Think Big Health Care Solutions, a Florida-based practice management company, and Minnesota Epilepsy Group have recently confirmed cyberattacks and data breaches. Ransomware groups have claimed responsibility for attacks on Emerson Chiropractic in Indiana and El Paso Quality Dentistry in Texas.
Think Big Health Care Solutions, Florida
Think Big Health Care Solutions, a Wellington, FL-based practice management company that provides billing, contracting, and credentialing services to medical practices, has identified unauthorized access to an employee’s email account. Suspicious activity within the account was identified on June 20, 2025, and third-party cybersecurity specialists were engaged to investigate the incident.
Evidence was found that suggested some emails and files in the account had been accessed by an unauthorized third party. A review was conducted to determine the types of information involved and the individuals affected, and notification letters will be mailed to those individuals when that process has been completed. Think Big Health Care Solutions has confirmed that the account contained information such as first names, initials, and last names, addresses, telephone/fax numbers, email addresses, dates of birth, Social Security numbers, tax identification numbers, passport numbers, admission dates, health insurance policy numbers, bank/financial account numbers and routing numbers, credit/debit card information, diagnoses/conditions, lab results, medications, claims information, medical record numbers, other medical/health information, CPT codes, and referring provider names.
Additional technical and administrative measures have been implemented to prevent similar incidents in the future, and enhanced training is being provided to the workforce on phishing detection, secure data handling, and incident response procedures.
Minnesota Epilepsy Group
Roseville, MN-based Minnesota Epilepsy Group (MEG) has experienced a cybersecurity incident that affected certain systems within its network and caused some disruption to business operations. According to the April 25, 2025, substitute breach notice, MEG identified the incident on February 27, 2025. Immediate action was taken to secure its systems, and third-party cybersecurity experts were engaged to investigate to determine the nature and scope of the unauthorized activity. The investigation is ongoing, but it has been confirmed that client and employee data were exposed in the incident.
The exact types of data involved have yet to be confirmed, but likely include individuals’ names, addresses, dates of birth, medical record numbers, EEG summaries, neuropsychology reports, medication records, and health insurance information. No evidence of misuse of that information has been identified to date; however, the affected individuals have been advised to remain vigilant and should review their financial account statements for signs of fraudulent activity. MEG said it continually evaluates and modifies its practices to enhance privacy and security and is taking steps to augment existing cybersecurity measures to prevent similar incidents in the future.
Ransomware Groups Claim Responsibility for Attacks on Two Healthcare Providers
Ransomware groups have recently claimed responsibility for attacks on two healthcare providers, Emerson Chiropractic in Indiana and El Paso Quality Dentistry in Texas. The Dragonforce ransomware group claims to have stolen 96 GB of data from Emerson Chiropractic, which provides chiropractic services to individuals in the Southside of Indianapolis. Stolen data has been published on the data leak site, indicating the ransom was not paid.
The Beast ransomware group has added El Paso Quality Dentistry to its data leak site and claims to have stolen approximately 700 GB of data. Screenshots have been uploaded to the data leak site, indicating a broad range of data has been stolen, with some folder names suggesting patient data was involved. Currently, the stolen data has not been leaked. Neither healthcare provider has publicly announced a cyberattack or data breach at the time of writing.
The post Florida Practice Management Company Announces June 2025 Data Breach appeared first on The HIPAA Journal.