TriZetto Provider Solutions, a Cognizant-owned provider of revenue management services to physicians, hospitals, and health systems, has started notifying certain healthcare clients about a recently identified cybersecurity incident.

On October 2, 2025, suspicious activity was identified within a web portal used by some of its healthcare provider customers to access TriZetto systems. Immediate action was taken to secure the web portal and mitigate the incident, and the cybersecurity firm Mandiant was engaged to investigate the activity, review the security of the web portal application, and ensure that the incident is fully remediated. TriZetto is satisfied that the threat actor has been eradicated from its system. No further unauthorized web portal activity has been detected since October 2, 2025.

While the cybersecurity incident was only recently detected, the unauthorized access has been ongoing for a considerable period of time. The forensic investigation determined that an unauthorized third party first started accessing historical eligibility transaction reports within the TriZetto system in November 2024, almost a year before the unauthorized access was detected. The reports within its storage system contained the protected health information of patients of certain healthcare provider clients.

Between October 2, 2025, and the end of November 2025, Trizetto reviewed the data within the compromised system to determine the types of data involved and the individuals affected. Information compromised in the incident includes the names of patients and primary insureds, in combination with some or all of the following: address, date of birth, Social Security number, health insurance member number (in some cases, Medicare beneficiary number), health insurer name, information about the primary insured or beneficiary, and other demographic health and health insurance information. TriZetto said no financial information was involved.

Notifications have been issued to the affected healthcare clients, who have been provided with a list of the affected individuals and a copy of the affected data. The HIPAA Breach Notification Rule requires notifications to be issued to the affected individuals within 60 days of a HIPAA-covered entity being notified about a data breach at a business associate. Assuming the affected healthcare providers comply with that HIPAA requirement, individual notifications for the affected individuals should be mailed within 60 days.

TriZetto has offered to handle the breach notifications on behalf of the affected clients, should they determine that breach notifications are required under HIPAA. TriZetto has also offered to notify the HHS’ Office for Civil Rights, state regulators, and media outlets on behalf of its covered entity clients, and will also cover the cost of complimentary credit monitoring, fraud consultation, and identity theft restoration services.

It is currently unclear how many of its healthcare provider clients have been affected or the scale of the data breach. Given the fact that its system was compromised for 11 months, it could be a sizeable data breach. Healthcare providers known to have been affected include:

• CE-Edinger Medical Group, California
• Friends of Family Health Center, California
• Gardner Health Services, California (6,197 individuals)
• Harmony Health Medical Clinic and Family Resource Center, California
• One Community Health, California
• Mission Neighborhood Health Center in California (3,741 individuals)
• Native American Health Center, California
• Open Door Community Health Centers, California
• Planned Parenthood Northern California – TriZetto was a subcontractor of its business associate OCHIN
• Lynn Community Health, Massachusetts
• Share Ourselves, California (2,864 individuals)
• Santa Rosa Community Health Centers, California – TriZetto was a subcontractor of its business associate OCHIN

This post was first published on December 11, 2025, and it will continue to be updated as further information about the TriZetto data breach is released. 

The post TriZetto Provider Solutions Issues Data Breach Notifications to HIPAA Covered Entities (Update) appeared first on The HIPAA Journal.

Data breaches have recently been announced by Vida Y Salud-Health Systems in Crystal City, Texas, and Dublin Medical Center in Georgia.

Vida Y Salud-Health Systems, Texas

Vida Y Salud-Health Systems, a Crystal City, TX-based Federally Qualified Health Center, has recently reported a data breach to the Texas Attorney General involving unauthorized access to the protected health information of 34,504 Texas residents. On October 8, 2025, suspicious activity was identified within its network. The forensic investigation confirmed that an unauthorized third party gained access to its network on October 7, 2025, and exfiltrated data.

The investigation and data review have recently concluded, and it was confirmed that names, addresses, dates of birth, Social Security numbers, driver’s license numbers, account numbers, and claim numbers had been stolen. Vida Y Salud-Health Systems has notified the HHS’ Office for Civil Rights; however, the data breach is not currently shown on the OCR data breach portal, so it is unclear how many individuals in total have been affected. Vida Y Salud-Health Systems said steps have been taken to strengthen security to prevent similar breaches in the future, and the affected individuals have been offered complimentary credit monitoring and identity theft protection services.

