Data breaches have been announced by the California psychiatry and therapy provider Mindpath Health, Springfield Hospital in Vermont, and Lone Peak Psychiatry in Utah.

Community Psychiatry Management, LLC, operating as Mindpath Health, has disclosed a data breach impacting 14,060 individuals following a cyber incident linked to its vendor, Pinnacle Holdings, LTD. The Sacramento-based provider of in-person and virtual mental health services reported that the breach was identified on November 14, 2025, with the compromise traced back to unauthorized network access at Pinnacle Holdings between November 11 and November 25, 2024.

The incident originated when Pinnacle Holdings experienced a network disruption, prompting a forensic investigation that confirmed threat actors had accessed and potentially exfiltrated sensitive patient data. The breach affected multiple healthcare clients of the vendor, highlighting the growing risks associated with third-party service providers in the healthcare ecosystem.

Compromised data includes a wide range of personally identifiable and protected health information, such as names, addresses, contact details, dates of birth, Social Security numbers, driver’s license and state ID numbers, as well as clinical information including diagnoses, treatment details, medical record numbers, and health insurance data. Mindpath Health began notifying affected individuals on March 9, 2026, and is offering 12 months of complimentary credit monitoring and identity theft protection services.

In a separate incident, Springfield Hospital in Vermont has begun notifying patients of a data security breach involving unauthorized access to an employee’s email account. The hospital detected suspicious activity and later confirmed that the account had been accessed by an unauthorized individual on December 17, 2025. By February 10, 2026, it was determined that sensitive patient information had been exposed.

The compromised data in this case includes names, dates of birth, Social Security numbers, and protected health information such as medical record numbers, physician names, and reasons for patient visits. While Springfield Hospital has stated that there is currently no evidence of misuse of the exposed data, it has implemented additional email security measures to prevent similar incidents. The total number of affected individuals has not yet been disclosed.

Meanwhile, Lone Peak Psychiatry, a mental health provider with locations in Lehi and Murray, Utah, has also reported a data breach to state attorneys general. However, the organization has released limited details regarding the nature, scope, and timeline of the incident. Notification letters sent to affected individuals reportedly lack critical information about what data was compromised and how the breach occurred.

Despite the lack of transparency, Lone Peak Psychiatry is offering affected individuals complimentary credit monitoring and identity theft protection services. With no listing currently available on the federal breach reporting portal, the scale of the incident remains unclear, raising concerns about visibility and risk assessment for impacted patients.

These incidents collectively underscore the increasing cybersecurity challenges facing healthcare organizations, particularly as reliance on third-party vendors and digital communication systems continues to grow. They also highlight the critical need for stronger data protection measures, improved vendor risk management, and greater transparency in breach disclosures to ensure patients can adequately respond to potential identity theft and fraud risks.

Recommended Cyber Technology News :

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com  



🔒 Login or Register to continue reading