North Hudson Community Action Corp Data Breach Exposes PHI

On January 27, 2025, North Hudson Community Action Corporation (NHCAC) identified unusual activity within certain computer systems on its network. Upon discovering this suspicious activity, the organization immediately took steps to secure its systems and initiated a comprehensive investigation with the assistance of cybersecurity specialists.

The investigation revealed that an unknown actor had gained unauthorized access to limited NHCAC systems. During this unauthorized access, the actor acquired certain sensitive information from the affected systems. This unauthorized access occurred between January 26, 2025, and January 27, 2025. Importantly, the organization's electronic medical record system was not compromised during this incident.

The data breach potentially exposed sensitive personal and protected health information (PHI) belonging to approximately 501 individuals. The types of information exposed in this breach include names (personally identifiable information or PII), medical information (PHI), and health insurance information (PHI). At this time, there is no evidence to suggest that the compromised information has been misused for identity theft or fraud.

North Hudson Community Action Corporation officially reported this data breach to the U.S. Department of Health and Human Services on March 28, 2025. Details of the incident are publicly available on the U.S. Department of Health and Human Services' breach portal.

North Hudson Community Action Corporation's response

As a precautionary measure, North Hudson Community Action Corporation advises affected individuals to remain vigilant against potential identity theft or fraud. Individuals should carefully review their account statements, credit reports, and health insurance Explanation of Benefits (EOB) statements for any suspicious or unauthorized activity. If suspicious activity is detected, it should be reported promptly to the individual's healthcare provider, insurance company, or financial institution.

Affected individuals can obtain more information by contacting North Hudson Community Action Corporation directly at their toll-free number (833)-813-3300, available Monday through Friday from 9:00 a.m. to 5:00 p.m. Eastern Time. Additional details about the incident and recommended steps individuals can take to protect themselves are available on the North Hudson Community Action Corporation's official notice page.