Cempa Community Care Data Breach Exposes Social Security Numbers

On Jan. 30, 2026, Chattanooga C.A.R.E.S. d/b/a Cempa Community Care, a nonprofit health organization based in Chattanooga, Tennessee, disclosed a data breach impacting at least 1,341 individuals in the United States.

The breach originated not from Cempa’s own systems, but through one of its electronic health record vendors. The vendor was not named in the disclosure but noted it that a subcontractor providing insurance eligibility transaction services for the vendor experienced unauthorized access to certain data processed through their systems.

The breach exposed a significant amount of sensitive information. The types of consumer information involved included both personally identifiable information (PII) and protected health information (PHI): name, address, date of birth, Social Security number, health insurance information (including Medicare identifiers), provider name and other demographic or health insurance-related details.

The U.S. Department of Health and Human Services was notified about the breach on Jan. 30, 2026. The official disclosure can be found on the HHS breach portal. Cempa Community Care also posted a privacy notice on their website with further details.

Cempa Community Care's response

Upon learning of the incident, the affected vendor took immediate steps to secure its systems and engaged cybersecurity experts to investigate. The vendor reported that the unauthorized activity has been contained.

In response to the breach, Cempa Community Care is offering complimentary identity monitoring and fraud assistance services through Kroll to those affected. Individuals whose information was involved will receive additional details by mail where possible.

Given that Social Security numbers and health insurance information were among the data exposed, affected individuals are strongly encouraged to remain vigilant. It is recommended to review account statements, monitor credit reports for suspicious activity and take advantage of the free identity monitoring services being offered. Detailed enrollment instructions for these services will be provided directly to those impacted.

Anyone with questions or concerns about the breach can contact Melissa White, Director of Compliance and HIPAA Privacy & Security Officer at Cempa Community Care, by calling 423-265-2273 or emailing privacy@cempa.org.