Back in February 2025, CPS Solutions, LLC confirmed that a company email account was subject to unauthorized access. In this notice, CPS Solutions explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their name, Social Security number, date of birth, health insurance information, and medical information. More recently, CPS Solutions has confirmed that patients of multiple healthcare providers were affected by the recent incident, including Dayton Children’s Hospital, Beacon Health - Three Rivers Hospital, and Hillsdale Hospital. Upon completing its investigation, CPS Solutions began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from CPS Solutions, Dayton Children’s Hospital, Beacon Health - Three Rivers Hospital, or Hillsdale Hospital it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the CPS Solutions data breach. For more information, please see our recent piece on the topic here.
What Caused the Data Breach at CPS Solutions?
The CPS Solutions data breach was only announced back in February 2025, when the company filed notice of the incident with the federal government. At the time, CPS Solutions also posted a website notice discussing the incident.
According to these sources, on December 4, 2024, CPS Solutions determined that an unauthorized party had obtained access to a CPS Solutions employee email account. After making this discovery, CPS Solutions secured its network and then launched an investigation in hopes of better understanding what caused the incident and whether any consumer information was compromised.
Through its investigation, CPS Solutions confirmed that an unauthorized party accessed and removed confidential patient data from the employee’s email account between December 2, 2024 and December 4, 2024. While the breached information varies depending on the individual, it may include your name, Social Security number, date of birth, health insurance information, and medical information.
At the time, we knew that CPS Solutions provided services to healthcare providers, but we were not sure which of the company’s clients were impacted. More recently, four healthcare providers posted notices on their respective websites, confirming that they were among those affected by the CPS Solutions data breach. These providers are:
- Dayton Children’s Hospital
- Beacon Health - Three Rivers Hospital
- Hillsdale Hospital
Patients of these healthcare providers may receive a data breach letter from CPS Solutions. The number of people affected by the CPS Solutions data breach remains unknown, as the company reported “500” victims to the U.S. Department of Health and Human Services Office for Civil Rights, which is a figure commonly used as a placeholder until a more accurate number is determined.
More Information About CPS Solutions, LLC
CPS Solutions, LLC is a healthcare solutions provider specializing in pharmacy management and consulting services for hospitals, health systems, and outpatient facilities. Headquartered in Dublin, Ohio, the company offers a broad range of services, including inpatient and outpatient pharmacy management, specialty and infusion pharmacy support, telepharmacy, and compliance consulting. The organization employs approximately 2,500 people and generates an estimated $302 million in annual revenue.
