Corewell Health and Rocky Mountain Care have disclosed separate data breach incidents, highlighting ongoing cybersecurity challenges across the healthcare sector. The breaches, involving sensitive patient information and potential ransomware activity, underscore the growing risks associated with third-party vendors and healthcare network vulnerabilities.
Corewell Health, a Michigan-based non-profit health system, confirmed that more than 19,000 patients were impacted following a data breach at its business associate, Pinnacle Holdings, LTD. The Colorado-based consulting firm experienced a network disruption on November 25, 2024, which affected systems containing protected health information belonging to multiple healthcare clients.
Although Pinnacle Holdings acted quickly to secure its systems, the complexity of the affected data extended the investigation timeline. The company has now confirmed that compromised information includes patient names, phone numbers, dates of birth, Social Security numbers, driver’s license details, health insurance information, prescription data, and dates of service.
Corewell Health has begun notifying affected individuals and is offering complimentary credit monitoring and identity theft protection services. Pinnacle Holdings has also implemented additional safeguards to strengthen its cybersecurity posture and reduce the risk of similar incidents in the future. The breach is believed to have impacted multiple clients, including Chicago-based CommonSpirit Health, though the total number of affected individuals across all organizations remains unclear.
In a separate incident, Rocky Mountain Care, a Utah-based provider of skilled nursing and home health services, reported a cybersecurity breach that occurred between January 30 and February 2, 2026. The organization identified unauthorized access to parts of its network containing patient information, with a forensic investigation confirming that sensitive files were accessed during the intrusion.
The full scope of the Rocky Mountain Care breach is still under review, and the total number of affected individuals has not yet been determined. The organization stated that notification letters will be sent once the data review process is complete.
The incident has been linked to the Qilin ransomware group, which claimed responsibility and listed Rocky Mountain Care on its dark web leak site in February 2026. The group alleged that it exfiltrated approximately 33 GB of data and issued a ransom demand, threatening to publish the stolen information if payment was not made. Reports indicate that the data has since been released, suggesting that the ransom demand was not fulfilled.
These incidents highlight the increasing frequency and sophistication of cyberattacks targeting healthcare organizations and their vendors. As threat actors continue to exploit third-party relationships and sensitive patient data, healthcare providers are under growing pressure to enhance cybersecurity measures, strengthen vendor risk management, and improve incident response capabilities.
The breaches at Corewell Health and Rocky Mountain Care serve as a reminder that even indirect vulnerabilities within partner networks can lead to significant data exposure, reinforcing the need for comprehensive, end-to-end security strategies across the healthcare ecosystem.
Recommended Cyber Technology News :
- Fideo Intelligence Expands Dark Web Monitoring to Strengthen Payment Fraud Detection
- Critical TP-Link Router Vulnerabilities Patched in NX Series
- Data Breach Expert Michael Bruemmer Joins BlackCloak
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
