Apex Spine & Neurosurgery & North Central Behavioral Health Systems Announce Data Breaches

Posted by Steve Alder

Data breaches have been announced by Apex Spine & Neurosurgery in Georgia and North Central Behavioral Health Systems in Illinois.

Apex Spine & Neurosurgery

Apex Spine & Neurosurgery in Georgia has notified 2,500 individuals that some of their electronic protected health information has likely been stolen in a ransomware attack. Apex Spine & Neurosurgery said it learned on December 23, 2025, that a cyber threat actor had accessed its network and used ransomware to encrypt files. The forensic investigation confirmed that the cyber actor accessed its network and copied files on December 9, 2025; however, its electronic medical record system was not involved, as it is maintained in a logically separate computer environment.

The stolen files are still being reviewed; however, they contained information such as names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, other government identifiers, location of health services, dates of service, treatment or condition information, diagnosis/diagnosis codes, prescription information, history information, assigned physician names; health services payment information, such as financial account number without a security code, access code, or password to access an account, patient account numbers, and health insurance information subscriber or identification numbers. The information copied in the attack varies from individual to individual. Apex Spine & Neurosurgery said it is evaluating further technical safeguards to better protect sensitive data on its network.

The affected individuals have been advised to remain vigilant against identity theft and fraud by monitoring their accounts and explanation of benefits statements for suspicious activity. While the ransomware group was not mentioned in the breach notice, the Interlock ransomware group claimed responsibility for the attack and said 20 GB of data was exfiltrated. Interlock proceeded to leak the stolen data as the ransom was not paid. Apex Spine & Neurosurgery said it was able to securely recover the encrypted data from backups.

North Central Behavioral Health Systems

North Central Behavioral Health Systems, a mental health and substance abuse treatment center with locations in La Salle and Ottawa, Illinois, has identified unauthorized access to an employee’s email account. Suspicious activity was identified in a single email account on or around December 2, 2025. The account was secured to prevent further unauthorized access, and an investigation was launched to determine the nature and scope of the activity.

The investigation confirmed that the breach was limited to a single email account. The account is currently being reviewed to determine the types of information involved and the individuals affected. Notification letters will be mailed to the affected individuals as soon as the review is concluded. Currently, no misuse of patient data has been identified; however, patients have been advised to remain vigilant against data misuse by monitoring their bank accounts and financial statements for suspicious activity. Email security has been enhanced in response to the incident, and complimentary credit monitoring and identity theft protection services are being offered to the affected individuals.

The post Apex Spine & Neurosurgery & North Central Behavioral Health Systems Announce Data Breaches appeared first on The HIPAA Journal.

HHS Issues RFI Seeking Input on AI Tools and Methodologies for Healthcare Fraud Prevention

Posted by Steve Alder

The U.S. Department of Health and Human Services (HHS) Centers for Medicare and Medicaid Services (CMS) plans to use artificial intelligence (AI) tools to identify fraudulent claims before they are paid.

While estimates of total losses from healthcare fraud vary, around $60 billion is thought to be lost to Medicare fraud each year. In 2023, the HHS Office of Inspector General (HHS-OIG), the primary agency responsible for tackling Medicare and Medicaid fraud, identified more than $100 billion in improper payments across the Medicare and Medicaid programs. Estimates suggest that between 3% and 10% of total healthcare spending is being lost to fraud. While HHS-OIG, in conjunction with the Department of Justice and the CMS, investigates fraud and prosecutes fraudsters, only a fraction of fraudulently paid funds is recovered.

In a February 25, 2026, press release, Vice President J.D. Vance, Secretary of Health and Human Services (HHS) Robert F. Kennedy, Jr., and CMS Administrator Dr. Mehmet Oz announced some of the new steps that are being taken to crack down on healthcare fraud as part of a broader effort by the Trump to improve affordability, protect patients, and reduce the burden on taxpayers, who ultimately foot the bill for healthcare fraud.

“For decades, Medicare fraud has drained billions from American taxpayers—that ends now,” said Secretary Kennedy. “We are replacing the old ‘pay and chase’ model with a real-time ‘detect and deploy’ strategy, using advanced AI tools to identify fraud instantly and stop improper payments before they go out the door.”

In the press release, the HHS confirmed that one of the actions is deferring $259.5 million of quarterly federal Medicaid funding in Minnesota while further investigations are conducted into fraudulent or unsupported claims, along with a nationwide moratorium on Medicare enrollment for certain Durable Medical Equipment, Prosthetics, Orthotics and Supplies (DMEPOS), which has historically been an area of major healthcare fraud.  The HHS has also issued a call to action for Americans to support fraud prevention, including seeking stakeholder input on ways the CMS can expand and strengthen its fraud prevention efforts.

“CMS is done trying to catch fraudsters with their hands in the cookie jar—instead, we’re padlocking the jar and letting them starve,” said Administrator Oz. “This proactive approach will help us crush fraud, protect taxpayer dollars, and make sure the vulnerable Americans who depend on our programs get the care they need.”

As part of the healthcare fraud prevention drive, the HHS and CMS issued a Request for Information (RFI) seeking input from a broad range of stakeholders on ways to strengthen the ability of the CMS to prevent, detect, and respond to fraud, waste, and abuse in Medicare, Medicaid, The Children’s Health Insurance Program (CHIP), and the Health Insurance Marketplace. That includes input on analytics, methodologies, data-driven approaches, and AI tools that would be most effective at identifying indicators of potential healthcare fraud, waste, or abuse.

The feedback will inform future rulemaking, including a potential “Comprehensive Regulations to Uncover Suspicious Healthcare (CRUSH) proposed rule, and other programmatic changes for tackling healthcare fraud. While the CMS and the HHS-OIG have long been using predictive modelling and data analytics to identify fraud and waste, the HHS recognizes the potential of AI tools for identifying fraud before claims are paid.

The CMS has asked for suggestions on how AI can be incorporated into Medicare Advantage coding oversight and hospital billing. Specifically, the types of AI solutions, including off-the-shelf products, that are most effective and efficient for assisting human coders with large volumes of records.

The CMS has asked stakeholders to share information on the key features and learning capabilities required in AI solutions to improve accuracy and prevent errors, the lessons learned when implementing AI solutions, how AI could be used to improve efficiency and accuracy of hospital billing, solutions that could help address coding issues related to overpayments, underpayments, and suggestions on how AI solutions can be used for compliance oversight.

While there is tremendous potential for AI tools to be used in fraud prevention and detection, they must not come at the expense of the privacy of Medicare and Medicaid beneficiaries. There will also need to be robust safeguards and oversight to ensure that legitimate and necessary medical care for law-abiding Americans is not put at risk.

The post HHS Issues RFI Seeking Input on AI Tools and Methodologies for Healthcare Fraud Prevention appeared first on The HIPAA Journal.