Dublin Medical Center, Georgia

Dublin Medical Center in Georgia has recently started notifying individuals affected by an October 2025 cybersecurity incident. Suspicious activity was identified within its computer network on October 17, 2025. The substitute data breach notice on Dublin Medical Center’s website does not state when the unauthorized access started.

The review of the files on the affected parts of its network confirmed that patient data was compromised in the incident. The data types varied from individual to individual and may have included names in combination with some or all of the following: contact information, date of birth, patient status, provider name, diagnosis and treatment information, prescriptions, medical history, radiology imaging and reports, medical consent forms, lab reports, patient identification number, dates of service, and health insurance information.

The investigation is continuing; however, notification letters started to be mailed to the affected individuals on December 17, 2025. The affected individuals have been advised to remain vigilant against misuse of their data by reviewing their account statements, free credit reports, and explanation of benefits statements. The incident is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.

The post Vida Y Salud-Health Systems & Dublin Medical Center Confirm Data Breaches appeared first on The HIPAA Journal.

CareOregon and Health Share of Oregon have notified certain patients about a data breach and potential insurance fraud. Andover Eye Associates has identified a breach of its email environment.

CareOregon and Health Share of Oregon

CareOregon and Health Share of Oregon have notified certain patients about unauthorized access to some of their protected health information. It is unclear from the phrasing of the notice whether this was an insider breach or if data was accessed by an external actor. The data breach notice states that, “On October 27, 2025, we learned that one or more people looked at your information without permission.” Social Security numbers and financial information were not accessed. The data viewed and potentially obtained was limited to first and last names, dates of birth, health plan information, Medicaid/Medicare numbers, and primary care provider office.

The notice states that there may have been data misuse, warning that the information may have been used to create fake insurance claims. CareOregon and Health Share of Oregon said they were unable to determine if any specific patient’s information had been misused. The affected individuals have been reminded that CareOregon and Health Share of Oregon do not bill for covered health care services, and informed the affected individuals that they will not receive a bill even if their data has been misused to file a fake insurance claim. Individuals who receive a letter detailing the services that they should have received should check the letter carefully and report back if there are any listed services that have not been provided.

Law enforcement has been notified, an investigation has been conducted, and the identified issue has been fixed. Further, CareOregon and Health Share of Oregon have changed how individuals’ information can be viewed, and the staff have been retrained. There is currently no breach report on the HHS’ Office for Civil Rights breach portal at present, so it is unclear how many individuals have been affected.

Andover Eye Associates

Andover Eye Associates in Andover, Massachusetts, has experienced an email security incident that exposed the data of 1,638 patients. Suspicious activity was identified in two employee email accounts on June 10, 2025. An investigation was launched, which confirmed that an unauthorized third party gained access to the accounts on May 28, 2025. No other employee email accounts were affected.

The email accounts were reviewed, and on November 4, 2025, Andover Eye Associates confirmed that the accounts contained patient names and Social Security numbers. Additional training has been provided to the workforce, and additional safeguards are being implemented to improve email security. Notification letters have been mailed to the affected individuals who have been offered complimentary credit monitoring services for 12 months.

The post CareOregon and Health Share of Oregon Warn of Potential Insurance Fraud After Data Breach appeared first on The HIPAA Journal.

Data breaches have recently been reported by Pearlman Aesthetic Surgery and Associated Radiologists of the Finger Lakes in New York and Fast Pace Urgent Care in Tennessee.

Pearlman Aesthetic Surgery

Steven J. Pearlman, MD, PC, a well-known plastic surgeon and the owner of Pearlman Aesthetic Surgery, a popular plastic surgery practice in Manhattan, New York, has recently reported a breach of the protected health information of 11,764 individuals to the HHS’ Office for Civil Rights (OCR).

The specifics of the data breach have yet to be publicly disclosed, other than it being a hacking/IT incident. The incident was reported to OCR on November 9, 2025, and there is currently no substitute data breach notice on the Pearlman Aesthetic Surgery website.

This post will be updated when further information becomes available.

