Data breaches have recently been announced by Western Orthopaedics in Colorado, Community Health Systems in California, Tri-Cities Gastroenterology in Tennessee, and Integrated Pain Associates in Texas.

Western Orthopaedics

Western Orthopaedics, an Englewood, Colorado-based healthcare provider with locations throughout Colorado, has disclosed a security incident that was first identified on October 2, 2025. Assisted by third-party cybersecurity experts, Western Orthopaedics confirmed unauthorized access to its network between September 17, 2025, and September 25, 2025, during which time files containing personal and protected health information may have been viewed or acquired.

The analysis of those files was completed on March 3, 2026, when it was confirmed that the following data elements were potentially compromised: full name, address, phone number, Social Security number, date of birth, password, and/or financial account information, which may include credit/debit card number with or without security or access code, and protected health information such as health insurance information, health insurance plan or subscriber identification number, medical provider name, medical dates of service, and medical cost or billing information.

Additional measures have been taken to improve security, and the affected individuals have been offered complimentary credit monitoring and identity theft protection services. At present, it is unclear how many individuals have been affected. The PEAR cyber extortion group claimed responsibility for the attack and proceeded to leak the stolen data when the ransom was not paid.

Community Health Systems

Community Health Systems Inc., a California healthcare provider serving patients in San Bernardino, Riverside, and San Diego Counties, has recently disclosed a data security incident. According to its April 28, 2026, media notice, suspicious activity was identified within its computer network on or around February 28, 2026. Assisted by third-party security experts, Community Health Systems confirmed unauthorized access to parts of the network where patient data was stored.

The review of the exposed files confirmed that they contained information such as names, addresses, email addresses, phone numbers, dates of birth, Social Security numbers, financial account information, driver’s license/state ID numbers, treatment/diagnosis information, prescription information, dates of service, provider names, medical record numbers, patient ID numbers, Medicare/Medicaid ID numbers, health insurance information, and/or medical billing/claims information. Community Health Systems said it is reviewing its policies and procedures related to data protection. At present, it is unclear how many individuals have been affected.

Tri-Cities Gastroenterology

Tri-Cities Gastroenterology, a gastroenterology practice with five locations in Tennessee, has announced a data security incident that occurred on or around December 11, 2025. External cybersecurity professionals assisted with the investigation and confirmed that files were exfiltrated from its network on or around December 11, 2026. The file review confirmed on or around April 22, 2026, that the files contained information such as full names, Social Security numbers, dates of birth, addresses, email addresses, telephone numbers, gender, and medical record numbers.

Notification letters started to be mailed to the affected individuals on April 29, 2026. At that time, no misuse of the stolen data had been identified. Tri-Cities Gastroenterology said it will continue to evaluate and modify its cybersecurity practices and is taking steps to strengthen security. The Insomnia threat group claimed responsibility for the attack and added Tri-Cities Gastroenterology to its dark web data leak site in December. The group proceeded to leak the stolen data, indicating the ransom was not paid.

Integrated Pain Associates

On April 30, 2026, Integrated Pain Associates, a Killeen, Texas-based team of spine and pain specialists, announced a data security incident that was identified in February 2026. The forensic review confirmed unauthorized network access on or around February 24, 2026, and that patient data may have been accessed or acquired.

The review of the affected files is ongoing; however, Integrated Pain Associates has confirmed that the types of data involved include names, addresses, dates of birth, driver’s license numbers, Social Security numbers, diagnosis/condition information, medication information, health insurance information, provider names, other treatment information, and/or financial account information. Integrated Pain Associates has confirmed that it is offering complimentary credit monitoring and identity theft protection services to the affected individuals. Additional security measures have been implemented to reduce the risk of similar incidents in the future. At present, the breach is not shown on the website of the Office of the Texas Attorney General nor the HHS’ Office for Civil Rights breach portal.

The post Data Breaches Announced by Four Healthcare Providers appeared first on The HIPAA Journal.

The health insurance company Starr Insurance has disclosed a ransomware attack and data breach. Data breaches have also been reported by the medical imaging company Green Imaging and the AI-based care coordination provider Lena Health.

Starr Insurance

Starr Insurance, a Chambersburg, Pennsylvania-based insurance agency, has recently confirmed that hackers accessed parts of its computer network and potentially obtained a range of sensitive data. Suspicious network activity was identified on November 18, 2025. Assisted by third-party cybersecurity experts, Starr Insurance determined that an unauthorized actor accessed and copied files from its network on November 28, 2025.

