Over 480,000 Catholic Health Patients Affected by Personal Data Breach

The Catholic Health network, which provides medical services to residents of Western New York (USA), has reported a major data breach. As a result, confidential information about 483,000 patients was exposed and became publicly accessible on the internet.
A statement was published on the Catholic Health website regarding the incident:
"A Catholic Health vendor, Serviceaide, experienced a data breach resulting in limited patient information being exposed online. Serviceaide will be sending out patient notification letters to potentially affected patients. Information will be posted on Serviceaide’s homepage."
It was later revealed that the IT company Serviceaide became aware of the security breach in its information database as early as November 15, 2024, and subsequently began an investigation into the incident. However, the U.S. Department of Health and Human Services (HHS) was not officially notified about the breach until May 9, 2025, nearly five months later.
During the investigation, it was discovered that between September 19, 2024, and November 5, 2024, patients’ personal information was publicly accessible. According to Cybernews, the exposed data includes names, dates of birth, medical diagnoses, email addresses, passwords, as well as Social Security numbers, medical record numbers, and patient account details.
Serviceaide stated that the investigation found no evidence that the data was copied, but acknowledged that the possibility cannot be ruled out. As a precaution, the affected individuals were offered technical support: 12 months of free credit monitoring and identity theft protection. The IT company has already started sending letters to patients with relevant information and protection offers.

Fill out the form below, and we’ll get in touch with you right away to discuss a plan to protect your business!