In late February, The HIPAA Journal reported on a QualDerm Partners data breach, the scale of which was currently unknown, except that it affected 174,837 Texas residents. The data breach was likely to have affected considerably more individuals, given that QualDerm Partners does business in 17 U.S. states and serves more than 15 million patients annually.

The scale of the data breach is now clearer, as the Oregon Attorney General has been notified that 3,117,874 individuals have been affected. Notification letters started to be mailed to those individuals on February 22, 2026. The incident has yet to be added to the HHS’ Office for Civil Rights data breach portal, so it is still unclear how many individuals had protected health information compromised in the incident.

February 25, 2026: QualDerm Partners Confirms Significant Data Breach

QualDerm Partners, LLC, a provider of healthcare management services to 158 dermatology and skin care practices in 17 U.S. states, has announced a security incident involving unauthorized access to its computer network. Unauthorized network activity was identified on December 24, 2025, and immediate action was taken to contain the incident and secure its network and computer systems. Third-party cybersecurity experts were engaged to conduct a forensic investigation to determine the nature and scope of the unauthorized activity. The investigation confirmed unauthorized access to its network between December 23 and December 24, 2025. During that time, files containing sensitive data were exfiltrated from its network.

The data review is ongoing to determine the individuals and types of information involved. So as not to unduly delay notifications, QualDerm Partners is mailing notification letters to the affected individuals on a rolling basis. Data compromised in the incident varies from individual to individual, and may include names, email addresses, dates of birth/death, doctor names, medical record numbers, diagnoses, treatment information, and health insurance information. A very small subset of individuals may also have had their government-issued identification information, such as driver’s license numbers, compromised in the incident.

QualDerm Partners said it is reviewing its policies, procedures, and protocols related to data security, and while no misuse of patient data has been identified, the affected individuals have been offered complimentary credit monitoring and identity theft protection services. QualDerm Partners has yet to publicly confirm exactly how many individuals have been affected, and the incident is not yet shown on the HHS’ Office for Civil Rights breach portal. This does appear to be a significant data breach, as the Texas Attorney General has been informed that 174,837 Texas residents have been affected. Since QualDerm Partners works with dermatology practices in 17 U.S. states, the total number of affected individuals is likely to be considerably higher.

This post will be updated when further information becomes available.

The post QualDerm Partners Data Breach Affects More Than 3 Million Individuals appeared first on The HIPAA Journal.

Greater Pittsburgh Orthopedic Associates has experienced a ransomware attack that has affected almost 57,000 individuals. Data breaches have also been announced by Triad Radiology Associates in North Carolina and North East Medical Services in California.

Greater Pittsburgh Orthopedic Associates, Pennsylvania

Greater Pittsburgh Orthopedic Associates in Pennsylvania has recently reported a data breach to the Maine Attorney General involving unauthorized access to the personal and protected health information of up to 56,954 individuals, including 3 Maine residents.

According to the notice, anomalous network activity was identified on August 10, 2025. Incident response protocols were initiated, and third-party cybersecurity experts were engaged to assist with the investigation, help secure its IT environment, and harden security. The investigation confirmed that patient data was exposed in the incident, and the review of that data has recently been completed. The exposed data elements vary from individual to individual and may include names in combination with one or more of the following: mailing address, Social Security number, and provider name.

Notification letters started to be mailed to the affected individuals on or around February 5, 2026, and at the time of issuing those notifications, no evidence had been found to indicate any patient data had been misused; however, as a precaution, the affected individuals have been offered complimentary single bureau credit score, credit report, and credit monitoring services. The Ransomhouse ransomware group claimed responsibility for the breach and said it encrypted files and exfiltrated data from its network. While the group claims that it will publish the stolen data, its dark web data leak site only includes an “evidence pack,” which currently cannot be downloaded.

Triad Radiology Associates, North Carolina

Triad Radiology Associates, a North Carolina-based physician practice providing medical imaging and radiology services, has notified 11,011 individuals about unauthorized access to an employee’s email account containing electronic protected health information. Suspicious activity was identified within the email account on or around July 30, 2025. After securing the account, an investigation was launched to determine the nature and scope of the activity, with assistance provided by third-party cybersecurity experts.

According to its data breach notice, “Our investigation determined that a limited amount of information may have been accessed between July 11, 2025, and September 8, 2025.”  That suggests that despite securing the account, unauthorized access continued for almost 40 days after the incident was first identified. Triad Radiology said its file review confirmed that the information exposed in the incident included names, addresses, dates of birth, Social Security numbers, driver’s license numbers, bank account information, medical information, and health insurance information. Triad Radiology has reviewed its data security policies and procedures and is taking steps to prevent similar incidents in the future. The affected individuals have been offered complimentary credit monitoring and identity theft protection services.

