Coordinated incidents
Healthcare breach clusters, 2026.
Some breaches are not isolated. When a healthcare vendor is compromised, dozens of downstream covered entities file their own HHS OCR reports — but the root cause is one incident. These cluster pages connect the dots.
TriZetto Provider Solutions Breach — Insurance-Eligibility Cluster
3 providersHealthcare providers using TriZetto for insurance-eligibility verification. Coastal Skin Surgery, Benton County Health, and dozens of other downstream covered entities affected.
Doctor Alliance Vendor Breach — Home-Health Cluster
4 providersHome health and hospice agencies whose patient records were processed through the Doctor Alliance portal for physician-certification workflows.
illumifin / Liberty Bankers Life — Insurance-TPA Cluster
2 providersInsurance policyholders whose data was processed by illumifin on behalf of life, long-term care, and annuity carriers.
Option Care Health Email Compromise — Home Infusion
2 providersPatients receiving home infusion therapy from Option Care Health (TPN, IVIG, specialty biologics, antibiotics). ~3,977 individuals across the two filings.
Epic / Health Gorilla HIE Governance Scandal
2 providersEpic-community US health systems whose patient records were extracted through the abused HIE pipeline. Trinity Health and UPMC are the publicly-named affected systems.