Ohio Dialysis Provider Breach Hits 8,000 Patients
Centers for Dialysis Care in Cleveland has confirmed a network breach exposing 8,000 patients and staff. Mark Fermor on why offline storage stops this cold.

Mark Fermor
Director & Co-Founder, Firevault

What Happened
Centers for Dialysis Care, a non-profit provider based in Cleveland, Ohio, identified unauthorised access to its internal network on 20 March 2026. An unknown actor gained entry to files containing protected health information across the organisation's outpatient dialysis centres in Northeast Ohio.
The provider has filed with the US Department of Health and Human Services and reported that 8,000 individuals were affected. It has notified both HHS and the FBI, and engaged external cyber security experts to secure affected systems. At the time of reporting, no group has claimed responsibility and no ransom demand has been confirmed.
What Data Was Exposed
The accessed files contained a wide range of sensitive personal and medical data belonging to patients and employees. Exposed categories include:
- Full names and dates of birth
- Social Security numbers
- Medical information, healthcare treatment and diagnostic records
- Health insurance information
- Tax and financial information
Centers for Dialysis Care has advised affected individuals to monitor credit reports, account and benefit statements, and to report any suspicious activity to law enforcement and the state attorney general.
Why This Matters
Protected health information is among the most sensitive data an individual holds. A combined leak of Social Security numbers, treatment records and financial data creates a long window for medical identity theft, insurance fraud and targeted phishing against patients who are already unwell.
Dialysis providers rely on continuous, scheduled treatment. Any disruption to systems, records or billing has direct clinical consequences. That makes healthcare networks a favoured target and makes the assumption that everything must sit on a live, connected server a serious liability.
Mark Fermor, founder of Firevault, said: "When a nonprofit clinic ends up in the same breach column as the biggest banks, it tells you the problem is not budget. It is architecture. If the record only exists on a machine that is always online, sooner or later somebody uninvited will read it."
The Offline Alternative
Firevault Layer 1 places a physical air gap between critical records and the public network. The storage device is powered down and mechanically disconnected until an authorised person needs it. There is no route from a compromised endpoint, phishing email or stolen credential to the archive, because there is no network path at all.
For a healthcare provider, that means patient histories, insurance files and financial records held in Firevault cannot be scraped by an intruder who has landed inside the corporate network. Live clinical systems still need protecting, but the definitive archive stops being part of the blast radius.
Key Takeaways
- Healthcare is a prime target. Combined medical, personal and financial data has a long resale life and is uniquely damaging to patients.
- Scale is not the shield. An 8,000 patient nonprofit clinic faces the same attackers as national providers.
- Network reachable equals breach reachable. If the archive is online, an intruder inside the network will eventually reach it.
- Physical air gap removes the path. Firevault Layer 1 keeps the definitive record off the network entirely, so a corporate breach does not become a records breach.
Suggested Reading
- What is Offline Secure StorageThe foundation of physical disconnection
- Why Offline Secure StorageThe case for physical control
- Ransomware DefenceHold gold copies offline
- Firevault ControlPhysical path control for IT and OT
- Knowledge VaultAll articles, guides and whitepapers
- Book a DemoSee Firevault in action





