The Center for Advanced Eye Care in Pennsylvania/Delaware, Southwest C.A.R.E Center in New Mexico, and Evergreen Healthcare Group in Washington have notified patients about cybersecurity incidents involving unauthorized access to patient information.

Center for Advanced Eye Care

The Center for Advanced Eye Care, a provider of ophthalmology services in Pennsylvania and Delaware, has recently announced a security incident that involved unauthorized access to patient data. Suspicious activity was identified within its legacy environment on December 16, 2025. The affected systems were secured, and an investigation was launched to determine the nature and scope of the activity.

Assisted by third-party cybersecurity experts, The Center for Advanced Eye Care confirmed that protected health information within the legacy environment was accessed by an unauthorized third party and was stolen in the attack. The exact types of data involved have not been publicly disclosed at present, and the types of information involved have been redacted from the notices provided to state attorneys general.

As a precaution against data misuse, the affected individuals have been offered complimentary credit monitoring and identity theft protection services. The affected individuals should avail themselves of those services, as a hacker claimed in December to be selling the stolen data. The data breach is not currently listed on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.

Southwest C.A.R.E Center

Southwest C.A.R.E Center, a nonprofit healthcare provider in New Mexico, has started notifying patients about a cybersecurity incident last summer that impacted some of their protected health information. The cybersecurity incident was detected on or around June 3, 2025. Third-party cybersecurity experts were engaged to conduct a forensic investigation, which confirmed that patient data had been exposed and may have been stolen.

The specific types of data involved were not stated in its substitute data breach notice, only that the data breach may have included first and last names, personal information, and protected health information. Southwest C.A.R.E Center said it has not identified any misuse of patient data as a result of the incident. Southwest C.A.R.E Center has reviewed and enhanced its technical safeguards and has offered complimentary credit monitoring services and identity theft protection services to all affected individuals for 12 months.

While not described as a ransomware attack, the Medusa ransomware group claimed responsibility for the attack. Medusa is a ransomware-as-a-service group that engages in data theft and encryption, and either sells or leaks the stolen data if the ransom is not paid. Medusa claimed to have exfiltrated more than 143 GB of data in the attack. The data breach is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is unclear how many individuals have been affected.

Evergreen Healthcare Group

Couve Healthcare Consulting, LLC, doing business as Evergreen Healthcare Group, has alerted patients about a breach of its cloud-based healthcare platform. Evergreen Healthcare Group, a Vancouver, WA-based provider of management consulting, administrative, and operational services to skilled nursing homes and assisted living communities, identified unauthorized activity within the cloud-based system on December 3, 2025. The forensic investigation found evidence of data exfiltration. The file review was completed on February 24, 2026, and confirmed that names, dates of birth, Social Security numbers, and medical information were subject to unauthorized access or were acquired in the incident.

The cloud-based platform has been secured, and Evergreen Healthcare Group has verified the security of its internal systems. Additional technical safeguards and enhanced security measures have been implemented to prevent similar incidents in the future, and complementary credit monitoring and identity theft restoration services have been offered to the affected individuals.  The data breach is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is unclear how many individuals have been affected.

The post Center for Advanced Eye Care; Southwest C.A.R.E Center; Evergreen Healthcare Group Announce Data Breaches appeared first on The HIPAA Journal.

Data breaches have recently been announced by Cedar Point Health in Colorado, Wee Care Pediatrics in Utah, and Easterseals Northeast Indiana.

Cedar Point Health

Cedar Point Health, a network of health clinics in Colorado, has recently disclosed a cybersecurity incident involving unauthorized access to parts of its network containing patient and employee information.  The intrusion was detected on or around June 16, 2025, and third-party cybersecurity experts were engaged to investigate the incident.

Cedar Point Health said it has taken several months of extensive efforts to identify, review, and analyze the impacted data, and on January 27, 2026, that process was completed. Data compromised in the incident includes full names, addresses, dates of birth, medical treatment information, diagnosis or procedure information, clinical information, health insurance information, financial account information, driver’s license or state-issued identification numbers, passport numbers, and/or Social Security numbers/ITINs.

No evidence has been found to indicate any fraud as a result of the incident; however, the affected individuals have been advised to remain vigilant against identity theft and fraud by reviewing their accounts and explanation of benefits statements for suspicious activity. Individuals who had their Social Security numbers exposed have been offered complimentary credit monitoring and identity theft protection services. The data breach is not currently listed on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.

Wee Care Pediatrics

Wee Care Pediatrics, a pediatric healthcare provider with several locations in northern Utah, has recently announced a cybersecurity incident involving unauthorized access to or the acquisition of patient information. Suspicious activity was identified within its computer network on or around December 15, 2025. Third-party cybersecurity specialists were engaged to investigate the activity and determined that there had been unauthorized access to its network.

The review of the exposed data is ongoing; however, it has been determined that the following types of personal and protected health information were involved: first and last name, contact information, date of birth, Social Security number, treatment/diagnosis information, prescription/medication information, date(s) of service, provider name, medical record number, patient account number, Medicare/Medicaid ID number, and health insurance information.

Immediate action was taken to contain the incident, and steps have been taken to enhance security to prevent similar incidents in the future. Out of an abundance of caution, the affected individuals have been offered complimentary credit monitoring and identity theft protection services. The data breach is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.

Easterseals Northeast Indiana

Easterseals Northeast Indiana, a nonprofit provider of services to individuals with disabilities and their families, has confirmed that protected health information was accessed and acquired in a security breach. Suspicious activity was identified within its computer network on September 4, 2025. Immediate action was taken to secure the network and prevent further unauthorized access, and an investigation was launched to determine the nature and scope of the unauthorized activity.

On November 10, 2025, data theft was confirmed, including individuals’ first and last names, contact information, birth date, Social Security numbers, diagnostic and treatment information, and health insurance information. While not stated by Easterseals, this appears to have been a ransomware attack. The Inc Ransom ransomware group claimed to have stolen 405 GB of data in the attack. As a precaution against identity theft and fraud, Easterseals has offered complimentary credit monitoring and identity theft protection services to individuals whose Social Security numbers were involved. At present, it is unclear how many individuals have been affected.

The post Cedar Point Health; Wee Care Pediatrics; Easterseals NI Announce Data Breaches appeared first on The HIPAA Journal.

In late February, The HIPAA Journal reported on a QualDerm Partners data breach, the scale of which was currently unknown, except that it affected 174,837 Texas residents. The data breach was likely to have affected considerably more individuals, given that QualDerm Partners does business in 17 U.S. states and serves more than 15 million patients annually.

The scale of the data breach is now clearer, as the Oregon Attorney General has been notified that 3,117,874 individuals have been affected. Notification letters started to be mailed to those individuals on February 22, 2026. The incident has yet to be added to the HHS’ Office for Civil Rights data breach portal, so it is still unclear how many individuals had protected health information compromised in the incident.

February 25, 2026: QualDerm Partners Confirms Significant Data Breach

QualDerm Partners, LLC, a provider of healthcare management services to 158 dermatology and skin care practices in 17 U.S. states, has announced a security incident involving unauthorized access to its computer network. Unauthorized network activity was identified on December 24, 2025, and immediate action was taken to contain the incident and secure its network and computer systems. Third-party cybersecurity experts were engaged to conduct a forensic investigation to determine the nature and scope of the unauthorized activity. The investigation confirmed unauthorized access to its network between December 23 and December 24, 2025. During that time, files containing sensitive data were exfiltrated from its network.

The data review is ongoing to determine the individuals and types of information involved. So as not to unduly delay notifications, QualDerm Partners is mailing notification letters to the affected individuals on a rolling basis. Data compromised in the incident varies from individual to individual, and may include names, email addresses, dates of birth/death, doctor names, medical record numbers, diagnoses, treatment information, and health insurance information. A very small subset of individuals may also have had their government-issued identification information, such as driver’s license numbers, compromised in the incident.

QualDerm Partners said it is reviewing its policies, procedures, and protocols related to data security, and while no misuse of patient data has been identified, the affected individuals have been offered complimentary credit monitoring and identity theft protection services. QualDerm Partners has yet to publicly confirm exactly how many individuals have been affected, and the incident is not yet shown on the HHS’ Office for Civil Rights breach portal. This does appear to be a significant data breach, as the Texas Attorney General has been informed that 174,837 Texas residents have been affected. Since QualDerm Partners works with dermatology practices in 17 U.S. states, the total number of affected individuals is likely to be considerably higher.

