National Association of Community Health Centers

The National Association of Community Health Centers (NACHC), headquartered in the United States, experienced a significant cybersecurity incident on October 4, 2021. This event involved a cyberattack where threat actors obtained unauthorized access to the organization's systems and encrypted multiple servers. The breach compromised sensitive employee information, including names, addresses, Social Security numbers, financial and tax details, insurance coverage, beneficiary data, and employment records. Following the attack, NACHC identified and notified 935 current and former employees whose information was affected. Investigators conducting a review were unable to confirm whether the compromised data was actually exfiltrated from the environment, leaving the full extent of potential data disclosure uncertain. The incident highlighted the vulnerability of personnel records within the association's digital infrastructure.

In response to the breach, NACHC implemented a remediation program for all impacted individuals. The organization offered twenty-four months of identity protection services at no cost to the affected employees. These services were designed to mitigate potential harms and included credit monitoring to detect suspicious activity, identity theft recovery assistance to help victims address fraud, and insurance reimbursement coverage for certain financial losses related to identity theft. This comprehensive support package represented a standard industry response to a data security incident involving highly personal and financial information. The provision of these services underscored the association's immediate efforts to address the risks posed to its workforce following the unauthorized access.