovered on August 22, 2024. 
• Who is affected? 58,019 individuals were affected and notified on March 11, 2025. 
• What type of data was exposed? Names, Social Security numbers, and medical information
• What should I do? Monitor their medical and financial accounts for any unusual activity. If contacted by AuthoraCare Collective, follow all instructions and consider enrolling in the identity theft protection services offered.

Trinity Petroleum Management 

• What happened? An unauthorized party gained access to its IT network and exposed sensitive personal information stored on the company’s systems.
• When? The breach was detected on or about October 12, 2024. Following an investigation and data review, Trinity submitted notice of the breach on March 13, 2025.
• Who is affected? 46,659 individuals have been identified
• What type of data was exposed? Names, addresses, and Social Security numbers
• What should I do? Impacted individuals should remain vigilant by monitoring their accounts for unusual activity. 

Erickson Companies 

• What happened? Erickson Companies detected suspicious activity within its computer systems. Following an internal investigation, the company determined that certain files containing sensitive information had been accessed by an unauthorized party.
• When? Activity was first detected on November 18. 2024 Data breach letters notifying affected individuals were sent on March 12, 2025.
• Who is affected? Around 11,820 individuals may have had their information compromised. 
• What type of data was exposed? Names, Social Security numbers, and addresses
• What should I do? Monitor your financial and personal accounts regularly for any signs of unauthorized activity. Consider enabling account alerts to receive immediate notifications of suspicious transactions.

IKAV Energy 

• What happened? IKAV Energy experienced a data breach due to an external system hacking incident.
• When? The breach occurred and was discovered on December 6, 2024.
• Who is affected? A total of 5,832 individuals were affected.
• What type of data was exposed? Individuals' names or other personal identifiers in combination with unspecified sensitive data elements.
• What should I do? The company is offering 12 months of credit monitoring and identity theft protection services through TransUnion, which includes credit monitoring, identity theft protection, and insurance. 

Pulmonary Physicians of South Florida

• What happened? The ransomware group known as Brain Cipher added Pulmonary Physicians of South Florida (PPSF) to their dark web leak site, claiming to have accessed sensitive patient information.
• When? The exact date of the breach has not been disclosed.
• Who is affected? The leaked file tree lists approximately 423,920 files, though this may include multiple records per patient. 
• What type of data was exposed? Patient names, dates of birth, medication requests, and potentially other protected health information. 
• What should I do? As Pulmonary Physicians of South Florida has not yet confirmed the breach or issued official notifications, individuals associated with PPSF should proactively monitor their medical and financial accounts for any unauthorized activity.

Access TeleCare

• What happened? Access TeleCare identified suspicious activity related to an employee's email account An investigation revealed that unauthorized access to certain email accounts occurred.
• When? Unauthorized access took place from November 6, 2023, to January 8, 2024, with the breach discovered on January 8, 2024.
• Who is affected? The specific number of affected individuals has not been disclosed. Access TeleCare has notified impacted individuals via letters dated March 14, 2025. 
• What type of data was exposed? Names, dates of birth, Social Security numbers, medical record numbers, patient account numbers or IDs, health insurance account numbers, medical diagnoses, treatment or procedure information, clinical details, provider locations, provider names, and prescription information.
• What should I do? Access TeleCare is offering 12 months of complimentary credit monitoring and identity theft protection services through TransUnion. Affected individuals are encouraged to enroll in these services and monitor their account statements and credit reports for any suspicious activity. Detailed instructions are provided in the notification letters.

Cottrill’s Pharmacy, Inc.