This post will be updated when further information becomes available.

The post QualDerm Partners Data Breach Affects More Than 3 Million Individuals appeared first on The HIPAA Journal.

Greater Pittsburgh Orthopedic Associates has experienced a ransomware attack that has affected almost 57,000 individuals. Data breaches have also been announced by Triad Radiology Associates in North Carolina and North East Medical Services in California.

Greater Pittsburgh Orthopedic Associates, Pennsylvania

Greater Pittsburgh Orthopedic Associates in Pennsylvania has recently reported a data breach to the Maine Attorney General involving unauthorized access to the personal and protected health information of up to 56,954 individuals, including 3 Maine residents.

According to the notice, anomalous network activity was identified on August 10, 2025. Incident response protocols were initiated, and third-party cybersecurity experts were engaged to assist with the investigation, help secure its IT environment, and harden security. The investigation confirmed that patient data was exposed in the incident, and the review of that data has recently been completed. The exposed data elements vary from individual to individual and may include names in combination with one or more of the following: mailing address, Social Security number, and provider name.

Notification letters started to be mailed to the affected individuals on or around February 5, 2026, and at the time of issuing those notifications, no evidence had been found to indicate any patient data had been misused; however, as a precaution, the affected individuals have been offered complimentary single bureau credit score, credit report, and credit monitoring services. The Ransomhouse ransomware group claimed responsibility for the breach and said it encrypted files and exfiltrated data from its network. While the group claims that it will publish the stolen data, its dark web data leak site only includes an “evidence pack,” which currently cannot be downloaded.

Triad Radiology Associates, North Carolina

Triad Radiology Associates, a North Carolina-based physician practice providing medical imaging and radiology services, has notified 11,011 individuals about unauthorized access to an employee’s email account containing electronic protected health information. Suspicious activity was identified within the email account on or around July 30, 2025. After securing the account, an investigation was launched to determine the nature and scope of the activity, with assistance provided by third-party cybersecurity experts.

According to its data breach notice, “Our investigation determined that a limited amount of information may have been accessed between July 11, 2025, and September 8, 2025.”  That suggests that despite securing the account, unauthorized access continued for almost 40 days after the incident was first identified. Triad Radiology said its file review confirmed that the information exposed in the incident included names, addresses, dates of birth, Social Security numbers, driver’s license numbers, bank account information, medical information, and health insurance information. Triad Radiology has reviewed its data security policies and procedures and is taking steps to prevent similar incidents in the future. The affected individuals have been offered complimentary credit monitoring and identity theft protection services.

North East Medical Services, California

North East Medical Services, a San Francisco, California-based network of community health centers in the San Francisco Bay Area and Las Vegas, has recently disclosed a data breach to the California Attorney General. On October 19, 2025, suspicious activity was identified within its computer systems. Third-party cybersecurity experts have been engaged to investigate the incident, and unauthorized network access was confirmed.

The exposed data is currently being reviewed, and North East Medical Services has yet to determine how many individuals have been affected or the types of data involved. Notification letters will be mailed to the affected individuals when the data review is concluded. In the meantime, all patients have been advised to remain vigilant against incidents of identity theft and fraud by monitoring their accounts and explanation of benefits statements for suspicious activity.

The post Greater Pittsburgh Orthopedic Associates Data Breach Affects Almost 57,000 Individuals appeared first on The HIPAA Journal.

University of Mississippi Medical Center (UMMC) has temporarily closed most of its clinics following a ransomware attack, and scheduled appointments and surgeries have been cancelled and will be rebooked once the attack has been remediated. Mississippi MED-COM, the network that coordinates hospital transfers across the state, has also been affected by the ransomware attack, but had redundancies in place, and patients continue to be routed to hospitals in the state without disruption.

The attack was detected in the early hours of Thursday, February 19, 2026, and has impacted the UMMC network and many of its IT systems, including its EPIC electronic medical record system. According to LouAnn Woodward, vice chancellor for health affairs and dean of the School of Medicine, all clinics will remain closed on Friday, February 20, 2026, as a result of the attack, with the exception of its kidney dialysis clinic at Jackson Medical Mall, which remains open with appointments proceeding as scheduled. Without access to key systems, including its electronic medical record system, information is being recorded with pen and paper for patients in its care. In-person classes for students are continuing as scheduled.

