Eye Physicians of Central Florida Data Breach Settlement – The HIPAA Journal
Eye Physicians of Central Florida Data Breach Settlement The HIPAA Journal
Eye Physicians of Central Florida Data Breach Settlement
Eye Physicians of Central Florida has agreed to settle a class action lawsuit stemming from a 2023 data breach that affected more than 31,000 patients. Eye Physicians of Central Florida identified suspicious activity within its computer network on November 5, 2023, and confirmed access by an unauthorized third party. The data breach affected 31,189 patients, according to the breach notice submitted to the HHS’ Office for Civil Rights (OCR).
The hackers gained access to systems containing names, addresses, dates of birth, medical diagnosis and treatment information, provider names, patient ID numbers, procedure codes, dates of service, treatment cost information, financial account information, state ID, health insurance information, and/or prescription information.
A class action lawsuit – Connell v. Eye Physicians of Central Florida, P.L.C. – was filed in the Circuit Court for Orange County, Florida, by plaintiff Alisa Connell individually and on behalf of similarly situated individuals who had data exposed in the incident. Eye Physicians of Central Florida sought to have the lawsuit dismissed, and was partially successful, although the lawsuit was allowed to proceed, and the plaintiff filed an amended complaint asserting claims for negligence and breach of fiduciary duty.
The lawsuit was actively litigated for 18 months, then all parties engaged in private mediation, resulting in a settlement that was agreeable to all parties. Eye Physicians of Central Florida maintains there was no wrongdoing, believes there is no liability, and denies and continues to deny all claims and allegations in the lawsuit.
The settlement provides multiple benefits for the class members. Class members are entitled to claim two years of credit monitoring and identity theft protection services, which include a $1 million identity theft insurance policy. In addition, a claim may be submitted for reimbursement of documented, unreimbursed losses due to the data breach and attested lost time of up to three hours at $25 per hour. Claims for reimbursement of losses are capped at $2,000 per class member for ordinary losses and $7,500 for extraordinary losses. There is no alternative cash payment.
The post Eye Physicians of Central Florida Data Breach Settlement appeared first on The HIPAA Journal.
Nacogdoches Memorial Hospital Data Breach More Than 257,000 Individuals – The HIPAA Journal
Nacogdoches Memorial Hospital Data Breach More Than 257,000 Individuals The HIPAA Journal
Nacogdoches Memorial Hospital Data Breach More Than 257,000 Individuals
Nacogdoches Memorial Hospital (NMH), a 226-bed hospital in Nacogdoches, Texas, has recently announced a data security incident that was first identified on January 31, 2026. A hacker gained access to its computer network and information systems and potentially obtained files containing the personal and protected health information of up to 257,073 individuals, according to the notification sent to the Maine Attorney General.
While the data security incident was detected on January 31, 2026, the forensic investigation determined that the hacker first gained access to its network two weeks previously, on January 15, 2026. NMH explained in its notification letters that it has not detected any misuse of the impacted data and that there are no indications that there will be any data misuse.
While NMH said the hacker may have accessed or acquired patient information, with two weeks inside its network, patients should assume that their data has been compromised and should consider taking steps to prevent data misuse, such as implementing a fraud alert or security freeze with one of the three credit reporting bureaus, Equifax, TransUnion, or Experian. The notice to the Maine Attorney General states that complimentary credit monitoring and identity theft protection services are not being offered.
NMH’s investigation determined that the impacted data includes names, addresses, phone numbers, email addresses, Social Security numbers, dates of birth, medical record numbers, account numbers, health plan beneficiary numbers, and, for certain individuals, full face photograph images. In response to the cybersecurity incident, NMH has strengthened the security of its information systems and computer network to reduce the risk of similar incidents in the future and is enhancing its cyber preparedness through additional training and updates to its policies and procedures. Law enforcement has been informed, and NMH will assist with any law enforcement investigation. Notification letters were mailed to the affected individuals on March 31, 2026. As of April 1, 2026, no threat group appears to have claimed responsibility for the incident.
The post Nacogdoches Memorial Hospital Data Breach More Than 257,000 Individuals appeared first on The HIPAA Journal.
Free HIPAA Compliance Risk Check for Covered Entities
HIPAA compliance is mandatory for organizations that qualify as HIPAA covered entities. But how compliant is your organization really?
With our 2-minute free HIPAA Compliance Risk Check, you can quickly evaluate the compliance status of your organization and receive a report with actionable insights to immediately improve compliance with HIPAA.
Please note that in order for the report to accurately reflect your organization’s compliance status, you need to be aware of your organization’s current compliance activities when you take our free HIPAA risk check.
Please also note that this check is designed to be used by organizations that are HIPAA covered entities. It is not suitable for solo practitioners or HIPAA Business Associates.
Why Take The HIPAA Compliance Risk Check?
Being aware of your compliance obligations and those of your business partners can be vital because, in the event of a HIPAA violation, ignorance of the HIPAA requirements is not an acceptable defense against enforcement action. This free assessment is:
- Quick and Convenient: In just two or three minutes, answer a series of targeted questions designed to gauge your organization’s compliance with the latest HIPAA regulations.
- Instant Results: Receive a compliance score immediately after completing the assessment, giving you a quick snapshot of where your organization stands.
- 100% Private: Your name and your organization name do not appear on the report and it is only sent to the email address you designate and not copied or stored on any server.
What Does Your Risk Report Include?
- Your HIPAA Compliance Risk Score: Understand how well your organization adheres to HIPAA standards.
- Analysis of Compliance Risk Score: Identify specific areas where your organization may be falling short.
- Tailored Recommendations: Get expert advice on what steps to take to improve your compliance score.
How It Works
- Start the Risk Check: Click on this link to get started.
- Assessment Steps: You will be taken through a series of multiple choice questions to answer covering a range of HIPAA compliance requirements.
- Choose One Answer: Select the answer which best reflects the current situation within the organization.
- Receive Your Score: After completing the assessment, you’ll immediately see your HIPAA compliance risk score on screen.
- Take Action: Use the insights provided in your report to take actionable steps towards improving your client score.
Your name and your organization name do not appear on the report and you decide what you wish to do with the information. Your email address and your answers to the risk check are not copied or stored on any server, so you can be sure they will remain 100% confidential.
The post Free HIPAA Compliance Risk Check for Covered Entities appeared first on The HIPAA Journal.