Premier Health Partners based in Dayton, OH issued a press release on July 18, 2025, concerning a data breach first discovered about two years ago. The press release stated that Premier Health discovered suspicious activity inside its computer systems on July 12, 2023.
Upon investigation, it was confirmed that an unauthorized third party accessed its systems between July 7, 2023, and July 12, 2023. At this time, the hackers acquired files from its system. Premier Health reviewed the files to find out whether sensitive data had been breached. The breached data contained PHI, such as names, birth dates, driver’s license numbers, passport numbers, Social Security numbers, taxpayer ID numbers, financial account details, digital signatures, login information, health data, and medical insurance details. Premier Health mentioned the breach did not affect its services, which continued to be operational.
Premier Health mailed notification letters to the impacted individuals and offered free credit monitoring and identity theft protection services as a preventative measure against fraud and identity theft. There was no proof found that suggests the misuse of breached information. Aside from subscribing to the free identity theft protection and credit monitoring services, Premier Health advises that the impacted individuals stay cautious against identity theft and fraud. In case login information were compromised, they should change related passwords and use multifactor authentication where needed.
There is no mention on the website substitute breach notice and press release about the reason for the two-year delay in announcing the data breach. The statements only mentioned the recent conclusion of the file review. The listing on the OCR data breach portal mentioned that Premier Health Partners submitted a data breach report to OCR on October 12, 2023, due to a network server hacking/IT incident impacting 10,833 people. The listing in the OCR data breach portal was found on the “under investigation” page.
Another listing in the OCR data breach portal involving Premier Health Partners is about a data breach on October 2, 2020
impacting 254,786 individuals. OCR already closed the investigation of that incident after confirming that the data breach was due to an email phishing attack.
It is not clear why OCR took a long time to list the October 12, 2023, data breach on its data breach portal. Usually, there is a delay from the receipt of a data breach report by OCR to its listing on the data breach portal. OCR conducts verifications prior to listing data breaches on the breach portal. Normally, this could be done in two weeks, sometimes longer. It is likewise uncertain why the issuance of a media notice about the data breach was long overdue. One possible reason is the request by law enforcement to delay notifications due to the pending investigation, though a very long delay is remarkably unusual.