Subscribe To Our Newsletter

This field is for validation purposes and should be left unchanged.

Community Health Center of Buffalo Data Breach

Reports indicate that Chicago nonprofit Envision Unlimited may have experienced a cybersecurity incident allegedly claimed by ransomware group Money Message. The breach has not been confirmed, and details about affected information remain unavailable. Current and former employees, members, and affiliates should monitor their information and explore potential legal option.

Community Health Center of Buffalo
Date of Breach: April 21, 2026
CAU logo

Who was affected:

Clients of Community Health Center of Buffalo

Impacted Data:

Name

Address

Date of birth

Social Security number

Driver’s license information

Medical and health insurance information

Prescription information

Treatment location and treatment information

Medical diagnosis or condition information

Laboratory results

Medications

Community Health Center of Buffalo Inc. (“CHCB”) has announced a data security incident involving patient information. The organization disclosed that an unauthorized actor accessed its network and that certain files containing personal and protected health information may have been accessed or acquired without authorization. CHCB is notifying potentially affected individuals and offering resources to help protect against identity theft and fraud.

What Happened?

On April 21, 2026, Community Health Center of Buffalo became aware of suspicious activity within its computer network. CHCB immediately took steps to secure its systems and launched an investigation with assistance from digital forensic and cybersecurity specialists. The investigation determined that an unknown actor accessed CHCB’s network on April 20, 2026, and April 21, 2026. During that unauthorized access period, certain files were accessed and/or acquired without authorization.

CHCB stated that it is continuing a detailed review of the affected data to determine which individuals and information may have been impacted. The organization posted a public notice while preparing written notifications for potentially affected individuals.

Community Health Center of Buffalo is a healthcare provider, meaning the potentially affected information may include sensitive personal and medical data maintained as part of patient records. Because healthcare-related information can be highly sensitive, unauthorized access could create risks including identity theft, medical identity theft, fraud, or phishing attempts.

When Did the CHCB Data Breach Occur?

According to CHCB’s public notice, unauthorized access occurred between April 20, 2026, and April 21, 2026. The organization discovered suspicious activity on April 21, 2026, and began investigating the incident immediately.

What Information Was Exposed?

CHCB stated that the information potentially involved varies by individual. The impacted information may include:

  • Name
  • Address
  • Date of birth
  • Social Security number
  • Driver’s license information
  • Medical and health insurance information
  • Prescription information
  • Treatment location and treatment information
  • Medical diagnosis or condition information
  • Laboratory results
  • Medications
  • Medical record numbers
  • Provider names
  • Patient medical history
  • Health insurance policy information and identification numbers

Not every individual may have had the same categories of information involved. CHCB indicated that written notices will be sent to individuals whose information was potentially affected and that those notices will include an offer of complimentary credit monitoring and identity theft protection services.

What Is CHCB Doing in Response?

CHCB stated that protecting patient information is one of its top priorities. Following the incident, the organization reviewed its security practices, worked with cybersecurity specialists, and took steps to strengthen its systems and procedures. CHCB also indicated that it will notify regulators as required and provide affected individuals with additional resources.

CHCB established a dedicated assistance line for individuals with questions about the incident. The call center is available Monday through Friday from 8 a.m. to 8 p.m. Eastern Time, excluding U.S. holidays, at 844-507-8852. Individuals may also contact CHCB by mail at 34 Benwood Ave, Buffalo, New York 14214.

What You Can Do After the CHCB Data Breach

If you are a current or former CHCB patient and believe your information may have been affected, consider taking the following steps:

  • Review financial accounts: Monitor bank accounts, credit card statements, and other financial records for suspicious activity.
  • Monitor medical information: Review health insurance statements, explanations of benefits, medical bills, and prescription records for unfamiliar activity.
  • Check your credit reports: Obtain free credit reports and look for unfamiliar accounts, inquiries, or changes.
  • Consider fraud protections: A fraud alert or credit freeze may help prevent unauthorized credit activity.
  • Be cautious of scams: Watch for phishing emails, calls, or messages requesting personal information.
  • Keep documentation: Save any letters, emails, or records related to the incident.

Federal law allows consumers to request free annual credit reports from the three major credit reporting agencies through AnnualCreditReport.com or by calling 1-877-322-8228. CHCB also provided information regarding fraud alerts and credit freezes as protective measures.

File a Data Breach Lawsuit Against Community Health Center of Buffalo

When healthcare organizations experience cybersecurity incidents involving patient information, affected individuals may have legal rights depending on the circumstances of the event, the safeguards in place, and the harm caused.

If your information was involved in the Community Health Center of Buffalo data breach, you may be able to seek compensation for losses related to identity theft risks, time spent responding to the incident, out-of-pocket expenses, and other damages.

Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.

Subscribe To Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This field is for validation purposes and should be left unchanged.
Other Data Breaches
Date of Breach: June 5, 2026
Date of Breach: July 2, 2026
Date of Breach: Not Specified

Frequently Asked Questions

A data breach occurs when sensitive, confidential, or protected information is accessed, stolen, or disclosed without authorization. Data breaches often occur through phishing emails, malware, weak passwords, insider threats, or unsecured databases. Indicators of a data breach can include unexpected password resets, suspicious account activity, unauthorized transactions, or notifications from companies about compromised information.If you suspect your data has been compromised, you must take measures and act quickly. Change passwords, enable two-factor authentication, review your financial accounts for unusual activity and consider freezing your credit.

Once stolen, your personal information may be sold on the dark web or used for identity theft and financial fraud. In some cases, hackers use the data to extort companies or launch further attacks. Victims often face long-term risks, including damage to credit and privacy.

If you receive a data breach notification, don’t ignore it. Immediately change passwords for the affected account and any others that share credentials. Enroll in any free credit monitoring services offered and monitor financial statements closely.

To pursue a data breach claim, you’ll need documentation showing your information was compromised and proof of resulting harm, such as fraudulent charges, credit score damage, or identity theft reports. Notification letters, financial records, and communication with the breached company can help support your claim.

Yes. If a company fails to protect consumer data or delays notifying victims, it may be held liable under state and federal privacy laws. Many victims join class action lawsuits to recover financial losses and hold negligent organizations accountable.

Data breach settlements vary widely depending on the size of the breach, type of data compromised, and damages suffered by victims. Payouts may include cash compensation, identity theft protection, or reimbursement for losses. Many settlements range from a few hundred to several thousand dollars per person. A skilled data breach lawyer can guide victims through the complex legal process, ensuring their rights are protected. If you’ve received a data breach notification or believe your personal data was exposed, you may be eligible for compensation. Contact Class Action U to learn more about how to join a data breach lawsuit and understand the process of filing.