North East Medical Services, California

North East Medical Services, a San Francisco, California-based network of community health centers in the San Francisco Bay Area and Las Vegas, has recently disclosed a data breach to the California Attorney General. On October 19, 2025, suspicious activity was identified within its computer systems. Third-party cybersecurity experts have been engaged to investigate the incident, and unauthorized network access was confirmed.

The exposed data is currently being reviewed, and North East Medical Services has yet to determine how many individuals have been affected or the types of data involved. Notification letters will be mailed to the affected individuals when the data review is concluded. In the meantime, all patients have been advised to remain vigilant against incidents of identity theft and fraud by monitoring their accounts and explanation of benefits statements for suspicious activity.

The post Greater Pittsburgh Orthopedic Associates Data Breach Affects Almost 57,000 Individuals appeared first on The HIPAA Journal.

University of Mississippi Medical Center (UMMC) has temporarily closed most of its clinics following a ransomware attack, and scheduled appointments and surgeries have been cancelled and will be rebooked once the attack has been remediated. Mississippi MED-COM, the network that coordinates hospital transfers across the state, has also been affected by the ransomware attack, but had redundancies in place, and patients continue to be routed to hospitals in the state without disruption.

The attack was detected in the early hours of Thursday, February 19, 2026, and has impacted the UMMC network and many of its IT systems, including its EPIC electronic medical record system. According to LouAnn Woodward, vice chancellor for health affairs and dean of the School of Medicine, all clinics will remain closed on Friday, February 20, 2026, as a result of the attack, with the exception of its kidney dialysis clinic at Jackson Medical Mall, which remains open with appointments proceeding as scheduled. Without access to key systems, including its electronic medical record system, information is being recorded with pen and paper for patients in its care. In-person classes for students are continuing as scheduled.

Woodward confirmed that care continues to be provided to hospital patients, and all clinical equipment and operations remain functional. While there have been temporary clinic closures, the emergency department remains open and is accepting patients. Law enforcement has been alerted, and UMMC is coordinating with the Department of Homeland Security and the U.S. Cybersecurity and Infrastructure Security Agency, and the Federal Bureau of Investigation is providing assistance.

Since the attack was only detected yesterday, it is too early to tell to what extent, if any, patient data has been compromised, or how long the recovery will take. “ At this point in the incident it’s too early for us to communicate what we do and don’t know, but we are in the process of surging resources, both locally and nationally, into this incident to make sure that we are standing alongside with UMMC and their vendors,” said FBI Special Agent in Charge Robert A. Eikhoff, who was present at the UMMC presser announcing the attack. UMMC has confirmed it has made contact with the group behind the attack, but the name of the group has not been disclosed, and UMMC has not stated whether it is considering paying the ransom.

The post UMMC Shuts Clinics While it Grapples with Ransomware Attack appeared first on The HIPAA Journal.

Granite Wellness Centers in California and Pediatric Home Service in Minnesota have both settled lawsuits stemming from cyberattacks that exposed sensitive patient data.

Granite Wellness Centers Data Breach Settlement

Granite Wellness Centers, a network of drug addiction treatment centers in Northern California, has agreed to settle class action litigation over a January 2021 ransomware attack and data breach that affected up to 15,600 individuals. The attack was detected on or around January 5, 2021, and the forensic investigation confirmed that the ransomware actor acquired files containing sensitive patient data, including names, dates of birth, home addresses, dates of care, treatment information, treatment providers, health information, health insurance information, driver’s license numbers, medical histories, Social Security numbers, and bank account numbers.

The affected individuals were notified on or around March 5, 2021, and the first class action lawsuit was filed on June 14, 2023. An amended complaint was filed in September 2023 – Bente, et al. v. Granite Wellness Centers – in the Superior Court of the State of California, County of Placer. The lawsuit asserted claims for negligence, negligence per se, breach of implied contract, unjust enrichment, and declaratory judgment. Granite Wellness Centers maintains that there was no wrongdoing and denies claims that the exposure of data caused any harm to individuals. Following mediation, all parties agreed to settle the litigation to avoid the cost and risk of a trial, with no admission of wrongdoing or liability by the defendant.

