Radiology Associates of Richmond in Virginia, one of the oldest, continuously operating private radiology practices in the United States, has announced another major data breach. Two years ago, the protected health information of more than 1.4 million individuals was compromised in a cybersecurity incident. A little over one year later, another cybersecurity incident was experienced that exposed the personal and protected health information of more than 266,000 current and former patients.

The most recent incident has recently been reported to the Maine Attorney General as involving unauthorized access to the electronic personal and protected health information of 266,183 individuals. The breach notice does not state when the intrusion was detected; only that the forensic investigation determined that the unauthorized access occurred on or around July 25, 2026.

The extensive forensic investigation and manual data review concluded on April 6, 2026, when it was confirmed that personal and protected health information was potentially viewed or acquired in the incident. A substitute data breach notice has been added to the Radiology Associates of Richmond website, but it does not state what specific types of information were compromised in the incident. The individual notification letters, which started to be mailed to the affected individuals on May 21, 2026, inform each individual which types of data were exposed or stolen in the attack.

The letters explain the steps that individuals can take to protect themselves against any data misuse. Individuals whose Social Security numbers were exposed have been offered complimentary credit monitoring and identity theft protection services.

“[Radiology Associates of Richmond] is committed to maintaining the privacy of personal information in our possession and have taken many precautions to safeguard it. We continually evaluate and modify our practices and internal controls to enhance the security and privacy of your personal information,” explained Radiology Associates of Richmond.

The post Radiology Associates of Richmond Data Breach Affects 266K Individuals appeared first on The HIPAA Journal.

Data breaches have been announced by Family Health Centers of San Diego, Totem Lake Family Dentistry, and Glendora Surgery Center.

Family Health Centers of San Diego

Family Health Centers of San Diego is sending notification letters to patients about an insider breach of their protected health information. According to the breach notification sent to the California Attorney General, Family Health Centers of San Diego discovered that one of its physicians had sent the personal and protected health information of certain patients to their personal email addresses, in violation of HIPAA and hospital policies.

The investigation confirmed that names, dates of birth, contact information, medical record numbers, and medical information had been emailed to the physician’s account. Family Health Centers of San Diego shut down the physician’s access to patient records, terminated the physician’s employment, and initiated legal action to compel the physician to destroy the emailed information. The physician has also been reported to the Medical Board of California. Family Health Centers of San Diego has offered the affected individuals a complimentary membership to a credit monitoring service for 12 months. The incident is not yet shown on the HHS’ Office for Civil Rights website, so it is unclear how many individuals have been affected.

Totem Lake Family Dentistry

Totem Lake Family Dentistry, a Kirkland, WA-based family dental practice, has notified the HHS’ Office for Civil Rights about a breach of the protected health information of 3,464 patients. According to the notification letters, suspicious activity was identified within an employee’s email account. The investigation confirmed unauthorized access to the account between May 28, 2025, and June 2, 2025. During that time, information in the account may have been viewed or copied. It has taken 11 months to review the contents of the account and mail notification letters to the affected individuals. At the time of issuing notification letters, Totem Lake Family Dentistry was unaware of any attempted or actual misuse of patient data. Credit monitoring and identity theft protection services do not appear to have been offered.

Glendora Surgery Center

Glendora Surgery Center in California has alerted patients about a data security incident that was first identified on December 3, 2025. The forensic investigation confirmed unauthorized access to its network between November 29, 2025, and December 3, 2025. During that time, files containing patient information were exfiltrated from its network. Data compromised in the incident included patient names and medical treatment information.

While data was stolen, Glendora Surgery Center is unaware of any actual or attempted misuse of that information. In response, data privacy and security policies and procedures have been reviewed, administrative and technical controls have been enhanced, and additional security training has been provided to the workforce. The HHS’ Office for Civil Rights has been notified, and a placeholder estimate of at least 501 individuals has been used. The data review is ongoing, and the total will be updated when the data review is concluded.

The post California & Washington Healthcare Providers Announce Data Breaches appeared first on The HIPAA Journal.