Three separate cyberattacks and data breaches have recently impacted organizations across the United States, exposing sensitive personal and financial information belonging to thousands of individuals and employees.
Hillcrest Convalescent Center Data Breach: 106,194 Records Exposed
Hillcrest Convalescent Center in Durham, North Carolina, experienced a significant data breach affecting 106,194 individuals. The incident, discovered on June 27, 2024, involved unauthorized access to the center’s network by a third party. A thorough data review, completed on February 13, 2025, confirmed the exposure of sensitive data, including:
- Names
- Dates of birth
- Social Security numbers
- Medical information
- Treatment information
- Healthcare provider information
- Health insurance information
Hillcrest Convalescent Center assures that, to date, they are unaware of any misuse of the compromised data. Affected individuals have been offered complimentary credit monitoring and identity restoration services for 12 to 24 months.
Bay Cove Human Services Network Breach: Potential Data Theft
Bay Cove Human Services in Boston, Massachusetts, also suffered a cyberattack and potential data theft. Unusual network activity detected on December 30, 2024, prompted an investigation that confirmed the exposure of sensitive patient data. This included:
- Names
- Dates of birth
- Social Security numbers
- Diagnosis/treatment information
- Other health-related information
Due to the inability to pinpoint which patients’ data was specifically accessed, Bay Cove Human Services proactively notified all 21,295 patients whose data was stored on the compromised network sections. Notification letters were mailed on March 3, 2025. The organization has since implemented enhanced security measures to prevent future incidents. This data breach highlights the importance of comprehensive security protocols in the healthcare sector.
SMC Corporation of America Ransomware Attempt: Employee Data at Risk
SMC Corporation of America in Indiana faced a thwarted ransomware attack on December 8, 2025. A foreign threat actor breached the network, attempting to disrupt IT infrastructure and potentially deploy ransomware. The investigation revealed that the attacker accessed internal systems containing current and former employees’ personal information, some of which may have been copied. This potentially compromised data included:
- First and last names
- Dates of birth
- Addresses
- Bank account information
- Driver’s licenses
- Payroll information
- SMC employee account numbers and positions
- Social Security numbers
- SMC employee benefit information
- Medical information related to SMC benefits
- Other identifying information
Despite significant prior investments in cybersecurity, the attack was successful in breaching the company’s defenses. SMC Corporation of America is working to enhance its security protocols to prevent similar future incidents. This attempted ransomware attack underscores the persistent threat of sophisticated cyberattacks targeting enterprises.
These three separate incidents demonstrate the pervasive nature of cyberattacks and the potential for significant data breaches across various sectors. Organizations of all sizes must prioritize robust cybersecurity measures, including proactive threat detection and incident response planning, to protect sensitive data and mitigate the risks associated with these attacks. Investing in strong security practices is not just a cost; it’s a crucial investment in protecting your business and your clients.
Helpful Reads:
