When a Vendor Gets Breached, What Happens to Your Patient Data? – Healthcare IT Today
When a Vendor Gets Breached, What Happens to Your Patient Data? Healthcare IT Today
Verber Dental Group Notifies Patients About January Hacking Incident
Data breaches have recently been announced by Verber Dental Group in Pennsylvania, Northwoods Surgery Center in Minnesota, Cunningham Prosthetic Care in Maine, Healthcare In Action in California, and Preakness Healthcare Center in New Jersey.
Verber Dental Group
Verber Dental Group, a Camp Hill, PA-based dental group comprising 14 dental practices, has recently notified patients of unauthorized network access that exposed patient data. Suspicious network activity was identified on January 27, 2026. The network was secured, and an investigation was launched, which revealed the threat actor had access to its network from January 26, 2026, to January 27, 2026. The investigation confirmed that patient information had been exposed, including names, dates of birth, Social Security numbers, driver’s license numbers/state identification numbers, medical records, and health insurance information.
Verber Dental has not identified any misuse of patient information. Complimentary credit monitoring and identity theft protection services have been offered to the affected individuals as a precaution. At present, the incident is not shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.
Northwoods Surgery Center
Northwoods Surgery Center in Virginia, MN, identified unauthorized activity within its computer network on or around September 8, 2025. Its network was secured, and an investigation was launched to determine the nature and scope of the unauthorized activity. The investigation confirmed unauthorized network access over a two-month period between July 11, 2025, and September 8, 2025. The compromised parts of the network were reviewed, and it was confirmed that files containing patient information had been exposed and may have been accessed or acquired by the threat actor.
In total, 5,385 individuals were affected. Data potentially compromised in the incident included names, addresses, dates of birth, health insurance information, patient medical record numbers, doctor’s name, practice type, medical date of service, medication information, diagnosis and treatment information, and medical claims or billing information. While patient data was exposed, Northwoods Surgery Center has not identified any actual or attempted misuse of patient information. Notification letters are now being mailed, and complimentary credit monitoring services have been made available.
Cunningham Prosthetic Care
Cunningham Prosthetic Care, a Saco, ME-based prosthetic and orthotic practice, has notified the HHS’ Office for Civil Rights about a data breach affecting 2,523 patients. On or around October 22, 2025, suspicious activity was identified within its email environment. An investigation was launched that confirmed unauthorized access to an employee’s email account. The account was reviewed, and on March 4, 2026, Cunningham Prosthetic Care confirmed that the account contained patient information.
Data exposed and potentially acquired included names, dates of birth, Social Security numbers, medical record numbers, driver’s license numbers, diagnostic and treatment information, and health insurance information. The types of exposed data varied from individual to individual. Notification letters were mailed to the affected individuals on May 1, 2026. The practice has implemented additional security measures to enhance data privacy and security.
Healthcare in Action
Healthcare In Action, a medical group serving the homeless population in California, has recently identified unauthorized access to an employee’s email account between January 28, 2026, and January 30, 2026. The account was compromised using stolen credentials. The unauthorized access was limited to a single email account, which has now been secured. Third-party experts were engaged to investigate and determined that the account contained the information of 1,143 individuals, including patients and other individuals.
The types of data involved varied from individual to individual and may have included names in combination with one or more of the following: date of birth, email address, phone number, driver’s license/state ID number, Social Security numbers, ethnicity, housing application case number/HMIS number, health plan information, mailing/ physical address, medical record number, diagnosis/condition information, date(s) of service, location(s) of service, treatment information, disability verification information, and/or medication information. For non-patients, the compromised data included names, addresses, and Social Security numbers. The affected individuals have been offered complimentary credit monitoring and identity theft protection services.
