Data breaches have recently been announced by St. Anthony Hospital in Chicago, Intercommunity Action in Pennsylvania, and Munson Healthcare in Michigan.

St. Anthony Hospital

St. Anthony Hospital in Chicago, IL, has recently discovered unauthorized access to certain employees’ email accounts. The unauthorized access was identified on February 6, 2025, and third-party cybersecurity experts were engaged to determine the nature and scope of the unauthorized activity and the extent of any data exposure or theft.

The investigation confirmed that the compromised email accounts contained the personal and protected health information of patients and staff members. The HHS’ Office for Civil Rights breach portal shows that the protected health information of 6,679 was exposed. Information potentially compromised in the incident included names, addresses, telephone numbers, birth dates, Social Security numbers, dates of service, medical record numbers, patient account numbers, medical histories, diagnoses/conditions, treatment information, and prescription information. While sensitive information has been exposed, St. Anthony Hospital has not detected any misuse of the exposed data.

Intercommunity Action Inc.

Intercommunity Action, a Philadelphia, PA-based provider of resources for aging, behavioral health, and individuals with intellectual and developmental disabilities, has notified 2,680 individuals about a recent data security incident involving unauthorized access to its computer network. The security breach was identified on May 29, 2025, and the forensic investigation confirmed that unauthorized connections had been made to its network from May 28, 2025, to May 29, 2025. During that time, files were exfiltrated from its network, and Intercommunity Action warned that the stolen data had potentially been made available online. Intercommunity Action is unaware of any instances of data misuse as a result of the incident.

A review of the affected files revealed that they contained patient information such as first and last names, dates of birth, addresses, Social Security Numbers, driver’s license numbers, state identification numbers, bank account information, credit card numbers, other financial information, claims information, diagnosis/conditions, medications, or other treatment information. The types of information involved varied from individual to individual.

As a precaution against misuse of the affected data, individuals whose Social Security numbers, driver’s license numbers, state ID numbers, and/or bank account information were involved have been offered complimentary identity theft protection services. Steps have also been implemented to prevent similar incidents in the future, including changing passwords, blocking the unauthorized users’ IP addresses, and implementing additional safeguards to strengthen security.

Munson Healthcare

Munson Healthcare, the largest health system in Northern Michigan, has notified 1,186 patients about a mis-mailing incident caused by an error when migrating patient information to a new computer system. The error occurred on January 25, 2025, and resulted in the individual responsible for paying bills being accidentally changed to someone who was previously responsible. The issue was not detected until June 2, 2025.

As a result of the error, some patients’ bills were sent to the wrong individuals. An investigation was launched to determine the root cause of the error and the patients affected. The errors in the data were changed and updated to the correct bill payer, and a technical fix was implemented on June 24, 2025, to prevent further bills from being sent to incorrect individuals. Data impermissibly disclosed was limited to a patient’s name, location of services, balance owed, insurance type, and the type of service. The affected individuals have been advised to review the bills issued after January 25, 2025, to ensure that the billing information is correct.

The post St. Anthony Hospital in Chicago Notifies Patients About February Data Breach appeared first on The HIPAA Journal.

Dallas, TX-based Doctor Alliance, a HIPAA business associate that provides document management and billing services to HIPAA-covered entities, is investigating a claim that a hacker exfiltrated 353 GB of data in a November cyberattack.

On or around November 7, 2025, a hacker using the moniker Kazu, added a post to an underground hacking forum claiming to have stolen 1.24 million files from Doctor Alliance. The hacker has demanded a $200,000 ransom, payment of which is required to ensure that the stolen data is deleted. The hacker has threatened to sell the data if the ransom is not paid.

A 200 MB sample was added to the listing that was analyzed and found to contain what appears to be patient names, addresses, phone numbers, email addresses, medical record numbers, Medicare numbers, diagnoses, treatment information, medications, and provider information. According to the leak site, Doctor Alliance has until November 21, 2025, to pay the ransom.

While the sample appears to include patient data, it has yet to be confirmed whether the data came from Doctor Alliance. It is possible that the data came from a previous data breach at an unrelated entity. Doctor Alliance has issued a statement confirming it is aware of the claim, has engaged cybersecurity experts to determine whether its network was compromised, and is analyzing the data sample to determine if the claim is valid. Doctor Alliance has confirmed that a single client account has been accessed by an unauthorized individual, and that immediate action was taken to contain the incident. The vulnerability that was exploited was remediated on the day of discovery, but Doctor Alliance has not confirmed if data was stolen in that incident.