• What happened? Cottrill’s Specialty Pharmacy identified suspicious activity within its computer network. It was determined that an unauthorized actor accessed the network on that same day and may have acquired certain sensitive information.
• When? The unauthorized access occurred on January 21, 2025, and was discovered the same day. The investigation and data review process concluded on February 24, 2025.
• Who is affected? Cottrill’s mailed notification letters to individuals whose information may have been involved and for whom they had valid mailing addresses.
• What type of data was exposed? Names, dates of birth, Social Security numbers, driver’s license or state identification numbers, medical information, and health insurance information.
• What should I do? Cottrill’s recommends that affected individuals remain vigilant by monitoring account statements and Explanation of Benefits forms for suspicious activity. Individuals are also encouraged to take advantage of free annual credit reports available through the three major credit bureaus. 

Week of March 10, 2025

Hillcrest Convalescent Center Data Breach

• What happened? Hillcrest Convalescent Center experienced a data breach after an unauthorized party accessed its network and extracted sensitive patient information.
• When? The breach was detected on June 27, 2024, but the data review was completed on February 13, 2025, and affected individuals were notified recently.
• Who is affected? Approximately 106,194 individuals who have records with Hillcrest Convalescent Center may have had their data compromised.
• What type of data was exposed? The exposed data includes names, dates of birth, Social Security numbers, medical information, treatment details, healthcare provider information, and health insurance details.
• What should I do? Keep a close watch on your financial and medical accounts for any unauthorized activity and take advantage of the free credit monitoring provided by Hillcrest Convalescent Center

Central Texas Pediatric Orthopedics Data Breach

• What happened? Central Texas Pediatric Orthopedics (CTPO) experienced a data breach in which an unauthorized party accessed confidential patient information. The breach may have directly affected CTPO or originated from a third-party vendor.
• When? The breach was reported on March 7, 2025.
• Who is affected? Approximately 90,000 individuals may have had their data compromised.
• What type of data was exposed? The exposed data includes names, medical information, health insurance information, and government-issued identification.
• What should I do? Monitor your financial and medical accounts for suspicious activity, enroll in any credit monitoring offered by CTPO, enable two-factor authentication on sensitive accounts, and consider freezing your credit.

Makai LLC Data Breach

• What happened? Makai LLC detected a potential data security incident involving unauthorized access to information provided to the company. 
• When? The incident occurred on January 28, 2025, and was discovered shortly thereafter. 
• Who is affected? Government and commercial clients. The exact number of individuals affected has not been publicly disclosed. ​
• What type of data was exposed? The specific information exposed varies by individual and may include names and Social Security numbers.
• What should I do? Keep a close eye on your financial and personal accounts for any unauthorized activity. Set up account alerts to detect suspicious transactions quickly. 

Best Collateral Data Breach 

• What happened? Best Collateral, a company specializing in collateral loans and retail services, experienced a data breach resulting from a recent cybersecurity attack. 
• When? Following a thorough investigation, the breach was confirmed on February 10, 2025.
• Who is affected? Both customers and employees of Best Collateral are affected by this breach. Impacted individuals were notified on March 6, 2025.
• What type of data was exposed? The exposed information varies by individual and may include names, Social Security numbers, driver's license numbers, biometric information, military identification numbers, and health insurance policy information.
• What should I do? Stay vigilant by checking your financial and personal accounts for any unusual activity, sign up for any credit monitoring services offered by Best Collateral, strengthen your security by enabling two-factor authentication, and consider freezing your credit. 

Numotion Data Breach

• What happened? Numotion, a provider of mobility solutions, experienced a data breach involving unauthorized access to multiple employee email accounts over an extended period.
• When? The unauthorized access occurred between September 2, 2024, and November 18, 2024.
• Who is affected? Individuals whose personal information was contained within the compromised email accounts are affected. Impacted individuals were made aware of the data breach on March 7, 2025.
• What type of data was exposed? The compromised information varies by individual and may include names, Social Security numbers, driver’s license numbers, dates of birth, product information, payment and financial account information, health insurance information, and medical information.
• What should I do? Regularly review your financial and personal accounts for any unauthorized transactions, take advantage of any credit monitoring services provided by Numotion, strengthen your account security with two-factor authentication, and consider placing a credit freeze to protect against identity theft.