Granite Wellness Centers has agreed to establish a $725,000 settlement fund to cover all costs associated with the litigation, including attorneys’ fees (up to 33.33% of the fund), litigation expenses (up to $20,000), service awards for the class representatives (up to $2,000 per class representative), and class member benefits. There are three types of payments available to class members. A claim may be submitted for a pro rata cash payment, estimated to be approximately $750 per class member, but may be higher or lower depending on the number of claims submitted. A claim may be submitted for reimbursement of documented, unreimbursed losses due to the data breach up to a maximum of $5,000 per class member, and California residents at the time of the data breach may submit a claim for an additional statutory $100 cash payment.

The deadline for opting out and objecting is March 28, 2026. The deadline for submitting a claim is April 27, 2026, and the final fairness hearing has been scheduled for April 28, 2026.

Pediatric Home Service Data Breach Settlement

Pediatric Home Respiratory Services (Pediatric Home Service), a Roseville, MN-based independent children’s home healthcare provider, has agreed to settle litigation stemming from a November 2024 cyberattack and data breach. The lawsuit claims that 43,634 individuals were affected by the data breach. The HHS’ Office for Civil Rights was informed that the protected health information of 41,792 patients was exposed in the incident. The Pediatric Home Service cyberattack was detected on November 7, 2024, and the forensic investigation confirmed that an unauthorized third party accessed its network between November 1, 2024, and November 7, 2024. The affected individuals were notified on January 8, 2025.

Two class action lawsuits were filed in response to the data breach, which were consolidated into a single complaint – In re Pediatric Home Respiratory Services, LLC d/b/a Pediatric Home Service Litigation –in the District Court for Ramsey County, Minnesota. The lawsuit asserted claims of negligence, negligence per se, breach of implied contract, violation of the Minnesota Health Records Act, breach of fiduciary duty, declaratory judgment, and unjust enrichment. Pediatric Home Service denies all claims and contentions in the lawsuit and maintains there was no wrongdoing. Pediatric Home Service sought to have the lawsuit dismissed for lack of standing and failure to state a claim. The plaintiffs opposed the motion, and following mediation, a settlement was agreed to resolve the litigation.

There are two cash payment options, one of which can be selected by all class members. A claim may be submitted for reimbursement of documented, unreimbursed losses due to the data breach up to a maximum of $1,500 per class member. Alternatively, a one-time cash payment of $50 may be claimed. In addition, a claim may be submitted for a 12- month membership to one of three credit monitoring options: CyEx Medical Shield Complete, CyEx Identity Defense Total, or CyEx Minor Defense Pro (for minors). The deadline for objecting to the settlement and exclusion is April 8, 2026. The claims deadline is April 23, 2026, and the final fairness hearing has been scheduled for May 8, 2026.

The post Granite Wellness Centers & Pediatric Home Service Settle Class Action Data Breach Lawsuits appeared first on The HIPAA Journal.

WIRX Pharmacy in Pennsylvania has experienced a security incident that exposed the protected health information of more than 20,000 current and former patients. Emanuel Medical Center in California has started notifying patients about a May 2025 cyberattack that exposed patient data.

WIRX Pharmacy, Pennsylvania

WIRX Pharmacy in Fort Washington, Pennsylvania, has notified 20,104 individuals about a December 2025 cybersecurity incident that may have resulted in unauthorized access and/or theft of protected health information. Suspicious activity was identified within its network environment on or around December 7, 2025. Systems were secured, and an investigation was launched, which confirmed unauthorized access to certain data on its systems between December 6, 2025, and December 7, 2025.

A review of the exposed files confirmed that personal and protected health information were present in files on the compromised parts of its network. The affected data varies from individual to individual and may include names in combination with one or more of the following: clinical information (diagnosis/conditions, medications, and other treatment information), demographic information (Social Security number, address, date of birth, and other identifiers), and financial account or claims information.

WIRX Pharmacy said it is reviewing its security policies and procedures and will take steps to harden security to prevent similar incidents in the future. The affected individuals have been advised to remain vigilant against identity theft and fraud by monitoring their financial accounts and free credit reports.

Emanuel Medical Center, California

Emanuel Medical Center, a 209-bed acute care hospital located in Turlock, California, has started notifying current and former patients about a May 2025 security incident. Suspicious network activity was identified on May 22, 2025, and third-party cybersecurity experts were engaged to investigate the activity. They confirmed unauthorized access to its network between May 21 and May 24, 2025, and that files containing personal and protected health information were present on the affected systems.