Associated Radiologists of the Finger Lakes

Associated Radiologists of the Finger Lakes, a network of interventional and diagnostic radiology centers in Elmira, NY, and the surrounding areas, has identified unauthorized access to its computer network. Anomalous activity was identified on October 30, 2025, and the investigation confirmed unauthorized access to a subset of its network, starting on October 28, 2025. Over two days, patient data may have been viewed or copied.

The file review is currently ongoing, and notification letters will be sent to the affected individuals when the review is completed. While the specific types of data involved have yet to be confirmed, based on the information collected to date, the types of data involved include names, addresses, medical record numbers, Social Security numbers, dates of birth, clinical/treatment information, medical procedure information, medical provider names, prescription information, and health insurance information. Associated Radiologists of the Finger Lakes has reviewed and enhanced its technical, administrative, and physical safeguards, policies, and procedures to reduce the risk of similar incidents in the future.

The incident has been reported to the HHS’ Office for Civil Rights with a placeholder figure of at least 501 individuals.

Fast Pace Urgent Care (FPMCM)

Fast Pace Urgent Care in Tennessee has announced a HIPAA breach at its business associate, FPMCM, LLC.  On August 12, 2025, an FPMCM employee received a legitimate request for the protected health information of a single patient. When responding to that request, the employee inadvertently sent a document containing the protected health information of 2,072 patients.

The privacy violation was identified the following day, and an investigation was launched. The investigation has recently concluded and confirmed that the information impermissibly disclosed included names, dates of service, internal account numbers, billing codes, insurance information, and potentially health insurance claim numbers.

The recipient of the email confirmed that the email and the attached document have been deleted, no copies have been retained, and the information was not further disclosed. Additional safeguards have been implemented to prevent similar incidents in the future. While the affected individuals are not believed to be at risk, they have been advised to review their Explanation of Benefits statements as a best practice.

The post 12,000-Record Data Breach Announced by New York Plastic Surgery Practice appeared first on The HIPAA Journal.

Liberty Resources, a Syracuse, NY-based human services agency, has announced a security incident that was first identified 16 months ago, on July 22, 2024. Liberty Resources said an immediate and thorough investigation was conducted, and that the investigation into the incident is still ongoing. It is unclear why the investigation has taken so long.

According to its website data breach notice, the specific information compromised in the incident has yet to be confirmed. Employees and patients have been warned that the impacted data likely includes names, addresses, dates of birth, Social Security numbers, medical information, and health insurance information. Since the investigation has not yet concluded, it is unclear how many individuals have been affected.

While no evidence has been found to indicate any misuse of the affected information, employees and clients have been advised to remain vigilant against identity theft and fraud. While not stated by Liberty Resources, this appears to have been a cyberattack by the Rhysida threat group, which added Liberty Resources to its data leak site and threatened to sell the 665 GB of data allegedly stolen in the attack. Rhysida claims on its data leak site that the data that has not been sold has been published. The group claims the leaked data includes 885,433 files, and if the claim is true, that may go some way to explaining why the investigation and data review have taken so long.

Gold Coast Health Plan Members Affected by Conduent Data Breach

Gold Coast Health Plan in Camarillo, CA, confirmed on December 2, 2025, that members’ protected health information was potentially compromised in a cyberattack on its business associate, Conduent Business Solutions. Conduent, a long-term provider of administrative services to Gold Coast Health Plan, determined on January 13, 2025, that the email account of one of its employees was accessed by an unauthorized individual between October 21, 2024, and January 13, 2025. The forensic investigation has taken several months to complete, and recently, Gold Coast Health Plan learned that the protected health information of 540 members was compromised in the incident, including their names, health plan identification numbers, dates of service, costs of service, and claim numbers. Social Security numbers and financial information were not involved.

“We deeply regret that the private information of some [of] our members was possibly exposed during this cyberattack,” said Robert Franco, GCHP’s chief compliance officer. “We are working closely with Conduent to ensure the necessary safeguards are in place to prevent a future breach.”

The post Liberty Resources Announces July 2024 Data Breach appeared first on The HIPAA Journal.

Data breaches have been announced by Fieldtex Products in New York State and the Utah ear, nose & throat specialists, Cache Valley Ear ENT.

Fieldtex Products, New York

Fieldtex Products, a medical supply fulfillment organization based in Rochester, New York, has announced a data security incident involving unauthorized access to its computer systems. The intrusion was identified on August 19, 2025, and action was immediately taken to secure its network and prevent further unauthorized access. A third-party digital forensics team was engaged to investigate the incident, which confirmed that a limited amount of protected health information had been exposed and may have been accessed or stolen in the attack.

