Recent Breaches
Breaches
2026PowerSchool62.4M stolen62.4M records stolen2026DISA Global Solutions3.3M stolen3.3M records stolen2026Globe Life850K stolen850K records stolen2026HertzUndisclosed stolenUndisclosed records stolen2026NHS ScotlandUndisclosed stolenUndisclosed records stolen2025Marks & Spencer9.4M stolen9.4M records stolen2025PayPal35K stolen35K records stolen2025Co-operative GroupUndisclosed stolenUndisclosed records stolen2025Jaguar Land RoverUndisclosed stolenUndisclosed records stolen2024National Public Data2.9B stolen2.9B records stolen2026HertzUndisclosed stolenUndisclosed records stolen2026NHS ScotlandUndisclosed stolenUndisclosed records stolen2025Marks & Spencer9.4M stolen9.4M records stolen2025PayPal35K stolen35K records stolen2025Co-operative GroupUndisclosed stolenUndisclosed records stolen2025Jaguar Land RoverUndisclosed stolenUndisclosed records stolen2024National Public Data2.9B stolen2.9B records stolen2026PowerSchool62.4M stolen62.4M records stolen2026DISA Global Solutions3.3M stolen3.3M records stolen2026Globe Life850K stolen850K records stolen
View All →
Breaking NewsUpdated as information becomes available
Back to Knowledge Vault
Breach AnalysisBreaking10 July 20263 min read

Ohio Dialysis Provider Breach Hits 8,000 Patients

Centers for Dialysis Care in Cleveland has confirmed a network breach exposing 8,000 patients and staff. Mark Fermor on why offline storage stops this cold.

Mark Fermor

Mark Fermor

Director & Co-Founder, Firevault

Share
Empty dialysis clinic corridor lit in cool blue and magenta, rows of vacant treatment chairs and equipment.

What Happened

Centers for Dialysis Care, a non-profit provider based in Cleveland, Ohio, identified unauthorised access to its internal network on 20 March 2026. An unknown actor gained entry to files containing protected health information across the organisation's outpatient dialysis centres in Northeast Ohio.

The provider has filed with the US Department of Health and Human Services and reported that 8,000 individuals were affected. It has notified both HHS and the FBI, and engaged external cyber security experts to secure affected systems. At the time of reporting, no group has claimed responsibility and no ransom demand has been confirmed.

What Data Was Exposed

The accessed files contained a wide range of sensitive personal and medical data belonging to patients and employees. Exposed categories include:

  • Full names and dates of birth
  • Social Security numbers
  • Medical information, healthcare treatment and diagnostic records
  • Health insurance information
  • Tax and financial information

Centers for Dialysis Care has advised affected individuals to monitor credit reports, account and benefit statements, and to report any suspicious activity to law enforcement and the state attorney general.

Why This Matters

Protected health information is among the most sensitive data an individual holds. A combined leak of Social Security numbers, treatment records and financial data creates a long window for medical identity theft, insurance fraud and targeted phishing against patients who are already unwell.

Dialysis providers rely on continuous, scheduled treatment. Any disruption to systems, records or billing has direct clinical consequences. That makes healthcare networks a favoured target and makes the assumption that everything must sit on a live, connected server a serious liability.

Mark Fermor, founder of Firevault, said: "When a nonprofit clinic ends up in the same breach column as the biggest banks, it tells you the problem is not budget. It is architecture. If the record only exists on a machine that is always online, sooner or later somebody uninvited will read it."

The Offline Alternative

Firevault Layer 1 places a physical air gap between critical records and the public network. The storage device is powered down and mechanically disconnected until an authorised person needs it. There is no route from a compromised endpoint, phishing email or stolen credential to the archive, because there is no network path at all.

For a healthcare provider, that means patient histories, insurance files and financial records held in Firevault cannot be scraped by an intruder who has landed inside the corporate network. Live clinical systems still need protecting, but the definitive archive stops being part of the blast radius.

Key Takeaways

  • Healthcare is a prime target. Combined medical, personal and financial data has a long resale life and is uniquely damaging to patients.
  • Scale is not the shield. An 8,000 patient nonprofit clinic faces the same attackers as national providers.
  • Network reachable equals breach reachable. If the archive is online, an intruder inside the network will eventually reach it.
  • Physical air gap removes the path. Firevault Layer 1 keeps the definitive record off the network entirely, so a corporate breach does not become a records breach.

About the author

Mark Fermor

Mark Fermor

Director & Co-Founder

Co-founder of Firevault, focused on offline secure storage and protecting individuals and businesses from fraud, fines, loss and damage. Speaker, owner and advisor.

Share this article

Breaking News
Breach Analysis10 July 20263 min read

Ohio Dialysis Provider Breach Hits 8,000 Patients

Centers for Dialysis Care in Cleveland has confirmed a network breach exposing 8,000 patients and staff. Mark Fermor on why offline storage stops this cold.

Ohio Dialysis Provider Breach Hits 8,000 Patients
Mark Fermor
Published by Mark Fermor, Director & Co-Founder