The review of the affected data confirmed that the hacker obtained information such as names, addresses, Social Security numbers, driver’s license numbers, financial account information, payment card information, medical information, health insurance information, and online account access information.  Regulators have been notified, and individual notification letters are being sent to the affected individuals. Starr Insurance has enhanced its policies and procedures relating to data protection and security.

At the time of issuing notifications, no attempted or actual misuse of patient data had been identified. Starr Insurance did not state if this was a ransomware attack; however, a ransomware group claimed responsibility for the breach. Akira, one of the most active ransomware groups, claimed to have stolen 15 gigabytes of data in the attack. Akira engages in double extortion, stealing data, encrypting files, and demanding a ransom be paid to obtain the decryption keys and prevent the publication of the stolen data. The stolen data was listed for download, indicating that the ransom was not paid. Based on the breach notice issued by Starr Insurance, complimentary credit monitoring and identity theft protection services do not appear to have been offered to the affected individuals. At the time of publication, the number of affected individuals has yet to be publicly disclosed.

Green Imaging

Green Imaging LLC, a full-service virtual medical imaging network with locations in all 50 U.S. states, has started notifying patients about a data security incident first identified on October 17, 2025. Suspicious activity was identified within its email environment, and the investigation confirmed unauthorized access to a single user’s email account between October 7, 2025, and October 17, 2025.

The review of the account has recently been completed, and the results have been validated. The types of information compromised in the incident vary from individual to individual and may include names in combination with one or more of the following: address, date of birth, Social Security number, driver’s license number, other government issued identification number, clinical/treatment information, diagnosis/condition, procedure type, physician information, medication, and other health and/or health insurance information.

Green Imaging has reviewed its policies and procedures related to data privacy and security and has taken steps to reduce the risk of similar incidents in the future. The incident is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.

Bloom Circle, Inc. – Lena Health

Bloom Circle, Inc., doing business as Lena Health, a Houston, TX-based provider of an AI-based care coordination platform, has recently notified the HHS’ Office for Civil Rights about a data security incident involving the electronic protected health information of up to 3,651 patients. The exposed data was stored in a public cloud storage container (Amazon S3 bucket). A hacker exploited a vulnerability in December 2025, allowing data to be exfiltrated. A patch was available to address the vulnerability; however, it had not been applied quickly enough to prevent exploitation.

Data compromised in the incident included names, dates of birth, phone numbers, medical record numbers, health information, and recordings of phone calls between patients and providers, in which patients discussed their health issues. A threat actor – FulcrumSec – who engages in data theft and extortion, claimed responsibility for the hack. According to databreaches.net, most of the stolen data related to patients of its client, Houston Methodist Hospital in Texas.

The post Starr Insurance Discloses Ransomware Attack appeared first on The HIPAA Journal.

Networking Technology, Inc., doing business as RXNT, a healthcare software technology company that provides electronic health record software, has started sending notification letters to organizations that use its software to inform them about a recent security incident that exposed patient data. A copy of one of the notification letters was shared with The HIPAA Journal, which states that unauthorized activity was identified within an RXNT solution used by some of its customers. An investigation was immediately launched to determine the nature and scope of the unauthorized activity, with assistance provided by third-party cybersecurity experts.

RXNT has confirmed that an unauthorized actor accessed the solution between March 1, 2026, and March 3, 2026, and obtained a copy of the data stored within the system, which included patient data associated with its customers. The data was reviewed between March 3, 2026, and April 17, 2026, and RXNT can now confirm that patient names, dates of birth, and demographic information such as addresses, contact information, and patient IDs were stolen. Each customer was informed about how many patients were affected.

RXNT said it is taking steps to strengthen security to prevent similar incidents in the future and has offered to handle all breach reporting requirements on behalf of the affected clients (OCR notifications, media notices, individual notifications, and state attorneys general notifications). The affected clients have been given a rather short window to respond and sign up to receive further information about the cybersecurity incident. The notification letters are dated May 1, 2026, and providers are required to register by May 15, 2026. A website has been established specifically for that purpose – RXNTnotification[dot]com.

RXNT has only recently notified the affected organizations and offered to handle breach reporting requirements; therefore, the number of affected individuals has not yet been publicly disclosed. It is clear that multiple clients have been affected, and this has been a significant data breach.

This is a developing data breach story, and further information will be published on this page as it becomes available.

The post RXNT Notifies Customers About Cybersecurity Incident and Data Breach appeared first on The HIPAA Journal.