Nacogdoches Memorial Hospital Data Breach More Than 257,000 Individuals

Posted by Steve Alder

Nacogdoches Memorial Hospital (NMH), a 226-bed hospital in Nacogdoches, Texas, has recently announced a data security incident that was first identified on January 31, 2026. A hacker gained access to its computer network and information systems and potentially obtained files containing the personal and protected health information of up to 257,073 individuals, according to the notification sent to the Maine Attorney General.

While the data security incident was detected on January 31, 2026, the forensic investigation determined that the hacker first gained access to its network two weeks previously, on January 15, 2026. NMH explained in its notification letters that it has not detected any misuse of the impacted data and that there are no indications that there will be any data misuse.

While NMH said the hacker may have accessed or acquired patient information, with two weeks inside its network, patients should assume that their data has been compromised and should consider taking steps to prevent data misuse, such as implementing a fraud alert or security freeze with one of the three credit reporting bureaus, Equifax, TransUnion, or Experian. The notice to the Maine Attorney General states that complimentary credit monitoring and identity theft protection services are not being offered.

NMH’s investigation determined that the impacted data includes names, addresses, phone numbers, email addresses, Social Security numbers, dates of birth, medical record numbers, account numbers, health plan beneficiary numbers, and, for certain individuals, full face photograph images. In response to the cybersecurity incident, NMH has strengthened the security of its information systems and computer network to reduce the risk of similar incidents in the future and is enhancing its cyber preparedness through additional training and updates to its policies and procedures. Law enforcement has been informed, and NMH will assist with any law enforcement investigation. Notification letters were mailed to the affected individuals on March 31, 2026. As of April 1, 2026, no threat group appears to have claimed responsibility for the incident.

The post Nacogdoches Memorial Hospital Data Breach More Than 257,000 Individuals appeared first on The HIPAA Journal.

Free HIPAA Compliance Risk Check for Covered Entities

Posted by Steve Alder

HIPAA compliance is mandatory for organizations that qualify as HIPAA covered entities. But how compliant is your organization really?

Free Online HIPAA Compliance AssessmentWith our 2-minute free HIPAA Compliance Risk Check, you can quickly evaluate the compliance status of your organization and receive a report with actionable insights to immediately improve compliance with HIPAA.

Please note that in order for the report to accurately reflect your organization’s compliance status, you need to be aware of your organization’s current compliance activities when you take our free HIPAA risk check.

Please also note that this check is designed to be used by organizations that are HIPAA covered entities. It is not suitable for solo practitioners or HIPAA Business Associates.

Why Take The HIPAA Compliance Risk Check?

Being aware of your compliance obligations and those of your business partners can be vital because, in the event of a HIPAA violation, ignorance of the HIPAA requirements is not an acceptable defense against enforcement action. This free assessment is:

  • Quick and Convenient: In just two or three minutes, answer a series of targeted questions designed to gauge your organization’s compliance with the latest HIPAA regulations.
  • Instant Results: Receive a compliance score immediately after completing the assessment, giving you a quick snapshot of where your organization stands.
  • 100% Private: Your name and your organization name do not appear on the report and it is only sent to the email address you designate and not copied or stored on any server.

What Does Your Risk Report Include?

  • Your HIPAA Compliance Risk Score: Understand how well your organization adheres to HIPAA standards.
  • Analysis of Compliance Risk Score: Identify specific areas where your organization may be falling short.
  • Tailored Recommendations: Get expert advice on what steps to take to improve your compliance score.

How It Works

  1. Start the Risk Check: Click on this link to get started.
  2. Assessment Steps: You will be taken through a series of multiple choice questions to answer covering a range of HIPAA compliance requirements.
  3. Choose One Answer: Select the answer which best reflects the current situation within the organization.
  4. Receive Your Score: After completing the assessment, you’ll immediately see your HIPAA compliance risk score on screen.
  5. Take Action: Use the insights provided in your report to take actionable steps towards improving your client score.

Your name and your organization name do not appear on the report and you decide what you wish to do with the information. Your email address and your answers to the risk check are not copied or stored on any server, so you can be sure they will remain 100% confidential.

The post Free HIPAA Compliance Risk Check for Covered Entities appeared first on The HIPAA Journal.

DoL OIG to Audit OSHA to Assess Agency’s Efforts to Prevent Workplace Violence

Posted by Steve Alder

The Department of Labor Office of Inspector General will be conducting a federal audit to determine how well the Occupational Safety and Health Administration (OSHA) is addressing the growing problem of workplace violence.

Workplace violence is a significant occupational safety concern, especially in the healthcare industry, where healthcare employees are regularly subjected to physical assaults, verbal threats, and other attacks. According to the U.S. Bureau of Labor Statistics, healthcare workers are five times as likely to suffer nonfatal workplace injuries as professionals in other sectors, and across all sectors, acts of violence and related injuries are the third leading cause of fatal occupational injuries in the United States.

Data from 2022 shows that out of the 5,486 fatal injuries that occurred in the workplace, 849 involved intentional injury caused by another person. A Medscape survey published earlier this year found that almost 70% of physicians believe that physical security at work is a more pressing issue than it was three years ago, and a 2024 poll of members of the American College of Emergency Physicians (ACEP) found that 91% said they had experienced workplace violence or were aware of a college who was a victim of workplace violence in the past year. According to the World Health Organization, up to 38% of healthcare workers experience physical violence at some point in their careers, and the problem is getting worse.

A report produced by the Department of Labor’s Office of Inspector General in 2001 found that OSHA could do more to address workplace violence and recommended a reassessment of its training and outreach programs, and better recordkeeping systems for incidents involving workplace violence. The OIG audit, due to take place this year, will evaluate the steps that OSHA has taken to address workplace violence since that report was published, and how effectively OSHA is working to prevent violence in workplaces. OSHA has yet to implement a standard for workplace violence, although a potential standard on workplace violence for healthcare and social assistance is one of its long-term actions.

The post DoL OIG to Audit OSHA to Assess Agency’s Efforts to Prevent Workplace Violence appeared first on The HIPAA Journal.