Cyberattacks and data breaches have recently been announced by Pineland Community Service Board in Georgia, Klickitat Valley Health in Washington, and Concord Orthopaedics and Welts, White, & Fontaine in New Hampshire.
Pineland Community Service Board, Georgia
Pineland Community Service Board, a Statesboro, GA-based provider of behavioral health and developmental disability services, has suffered a cyberattack and data breach. On March 20, 2025, Pineland Community Service Board disclosed a security incident detected on January 20, 2025. Suspicious activity was identified within its network, and an investigation was launched to determine the cause of the activity and return functionality to its network. The forensic investigation confirmed unauthorized network access between November 24, 2024, and January 20, 2025, during which time the threat actor viewed or copied information from its network.
The review of the affected files is ongoing, and it has yet to be confirmed how many individuals have been affected; however, Pineland Community Service Board said information likely compromised in the incident includes names, dates of birth, Social Security numbers, and medical information such as billing information, medical treatment information, dates of service, diagnosis information, medical record information, and guardian information, and potentially other types of information. Notification letters will be mailed to the affected individuals when the file review is concluded.
A ransomware group called Space Bears has added Pineland Community Service Board to its data leak site. The listing claims the stolen data was published a month ago; however, the listing contains no data.
Concord Orthopaedics, New Hampshire
Concord Orthopaedics in New Hampshire has started notifying certain patients about a security incident at a third-party vendor used to check in patients for appointments. The unnamed vendor notified Concord Orthopaedics about the security incident on November 21, 2024, after it was determined there had been unauthorized access to the patient registration and appointment scheduling software. The investigation found no evidence that the threat actor accessed any other systems, such as Concord’s electronic medical record system and internal network…