It is unclear whether Kazu is an individual or a member of a hacking group. The Kazu data leak site currently lists more than 30 victims from spring 2025. Other victims on the leak site include government entities, the military, and other healthcare organizations. Kazu does not appear to have previously targeted entities in the United States, appearing to favor entities in South America, Asia, and the Middle East. The dark web data leak site includes victims from Argentina, Bolivia, Colombia, Costa Rica, Iran, Mauritania, Mexico, Nepal, Saudi Arabia, Sri Lanka, Thailand, and Venezuela. Doctor Alliance is currently the only listed U.S. victim.

The lack of confirmation of data theft has not prevented legal action from being taken. Multiple class action lawsuits have already been filed in the United States District Court for the Northern District of Texas, Dallas Division, by individuals who claim to have been affected. One of those lawsuits was filed by Barbara Catabia, individually and on behalf of similarly situated individuals. According to the lawsuit, “There is no question Plaintiff’s and Class Members’ Private Information is in the hands of cybercriminals who will continue to use the stolen Private Information for nefarious purposes for the rest of their lives.”

The lawsuit claims Doctor Alliance provides services to healthcare organizations such as Intrepid, AccentCare, Interim, and Prima Care. Prima Care is also named as a defendant in the lawsuit. The lawsuit asserts claims of negligence, negligence per se, breach of implied contract, unjust enrichment, breach of fiduciary duty, and breach of third-party beneficiary contract. The lawsuit seeks class action certification, a jury trial, compensatory damages, punitive damages, nominal damages, restitution, injunctive and declaratory relief, reasonable attorneys’ fees and costs, and other remedies deemed appropriate by the court.

The post Doctor Alliance Investigating 353 GB Data Theft Claim appeared first on The HIPAA Journal.

DealMed Medical Supplies has confirmed that sensitive data was stolen in a July ransomware attack, the Wisconsin Department of Corrections has identified a HIPAA breach, and Healthcare Therapy Services in Indiana has experienced a breach of its email system.

DealMed Medical Supplies

Dealmed Medical Supplies, a Brooklyn, NY-based manufacturer and distributor of medical supplies, has recently announced a data security incident that was identified on July 7, 2025. Immediate action was taken to secure its network, and an investigation was launched to determine the nature of the activity. The investigation confirmed that an unauthorized third party accessed its network and may have viewed or obtained sensitive company data on or around June 7, 2025. DealMed has been reviewing the affected files, and on October 31, 2025, it was confirmed that protected health information had been exposed and potentially stolen. The impacted data included names and Social Security numbers.

Notification letters are being sent to the affected individuals, and complimentary single-bureau credit monitoring, credit score, and credit report services have been offered. DealMed has also confirmed that steps have been taken to enhance security to prevent similar incidents in the future.

In July, the HIPAA Journal reported that the DragonForce ransomware group had added DealMed to its dark web data leak site. The ransomware group claimed to have exfiltrated almost 106 GB of data in the attack. The data breach is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.

Wisconsin Department of Corrections

The Wisconsin Department of Corrections (DOC) has recently announced a HIPAA violation involving an impermissible disclosure of the protected health information of 1,723 inmates. The HIPAA breach was identified on September 16, 2025, although the impermissible disclosure occurred on July 17, 2025, when an employee responded to a public records request.

The disclosed information included the names of individuals who had been evaluated by the DOC’s Bureau of Health Statistics under a Chapter 980 Special Purpose Evaluation, along with diagnostic test scores and mental health diagnoses. The data was disclosed to a state agency office in Kenosha, WI. When the error was identified, the state agency office was contacted to ensure that the data was permanently deleted.

The DOC said additional safeguards have been implemented for public record requests to ensure that all records are thoroughly reviewed to ensure that they do not contain HIPAA-protected data. Should any records contain protected health information, the DOC will ensure that appropriate written authorizations are obtained from the patients, or the DOC will ensure that protected health information is redacted.

The affected individuals had Special Purpose Evaluations up to October 2022, and include current inmates and individuals who have been discharged from DOC custody. Notifications are now being sent to those individuals to advise them about the HIPAA breach.