Preakness Healthcare Center
Preakness Healthcare Center, a Wayne, NJ-based skilled nursing facility, has recently identified unauthorized access to its computer network. Suspicious activity was first identified on March 4, 2026. The forensic investigation confirmed that an unauthorized third party had access to parts of its computer network from February 24, 2026, to March 4, 2026, during which time residents’ data may have been viewed or acquired. The exposed data included residents’ names, demographic information, and limited clinical information. The affected individuals had been admitted on or after January 1, 2019. Complimentary credit monitoring and identity theft protection services have been offered to the affected individuals. At present, the number of affected individuals has not been publicly disclosed.
The post Verber Dental Group Notifies Patients About January Hacking Incident appeared first on The HIPAA Journal.
Atrium Health & Interim HealthCare Affected by Business Associate Data Breaches – The HIPAA Journal
Atrium Health & Interim HealthCare Affected by Business Associate Data Breaches
Atrium Health Navicent and Interim HealthCare of Lubbock/Amarillo have recently announced that they have been affected by data breaches at third-party vendors.
Atrium Health Navicent
Atrium Health Navicent is the latest healthcare provider to announce that it has been affected by the January 2025 data breach at Oracle Health. Oracle Health acquired the electronic medical record company Cerner, and was due to migrate patient records from legacy Cerner servers to Oracle Health’s systems. As early as January 22, 2025, a hacker gained access to two legacy servers and exfiltrated patient data. Oracle Health detected the breach in February 2025. Many healthcare providers were affected and issued notification letters last year.
According to Atrium Health Navicent, the delay in notification is due to the complexity of the data review, which has taken many months to complete. Atrium Health Navicent said it only recently learned from Oracle Health that it had been affected, and the review of the impacted data was not completed until March 12, 2026. The data compromised in the incident was stored in a legacy Cerner system that was historically used by Atrium Health.
The compromised data related to patients who received services from Atrium Health in the greater Charlotte (NC) area prior to August 6, 2022, or from Atrium Health Navicent prior to July 3, 2021. The compromised data includes names, addresses, dates of birth, medical record numbers, provider names, diagnoses, medications, test results, images, and other information included with patient medical records. For certain individuals, Social Security numbers were also compromised.
Notification letters are now being mailed, and the affected individuals have been offered complimentary credit monitoring services for two years. Atrium Health Navicent has yet to publicly announce how many patients have been affected. An estimated 2 million people across the country are thought to have been affected by the Oracle Health data breach in total.
Interim HealthCare of Lubbock/Amarillo
Interim HealthCare of Lubbock and Interim HealthCare of Amarillo have recently notified the HHS’ Office for Civil Rights about a data breach at a third-party vendor that affected 2,071 and 666 patients respectively. The incident occurred at the healthcare technology firm Doctor Alliance. Unauthorized individuals gained access to the Doctor Alliance web portal and intermittently accessed the portal between October 31, 2025, and November 17, 2025.
Interim HealthCare of Lubbock and Interim HealthCare of Amarillo completed their reviews of the affected data on March 18, 2026, and confirmed that data potentially viewed or obtained included names, dates of birth, addresses, diagnoses, treatment plans, medications, and provider information. There has been no known misuse of patient data; however, out of an abundance of caution, the affected individuals have been offered complimentary credit monitoring services.
The post Atrium Health & Interim HealthCare Affected by Business Associate Data Breaches appeared first on The HIPAA Journal.
How Healthcare Companies Can Build HIPAA-Ready Mobile Apps with AI-Driven Clinical Workflows – findarticles.com
Tech Exactly Launches Service to HIPAA-Proof Healthcare Startups – BriefGlance
Patient Privacy and Professionalism in Recorded Operating Rooms – Pharmacy Practice News
Patient Privacy and Professionalism in Recorded Operating Rooms Pharmacy Practice News
Tech Exactly Launches Dedicated HIPAA-Compliant Development Service for Healthcare Startups – markets.businessinsider.com
Tech Exactly Launches Dedicated HIPAA-Compliant Development Service for Healthcare Startups markets.businessinsider.com