Community Health NW Florida Breach Exposes Protected Information

On Dec. 24, 2024, Community Health Northwest Florida (CHNF), formerly known as Escambia Community Clinics, discovered suspicious activity within its network environment. The organization engaged third-party cybersecurity specialists to conduct a comprehensive forensic investigation, which revealed that an unauthorized party had gained access to the network and accessed certain files stored on its systems.

The cybercriminal group RansomHub claimed responsibility for the attack, posting on a dark web forum on Jan. 13, 2025, that it had stolen 68 GB of the organization’s data and threatened to publish it within days.

A detailed review of the affected files, completed Jan. 19, 2026, determined that sensitive information was exposed.

The types of information compromised varied by individual but included personally identifiable information (PII) such as names, dates of birth, Social Security numbers, driver’s license or state identification card numbers, financial account numbers, and credit or debit card numbers. Protected health information (PHI) was also exposed including patient identification and medical record numbers, medical information, and health insurance information.

The breach affected individuals in multiple states, with three Rhode Island residents confirmed as impacted, according to the notice filed with the Vermont Attorney General on Jan. 27, 2026. The total number of affected individuals has not been released.

The company posted an official notice to its website, detailing the event. Affected individuals will be notified by written mail.

Community Health Northwest Florida's response

In response to the breach, CHNF acted quickly to secure its systems and engaged cybersecurity experts to investigate and remediate the incident. The organization has implemented additional technical safeguards, enhanced security measures, and updated policies and procedures to help prevent future incidents.

For those affected, the organization is offering at least 12 months of complimentary credit monitoring and identity theft restoration services through Cyberscout, a TransUnion company specializing in fraud assistance.

Anyone who believes they may be affected but has not received a notice can call the dedicated assistance line at 833-580-0425, Monday through Friday, 8 a.m. to 8 p.m. Eastern time, excluding major U.S. holidays.

Given the nature of the ransomware attack and the types of information involved, individuals are encouraged to:

• Review account statements and explanation of benefits forms for suspicious activity
• Monitor their free credit reports for errors or unauthorized activity
• Consider placing a fraud alert or security freeze on their credit files with the three major credit bureaus
• Report any suspected identity theft to law enforcement and their state attorney general