The review of those files has recently been completed, and notification letters started to be mailed to the affected individuals on February 17, 2026. Data compromised in the incident varies from individual to individual and may include names, dates of birth, contact information, government identification numbers (including Social Security numbers and driver’s license numbers), health insurance information, patient identification numbers, dates of service, provider names, diagnoses, treatment information, prescriptions, medical histories, and lab reports.

Third-party cybersecurity experts have evaluated security and assisted with strengthening system security. The affected individuals have been advised to remain vigilant against identity theft and fraud by monitoring their accounts and free credit reports for suspicious activity. The incident is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.

The post Cyberattacks Announced by WIRX Pharmacy and Emanuel Medical Center appeared first on The HIPAA Journal.

Issaqueena Pediatric Dentistry in South Carolina, Enhabit Home Health & Hospice in Texas, and AltaMed Health Services in California have announced that patient data has potentially been compromised in ransomware attacks.

Issaqueena Pediatric Dentistry, South Carolina

Issaqueena Pediatric Dentistry in Seneca, South Carolina, has recently reported a hacking incident to the HHS’ Office for Civil Rights that involved unauthorized access to personally identifiable information and protected health information. The incident is still being investigated, so the number of affected individuals has yet to be confirmed. The OCR breach portal currently lists the incident as affecting at least 501 individuals.

In a substitute breach notice on its website, Issaqueena Pediatric Dentistry confirmed that an unauthorized third party gained access to certain files on its system between November 9 and November 11, 2025. Issaqueena Pediatric Dentistry discovered the intrusion on November 11, 2025, when ransomware was used to encrypt files. Its incident response protocols were activated, steps were taken to contain the incident, and law enforcement was notified.

Issaqueena Pediatric Dentistry said files are being reviewed to determine the affected individual and the types of data involved, warning that it is a time-intensive process. Notification letters will be mailed to the affected individuals as soon as possible. The Interlock ransomware group claimed responsibility for the attack, said it exfiltrated 118 GB of data, and listed the data for download on its dark web data leak site, which suggests the ransom was not paid.

Issaqueena Pediatric Dentistry said its network has been secured, and it is working with third-party security experts to implement measures to harden security. Issaqueena Pediatric Dentistry has confirmed that the affected individuals will be offered complimentary credit monitoring and identity theft protection services.

Advanced Homecare Management (Enhabit Home Health & Hospice), Texas

Advanced Homecare Management, LLC, doing business as Enhabit Home Health & Hospice in Dallas, Texas, has notified 22,552 patients that some of their protected health information was compromised in a data breach at one of its business associates.

My 485, Inc., which does business as Doctor Alliance, provides a platform that facilitates the sharing of medical information between doctors and home health agencies and hospices. Enhabit Home Health & Hospice said one or more medical providers may have used the Doctor Alliance platform to facilitate care at entities affiliated with Enhabit, and the platform contained patients’ protected health information.

On December 5, 2025, Doctor Alliance informed Enhabit about a potential security incident involving the data of certain Enhabit patients. Doctor Alliance determined that the platform was subject to unauthorized access between October 31, 2025, and November 6, 2025, and again between November 14, 2025, and November 17, 2025. The platform was accessed by an unauthorized individual using valid credentials for a user account, which allowed access to protected health information such as names, addresses, dates of birth, patients’ gender, physician names, medical record numbers, clinical information, and health plan numbers. Enhabit said financial information and Social Security numbers were not compromised in the incident.

Doctor Alliance has implemented additional authentication mechanisms in the affected software and has notified regulators about the breach. The incident is not yet shown on the OCR breach portal, so the scale of the breach is currently unknown. This appears to have been a ransomware attack. The Kazu ransomware group claimed responsibility.

AltaMed Health Services Corporation, California

AltaMed Health Services Corporation, a provider of primary care, senior care, and health and human services in California, has alerted patients about a cybersecurity incident on December 14, 2025. The incident limited access to some of its computer systems; language often used to describe a ransomware attack.

AltaMed said it immediately initiated its incident response protocols when the cyberattack was detected and worked quickly to contain the incident. Third-party cybersecurity experts were engaged to assist with the investigation, and law enforcement was notified. Under its emergency protocols, AltaMed continued to provide care to patients as scheduled and remained operational throughout the recovery.

The investigation into the incident is ongoing; however, it has been determined that the compromised systems contained some patient information, including names, dates of service, and payment information. Additional safeguards and technical security measures have been implemented to further protect and monitor its systems. The affected individuals have been advised to review their statements and explanation of benefits statements and should report any charges for services that they have not received. Regulators have been notified; however, the incident is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.

