Recent healthcare data breaches reported in New Jersey, Pennsylvania, Iowa, and Louisiana have compromised the personal and health data of tens of thousands of individuals.
Cooper Health System Breach Impacts Over 57,000 Patients in New Jersey
Cooper Health System has reported a significant healthcare data breach affecting approximately 57,412 individuals. The incident was disclosed to the Maine Attorney General following the detection of unusual network activity on May 14, 2024. Although system access was not disrupted, forensic analysis confirmed that an unauthorized third party accessed internal systems and may have exfiltrated sensitive data.
A file review completed by March 26, 2025, revealed that the breach involved names and Social Security numbers. Cooper has since deployed enhanced security measures and is offering complimentary credit monitoring and identity theft protection to those affected.
Union County Children and Youth Services Targeted in Pennsylvania Ransomware Attack
A ransomware attack has impacted systems used by Union County Children and Youth Services in Pennsylvania. The intrusion was detected on March 13, 2025, and by March 17, it was confirmed that threat actors had stolen data from the county’s network.
Stolen data includes names, Social Security numbers, and driver’s license numbers, mainly involving individuals linked to law enforcement, courts, and child services. The number of affected individuals remains under investigation. As a precaution, the county is reinforcing network restrictions and deploying new tools for faster incident detection and response. The breach has been reported to the HHS Office for Civil Rights as affecting at least 501 individuals, pending full review.
Balance Autism in Iowa Reports Unauthorized Access to Client Data
Balance Autism, based in Altoona, Iowa, experienced unauthorized access to its systems between March 11 and March 17, 2025. Following forensic analysis, it was determined that files were copied by an external party during the breach.
The affected files contained names, dates of birth, Social Security numbers, Medicaid IDs, and health insurance information. A detailed review concluded by May 5, 2025, confirmed that 1,281 individuals were impacted. Notification letters have been issued, and credit monitoring is being offered to those with compromised Social Security data.
Carpenter Health Network in Louisiana Suffers PHI Exposure
Carpenter Health Network, a healthcare provider in Louisiana, has disclosed a network intrusion that led to the exposure of protected health information for 878 individuals. The breach occurred between February 4 and February 28, 2025, and was confirmed on March 5.
The compromised data includes:
- Names
- Phone numbers
- Addresses
- Dates of birth
- Social Security numbers
- Diagnoses and treatment details
- Physician names
- Medical record numbers
- Health insurance information
Credit monitoring services have been offered, and security improvements have been implemented to prevent future incidents.