Healthcare Therapy Services

Healthcare Therapy Services (HTS), a physical therapy clinic in Greenwood, Indiana, has started notifying patients about a recent data security incident. On April 29, 2025, HTS identified unusual activity within its email system. Assisted by third-party cybersecurity specialists, HTS confirmed unauthorized access to employee email accounts.

The accounts were reviewed, and on September 9, 2025, HTS determined that patients’ personal and protected health information had been exposed and may have been obtained by unauthorized individuals.  The impacted data included names, Social Security numbers, driver’s license numbers, medical information, and financial account information. Notification letters started to be sent to the affected individuals on November 7, 2025. At the time of issuing notification letters, HTS was unaware of any misuse of the exposed data. HTS engaged cybersecurity professionals to identify the cause of the breach and identify additional safeguards that could be implemented to prevent similar breaches in the future.

The post DealMed Medical Supplies Announces July 2025 Cyberattack appeared first on The HIPAA Journal.

Data breaches have recently been announced by Tri Century Eye Care in Pennsylvania, Pittsburgh Gastroenterology Associates, NAHGA Claims Services, and the Texas revenue cycle management company, Legacy Health.

Tri Century Eye Care

Tri Century Eye Care, P.C., in Pennsylvania, has recently started notifying patients about a September 2025 data security incident involving the theft of files containing sensitive data. Suspicious network activity was identified on September 3, 2025, and immediate steps were taken to secure its network. Third-party cybersecurity specialists were engaged to investigate and determine the nature and scope of the activity, and on September 19, 2025, Tri Century Eye Care learned that an unknown actor had accessed its network and acquired files. There was no unauthorized access to its electronic medical record system.

The files were reviewed and found to contain personal and protected health information of patients and employees. The types of information involved varied from individual to individual and may have included names in combination with one or more of the following: Social Security number, date of birth, medical or health information, diagnostic and treatment information, health insurance information, billing or payment information, and/or tax/financial information.

Tri Century Eye Care has implemented additional security measures to reduce the risk of similar incidents in the future, including enforcing stronger password requirements, requiring more frequent password changes, reducing access permissions, and ensuring older data is stored offline. The HHS’ Office for Civil Rights has been notified about the incident, as has the FBI. The OCR breach portal is not currently showing the data breach, so it is unclear how many individuals have been affected.

The Pear threat group claimed responsibility for the incident. Pear (Pure Extraction And Ransom) is a private hacking group that does not engage in data encryption. While no specific industry is targeted, the group has claimed several healthcare victims. Pear claims to have exfiltrated 3.3 GB of data, and appears to have leaked the full dataset.

Pittsburgh Gastroenterology Associates

Pittsburgh Gastroenterology Associates has notified patients about an August 2025 cyberattack that involved unauthorized access to patient information. This appears to have been a ransomware attack, based on the description in its breach notification letters. Network disruption was experienced on August 12, 2025, and after taking steps to secure its IT systems, an investigation was launched to determine the nature and scope of the activity. Assisted by digital forensics specialists, Pittsburgh Gastroenterology Associates determined on August 28, 2025, that a threat actor had accessed its network and may have exfiltrated files containing patient information.

The exposed files were reviewed and found to contain first and last names, birth dates, treatment and procedure information, and health insurance information. Social Security numbers and financial information were not involved, and there was no unauthorized access to its electronic medical record system. Third-party experts have been engaged to conduct a full review of its security practices, and enhancements have been made to improve network and data security.

The Sinobi ransomware group claimed responsibility for the attack and added Pittsburgh Gastroenterology Associates to its dark web data leak site. The dark web leak site appears to list the full 198 Gb of data stolen in the attack.

NAHGA Claims Services

The National Accident Health General Agency (NAHGA) Claims Servicers, a Bridgton, Maine-based third-party administrator specializing in accident and health insurance claims, has recently notified state attorneys general about a recent security incident involving unauthorized access to its computer network. Suspicious network activity was identified on April 13, 2025, and third-party cybersecurity experts were engaged to investigate the activity.

The investigation revealed that its computer network had been accessed by an unauthorized third party between April 8, 2025, and April 10, 2025, during which time certain files on its network may have been acquired. A review was conducted to determine the types of information compromised in the incident, and that process was completed in October. NAHGA has been working with the affected clients to issue notifications to the affected individuals.

