Mainline Health Systems breach
Mainline Health Systems, a nonprofit healthcare provider based in Arkansas, disclosed a major data breach affecting 101,104 individuals. The incident occurred on or about April 10, 2024, but was only confirmed after a detailed investigation concluded on May 21, 2025. The breach involved unauthorized access to the organization’s network, resulting in the exposure and potential theft of sensitive personal and health information.
Key Details
The compromised data includes full names, dates of birth, Social Security numbers, driver’s license numbers, financial account and payment card information, medical record numbers, patient IDs, Medicaid numbers, health insurance policy and group numbers, medical diagnosis and treatment details, clinical and prescription information, provider location, and provider names.
The ransomware group “INC Ransom” claimed responsibility for the attack and listed Mainline Health Systems on its leak site, releasing some of the stolen files as proof. Mainline Health Systems notified federal law enforcement, engaged external cybersecurity experts, and began sending notification letters to affected individuals on June 20, 2025. The organization is also offering complimentary credit monitoring and identity protection services to those impacted.
Select Medical Holdings Data Breach
Select Medical Holdings, a Pennsylvania-based healthcare provider, reported a data breach impacting nearly 120,000 individuals. Unlike Mainline, Select Medical was not directly attacked; instead, the breach stemmed from a security incident at its former debt collection vendor, Nationwide Recovery Services (NRS).
Key Details
Suspicious activity was detected on Select Medical’s network around April 9, 2025. The root cause traced back to NRS, which experienced a network outage due to suspicious activity between July 5 and July 11, 2024. The investigation revealed that files containing personal information were copied from NRS’s systems during this period.
The breach affected personal information related to Select’s guarantors (the individuals responsible for paying bills), though specific data types were not detailed in all reports. Notification letters were sent to affected individuals beginning June 6, 2025. No ransomware group or specific threat actor has claimed responsibility for the NRS breach, and it remains unclear whether ransomware was involved.
The breach at NRS affected not only Select Medical Holdings but also other healthcare organizations, with some reporting tens or hundreds of thousands of individuals impacted.
Summary
| Organization | Number Affected | Breach Source | Data Exposed | Threat Actor | Notification Date |
|---|---|---|---|---|---|
| Mainline Health Systems | 101,104 | Direct ransomware attack | PII, PHI, SSNs, financial and medical info | INC Ransom | June 20, 2025 |
| Select Medical Holdings | ~120,000 | Third-party vendor (NRS) | Personal info of guarantors (details not public) | Not attributed | June 6, 2025 |