The exposed data related to the over-the-counter healthcare-related products provided by Fieldtex to members of its health plan clients. In order to provide those products, health plans provided Fieldtex with protected health information such as patient names, addresses, dates of birth, insurance member identification numbers, plan names, effective terms, and gender.

The analysis of the exposed data was completed on September 30, 2025, and the affected health plans were notified immediately. Fieldtex has sent notification letters to the affected individuals on behalf of the health plans that authorized Fieldtex to provide direct notice and has offered those individuals complimentary credit monitoring services.

At the time of issuing notification letters, Fieldtex was unaware of any misuse of the exposed data. Steps have been taken to improve security, and data security policies and procedures are being reviewed. The data breach is not currently shown on the HHS’ Office for Civil Rights website, so it is currently unclear how many individuals have been affected.

Cache Valley Ear, Nose & Throat, Utah

Legal counsel for Cache Valley Ear, Nose & Throat (Cache Valley ENT) has notified state attorneys general about a February 2025 data security incident that exposed patient information. Suspicious activity was identified within its network on February 4, 2025. An investigation was launched to determine the nature and scope of the activity, with assistance provided by third-party cybersecurity experts.

The North Logan, Utah-based healthcare provider confirmed that data may have been viewed or copied on February 4, 2025. The review of the exposed data was completed on November 4, 2025, when it was confirmed that names, addresses, provider names, drug names, and insurance provider names were involved. While highly sensitive patient data such as Social Security numbers and financial information do not appear to have been involved, out of an abundance of caution, the affected individuals have been offered 12 or 24 months of complimentary credit monitoring and identity theft protection services. The data breach is not currently shown on the HHS’ Office for Civil Rights website, so it is currently unclear how many individuals have been affected.

The post Health Plan Members’ PHI Exposed in Cyberattack on Fieldtex Products appeared first on The HIPAA Journal.

Data breaches have recently been announced by Ennoble Care & Circa Health in New Jersey and Dermatology Associates of Concord in Massachusetts.

Ennoble Care/Circa Health, New Jersey

Ennoble Care & Circa Health, LLC, a Hackensack, NJ-based provider of primary care, palliative care, and hospice services to individuals in Georgia, Kansas, Maryland, New York, New Jersey, Oklahoma, Pennsylvania, Virginia, and Washington, D.C., has announced an email account breach that was identified on April 17, 2025.

Ennoble Care said the investigation into the incident is ongoing; however, it has been determined that patient information has been exposed and may have been obtained by an unauthorized individual. The types of information involved include names, addresses, dates of birth, hospice status, status dates, and orders status (CTI, SN, MSW, CH, HHA, etc.). No evidence was found to indicate that its cloud-based electronic health record was compromised.

While no evidence has been found to indicate misuse of the exposed data, the affected individuals have been advised to remain vigilant against identity theft and fraud by monitoring the explanation of benefits statements that they receive from their health insurance providers. The data breach is not currently shown on the HHS’ Office for Civil Rights website, so it is currently unclear how many individuals have been affected.

Dermatology Associates of Concord, Massachusetts

Dermatology Associates of Concord (DAC), a provider of dermatology services to individuals in the greater Boston area, has notified the Massachusetts Attorney General about a recent security incident affecting a currently undisclosed number of individuals. Suspicious activity was identified within its computer systems on September 19, 2025. Assisted by third-party cybersecurity experts, DAC determined that an unauthorized third party accessed a specific computer system between September 18, 2025, and September 19, 2025, and copied files from that system.

The files are being reviewed to determine the types of data involved and the individuals affected, and that process has not yet concluded. While data was stolen, DAC is unaware of any misuse of that information. DAC said it has notified law enforcement about the incident and has augmented its security protocols to prevent similar incidents in the future.

Notification letters will be mailed to the affected individuals when the data review is completed, and complimentary single-bureau credit monitoring, credit report, credit score, and fraud assistance services will be made available to the affected individuals for a period of 24 months.

The post Data Breaches Announced by Ennoble Care & Circa Health; Dermatology Associates of Concord appeared first on The HIPAA Journal.