At present, it is unclear how many individuals have been affected; however, given that NAHGA provides services nationally, the data breach has the potential to be significant. NAHGA is offering the affected individuals complimentary credit monitoring and identity theft protection services, which include a $1 million identity theft insurance policy. NAHGA has also taken steps to improve network and data security to prevent similar data breaches in the future.

Legacy Health

Legacy Health, a Texas revenue cycle management company that works with more than 12,000 healthcare providers, has recently disclosed a security incident that has exposed patient data.  Little is currently known about the data breach, other than it potentially involves unauthorized access to individuals’ names, medical information, and health insurance information. The HHS’ Office for Civil Rights data breach portal is not currently showing the breach, so it is unclear how many individuals have been affected in total, although the Texas Attorney General was informed that 4,031 Texas residents have been affected.

The post Tri Century Eye Care & Pittsburgh Gastroenterology Associates Announce Data Breaches appeared first on The HIPAA Journal.

Central Jersey Medical Center in New Jersey has experienced a ransomware attack. David A. Nover, M.D, is notifying patients about a hacking incident, and Goglia Nutrition (FuturHealth) has announced an October 2024 data breach.

Central Jersey Medical Center, New Jersey

Central Jersey Medical Center, Inc., a Federally Qualified Health Center with locations in Perth Amboy, Newark, and Carteret, New Jersey, has started notifying dental patients about a recent security incident. On August 25, 2025, a cybercriminal actor gained access to its dental server’s network and used ransomware to encrypt files.

An investigation was launched to determine the nature and scope of the activity, and a review was conducted to identify the patients affected and the types of information that were exposed. The electronic medical record system was unaffected; however, files containing patient information were potentially accessed or obtained. At the time of issuing notification letters, Central Jersey Medical Center had not found any evidence to indicate any misuse of the exposed data. The Sinobi ransomware group claimed responsibility for the attack and added the healthcare provider to its data leak site. Sinobi claims to have exfiltrated 930 GB of data.

The types of information involved varied from patient to patient and may have included names in combination with one or more of the following: address, telephone number, email address, date of birth, race/ethnicity, Social Security number, dental record number, health insurance information, dental diagnosis, treatment history, and/or billing information.

Third-party cybersecurity experts were engaged to investigate the incident and review and enhance security, and internal procedures have been strengthened to prevent similar incidents in the future. The data breach has been reported to regulators; however, it is not currently shown on the HHS’ Office for Civil Rights breach portal, so it is unclear how many individuals have been affected.

David A. Nover, M.D., P.C., Pennsylvania

David A. Nover, M.D., P.C., a psychiatry and psychotherapy practice in Warrington, Pennsylvania, is notifying patients about a recent security incident that exposed patient information. On or around June 3, 2025, unusual activity was identified within the practice’s computer network. An investigation was launched, with assistance provided by legal counsel and third-party digital forensics specialists. The investigation confirmed unauthorized access to the network on June 3, 2025, and some files containing patient information were copied from the network. The exposed files have been reviewed, and that process was completed on October 29, 2025.

Information potentially compromised in the incident included names, dates of birth, Social Security numbers, payment card information (number, expiration date, access information), medical record numbers, patient IDs or account numbers, Medicare numbers, health insurance ID numbers, health insurance group numbers, medical diagnosis information, medical treatment information, medical treatment location, doctors’ names, treatment dates, and medical lab or test results. Credit monitoring and identity protection services have been offered to the affected individuals. The data breach is not currently shown on the HHS’ Office for Civil Rights breach portal, so it is unclear how many individuals have been affected.

FuturHealth, California

Goglia Nutrition, doing business as FuturHealth, Inc., a California-based health and wellness company specializing in nutrition plans and weight management, has experienced a data security incident. According to the notification letters mailed on October 17, 2025, the data breach occurred in October 2024.

According to the notification letters, on October 16, 2024, an unknown actor gained access to a data storage environment containing G-Plan data. The review of the affected storage environment has recently concluded and confirmed that the data compromised in the incident included names and information provided by customers as part of their subscription. Highly sensitive information such as Social Security numbers, driver’s license numbers, and financial information was not involved. The number of affected individuals has yet to be publicly disclosed.

The post New Jersey Medical Center Suffers Ransomware Attack appeared first on The HIPAA Journal.