Lumen Technologies Data Breach

• What happened? Lumen Technologies, a global telecommunications and technology company, experienced a data breach resulting from unauthorized access to its computer network.
• When? The unauthorized access occurred between November 15, 2024, and December 4, 2024. Lumen discovered the breach on January 17, 2025.
• Who is affected? The specific number of individuals affected by this breach has not been publicly disclosed. Lumen Technologies notified those whose information was compromised on March 6, 2025.
• What type of data was exposed?  While the exact categories of data compromised have not been publicly specified, the breach may have involved sensitive personal information. Affected individuals received personalized notification letters detailing the specific types of personal information compromised.
• What should I do? Secure your online accounts by using strong, unique passwords and enabling two-factor authentication. If you’re concerned about identity theft, consider placing a fraud alert or a credit freeze to prevent unauthorized access to your financial information.

Archie Cochrane Ford Data Breach

• What happened? Archie Cochrane Ford detected unauthorized activity on its IT network and confirmed that confidential files were accessed by an unauthorized party. 
• When? The unauthorized activity was detected on December 11, 2024. Affected individuals were notified via data breach letters sent on February 27, 2025.
• Who is affected? Individuals whose information was contained in the compromised files are affected. The specific number of impacted individuals has not been disclosed.
• What type of data was exposed? The compromised information includes names, addresses, and Social Security numbers.
• What should I do? Enroll in any credit monitoring services offered by Archie Cochrane Ford, monitor your credit reports closely, and report any signs of fraud to the appropriate authorities.

Sunflower Medical Group Data Security Incident

• What happened? Sunflower Medical Group detected suspicious activity on its network and found that an unknown third party accessed its systems and acquired copies of files containing personal information. 
• When? The unauthorized access occurred on or about December 15, 2024. Sunflower Medical Group became aware of the suspicious activity on January 7, 2025. 
• Who is affected? Individuals whose personal information was contained in the accessed files are affected. Sunflower Medical Group has sent letters to involved individuals for whom valid mailing addresses were available. 
• What type of data was exposed? The information varied by individual but may have included names, addresses, dates of birth, Social Security numbers, driver's license numbers, medical information, and health insurance information. 
• What should I do? Monitor your accounts and credit reports for fraud. Report any suspicious activity and take advantage of Sunflower Medical Group’s complimentary identity theft protection if your Social Security or driver's license number was involved.

Gastroenterology Associates of Central Florida, P.A. dba Center for Digestive Health Data Breach

• What happened? Gastroenterology Associates of Central Florida, P.A., operating as the Center for Digestive Health, detected suspicious activity on its IT network. An investigation revealed that an unauthorized party had accessed and acquired certain files containing personal information.
• When? The unauthorized access occurred on April 1, 2024. The breach was discovered on May 7, 2024, and affected individuals were notified on February 25, 2025.
• Who is affected? Approximately 122,437 individuals were affected by this breach.
• What type of data was exposed? The compromised information includes names, Social Security numbers, dates of birth, and health information.
• What should I do? Keep an eye on your financial and personal accounts for unusual activity, take advantage of any credit monitoring services provided by the Center for Digestive Health, and consider freezing your credit.

Community Care Alliance Data Breach

• What happened? Community Care Alliance experienced a hacking incident that led to unauthorized access to personal information.
• When? The breach occurred on June 20, 2024, and was discovered on January 8, 2025. Affected individuals were notified on March 7, 2025. 
• Who is affected? Approximately 114,945 individuals were impacted. 
• What type of data was exposed? The specific types of personal information compromised were not detailed in the notification.
• What should I do? Community Care Alliance offered 12 months of credit monitoring through TransUnion. Affected individuals should monitor their financial accounts for unauthorized activity and consider enrolling in the provided credit monitoring services.

If you’ve been impacted by one of these breaches and believe you may be entitled to compensation, contact Morgan & Morgan today for a free, no-obligation consultation.