The post Three Healthcare Providers Affected by Ransomware Attacks appeared first on The HIPAA Journal.

Academic Urology & Urogynecology of Arizona, a division of Palo Verde Hematology and Oncology that serves patients throughout Arizona, has announced a significant data breach, potentially affecting 73,281 current and former patients.

Unauthorized access to its computer network was detected on or around May 22, 2025. Steps were taken to secure its network to prevent further unauthorized access, and third-party cybersecurity experts were engaged to conduct a forensic investigation. On January 30, 2026, it was confirmed that there had been unauthorized access to its network between May 18, 2025, and May 22, 2025, during which time, files containing patient data may have been viewed or acquired.

The data involved varies from individual to individual and may include some or all of the following: full names, dates of birth, Social Security numbers, account numbers, account types, routing numbers, medical record numbers, mental or physical conditions, diagnoses/diagnosis codes, treatment locations, procedure types, provider names, dates of service, other medical benefits/entitlements, prescription information, health insurance group numbers, health insurance claim numbers, subscriber member numbers, patient account numbers and patient identification numbers.

Notification letters were mailed to the affected individuals on or around February 12, 2026. At the time of issuing notifications, no evidence had been found to indicate misuse of patient data. As a precaution, the affected individuals have been offered complimentary credit monitoring and identity theft protection services.

Livingston HealthCare, Montana

Livingston HealthCare in Livingston, Montana, has warned patients about a recent cybersecurity incident that may have resulted in unauthorized access to patient data. Livingston HealthCare, which operates a critical access hospital serving the greater Park County area, announced on February 13, 2026, that it was experiencing disruption to its phone systems and network due to a suspected cybersecurity incident.

Certain systems were taken offline while the incident was assessed, and it is working to restore the affected systems and will bring them back online when it is safe to do so. The phone system has been restored, and while network services are still limited, care continues to be provided to patients uninterrupted. At this stage of the investigation, it is not possible to determine the extent to which patient data has been compromised. Livingston HealthCare said it will continue to provide updates on the incident, recovery, and any data breach via its website.

Livingston HealthCare said it has learned of advertisements and communications suggesting patients could be entitled to compensation as a result of the incident. Patients have been warned not to disclose any sensitive information, such as Social Security numbers, banking information, or other confidential details, unless they are certain of the recipient’s identity and legitimacy.

The post Academic Urology & Urogynecology of Arizona Data Breach Affects 73K Patients appeared first on The HIPAA Journal.

Managed Care Advisors and Sedgwick Government Solutions recently announced a cybersecurity incident involving unauthorized access to a corporate Secure File Transfer Protocol (SFTP) server that contained personal and protected health information. Files on the server were encrypted with ransomware.

Sedgwick Government Solutions, which acquired Managed Care Advisors in 2021, is a Bethesda, MD-based federal government contractor that provides workers’ compensation and managed care solutions. Sedgwick is also the manager of the Nationwide Provider Network for the World Trade Center Health Program.

Data breach notices often fail to disclose the exact nature of hacking incidents, which makes it difficult for victims to accurately gauge the level of risk they face. Sedgwick bucked that trend, opting for transparency over the data breach. Sedgwick explained that the incident was detected on December 4, 2025, and it immediately implemented its incident response processes. All connections to the SFTP server were disabled to prevent further unauthorized access, and the encrypted data was restored from a secure system backup the following day.

A leading cybersecurity firm, Mandiant, was engaged to assist with the investigation and forensic analysis. The investigation confirmed that an unauthorized third party first accessed the server on November 16, 2025, by exploiting a vulnerability in the SFTP application. Access was only gained to a single server. No other systems were compromised.

The investigation confirmed on January 15, 2026, that the compromised server contained first and last names, addresses, Social Security numbers, dates of birth, and protected health information. The types of data varied from individual to individual. Sedgwick said that on January 2, 2026, a threat group identifying itself as TridentLocker claimed responsibility for the incident and published approximately 3.4 GB of data on a dark web data leak site.

Since stolen data has been published, the affected individuals should ensure that they sign up for the complimentary credit monitoring and identity theft protection services being offered. Those services include an identity theft insurance policy. Sedgwick said it had implemented cybersecurity measures prior to the incident to protect its systems and data, and has taken further steps to enhance privacy protections. The data breach is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.

The post Managed Care Advisors / Sedgwick Notify Patients of Ransomware Attack appeared first on The HIPAA Journal.