A Tampa, FL-based network of mental health and addiction recovery treatment facilities has recently disclosed a security incident that involved unauthorized access to patient data. Oglethorpe offers management solutions for health centers, wellness clinics, and hospitals that specialize in psychiatric services, substance abuse treatment programs, and behavioral health counseling, and has facilities in Florida, Louisiana, and Ohio.

In June 2025, Oglethorpe experienced a hacking incident that rendered its systems inoperable for a limited time.  Third-party cybersecurity experts were engaged to help contain, investigate, and remediate the incident. The investigation revealed that the hackers first gained access to its network on May 15, 2025, and maintained access until June 6, 2025. The investigation concluded on September 16, 2025, when it was confirmed that files containing patient information had been exfiltrated from its network. Those files were reviewed, and that process was completed on October 23, 2025, when Oglethorpe learned that first and last names, birth dates, Social Security numbers, driver’s license numbers, and medical information were involved.

Oglethorpe said no evidence has been found to indicate any misuse of the impacted information; however, as a precaution against identity theft and fraud, the affected individuals have been offered complimentary single-bureau credit monitoring, credit report, and credit score services for 12 months.

In response to the breach, all systems were wiped and rebuilt, and data was restored from backups. Steps have also been taken to improve network security to prevent similar incidents in the future. The incident is not yet shown on the HHS’ Office for Civil Rights website; however, the Maine Attorney General was informed that the breach affected 92,332 individuals, including 85 Maine residents.

Northern Montana Health Care Affected by Business Associate Hacking Incident

Havre, MT-based Northern Montana Health Care (NMHC) has been affected by a data breach at one of its business associates. NMHC contracted with Wakefield & Associates, LLC, which provides debt collection services. On October 29, 2025, NMHC published a notice warning patients about a security incident at Wakefield & Associates, which involved unauthorized access to certain files. The incident was confined to the Wakefield & Associates network. No NMHC systems were affected.

Wakefield & Associates is notifying the affected individuals directly, and the individual letters state the types of information involved. NMHC has confirmed that Wakefield & Associates is offering the affected individuals complimentary credit monitoring and identity theft protection services. The data breach is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is unclear how many individuals have been affected.

The post Oglethorpe Hacking Incident Affects More Than 92,000 Patients appeared first on The HIPAA Journal.

OB-GYN Associates in Nevada and Beverly Hills Oncology Medical Group in California have recently started notifying patients affected by hacking incidents.

OB-GYN Associates, Nevada

OB-GYN Associates, a women’s health clinic in Reno, Nevada, has recently mailed notification letters to 62,238 individuals warning them that some of their protected health information has been exposed in a recent security incident. On or around August 7, 2025, suspicious activity was identified within its IT environment. Third-party cybersecurity experts were engaged to investigate the activity and confirmed that there had been unauthorized access to parts of its network where patient data was stored.

The review of the affected data was completed on September 29, 2025. While no evidence of data misuse has been identified, patients have been informed that their first and last names, Social Security numbers, driver’s license numbers, and medical information have been exposed and may have been stolen. As a precaution against data misuse, the affected individuals have been offered complimentary single-bureau credit monitoring, credit reporting, and credit score services. Data security policies and procedures have been reviewed and updated, network security protections have been upgraded, and changes have been made to how data is stored and managed to protect against similar incidents in the future.

Beverly Hills Oncology Medical Group

Beverly Hills Oncology Medical Group in California has notified certain patients about a security incident in February that may have resulted in the theft of patient information.  According to the breach notices provided to the Maine and California Attorneys General, unauthorized network access was identified and blocked on February 11, 2025.

An investigation was launched, with assistance provided by third-party cybersecurity experts, who confirmed unauthorized access to its network between February 7 and February 11, 2025.  The exposed files have been reviewed, and on October 13, 2025, Beverly Hills Oncology Medical Group confirmed that the exposed information included names, Social Security numbers, driver’s license numbers/other government identification numbers, financial account information, credit/debit card information, health insurance policy information, diagnoses, treatment information, prescriptions, and/or other clinical information.

Beverly Hills Oncology Medical Group said that, at the time of issuing notification letters in October, no evidence had been found to indicate any misuse of the exposed data; however, as a precaution, the affected individuals have been offered 12 months of complimentary credit monitoring services. The incident is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.

The post OB-GYN Associates & Beverly Hills Oncology Medical Group Issue Breach Notifications appeared first on The HIPAA Journal.