Woodward confirmed that care continues to be provided to hospital patients, and all clinical equipment and operations remain functional. While there have been temporary clinic closures, the emergency department remains open and is accepting patients. Law enforcement has been alerted, and UMMC is coordinating with the Department of Homeland Security and the U.S. Cybersecurity and Infrastructure Security Agency, and the Federal Bureau of Investigation is providing assistance.

Since the attack was only detected yesterday, it is too early to tell to what extent, if any, patient data has been compromised, or how long the recovery will take. “ At this point in the incident it’s too early for us to communicate what we do and don’t know, but we are in the process of surging resources, both locally and nationally, into this incident to make sure that we are standing alongside with UMMC and their vendors,” said FBI Special Agent in Charge Robert A. Eikhoff, who was present at the UMMC presser announcing the attack. UMMC has confirmed it has made contact with the group behind the attack, but the name of the group has not been disclosed, and UMMC has not stated whether it is considering paying the ransom.

The post UMMC Shuts Clinics While it Grapples with Ransomware Attack appeared first on The HIPAA Journal.

Granite Wellness Centers in California and Pediatric Home Service in Minnesota have both settled lawsuits stemming from cyberattacks that exposed sensitive patient data.

Granite Wellness Centers Data Breach Settlement

Granite Wellness Centers, a network of drug addiction treatment centers in Northern California, has agreed to settle class action litigation over a January 2021 ransomware attack and data breach that affected up to 15,600 individuals. The attack was detected on or around January 5, 2021, and the forensic investigation confirmed that the ransomware actor acquired files containing sensitive patient data, including names, dates of birth, home addresses, dates of care, treatment information, treatment providers, health information, health insurance information, driver’s license numbers, medical histories, Social Security numbers, and bank account numbers.

The affected individuals were notified on or around March 5, 2021, and the first class action lawsuit was filed on June 14, 2023. An amended complaint was filed in September 2023 – Bente, et al. v. Granite Wellness Centers – in the Superior Court of the State of California, County of Placer. The lawsuit asserted claims for negligence, negligence per se, breach of implied contract, unjust enrichment, and declaratory judgment. Granite Wellness Centers maintains that there was no wrongdoing and denies claims that the exposure of data caused any harm to individuals. Following mediation, all parties agreed to settle the litigation to avoid the cost and risk of a trial, with no admission of wrongdoing or liability by the defendant.

Granite Wellness Centers has agreed to establish a $725,000 settlement fund to cover all costs associated with the litigation, including attorneys’ fees (up to 33.33% of the fund), litigation expenses (up to $20,000), service awards for the class representatives (up to $2,000 per class representative), and class member benefits. There are three types of payments available to class members. A claim may be submitted for a pro rata cash payment, estimated to be approximately $750 per class member, but may be higher or lower depending on the number of claims submitted. A claim may be submitted for reimbursement of documented, unreimbursed losses due to the data breach up to a maximum of $5,000 per class member, and California residents at the time of the data breach may submit a claim for an additional statutory $100 cash payment.

The deadline for opting out and objecting is March 28, 2026. The deadline for submitting a claim is April 27, 2026, and the final fairness hearing has been scheduled for April 28, 2026.

Pediatric Home Service Data Breach Settlement

Pediatric Home Respiratory Services (Pediatric Home Service), a Roseville, MN-based independent children’s home healthcare provider, has agreed to settle litigation stemming from a November 2024 cyberattack and data breach. The lawsuit claims that 43,634 individuals were affected by the data breach. The HHS’ Office for Civil Rights was informed that the protected health information of 41,792 patients was exposed in the incident. The Pediatric Home Service cyberattack was detected on November 7, 2024, and the forensic investigation confirmed that an unauthorized third party accessed its network between November 1, 2024, and November 7, 2024. The affected individuals were notified on January 8, 2025.

Two class action lawsuits were filed in response to the data breach, which were consolidated into a single complaint – In re Pediatric Home Respiratory Services, LLC d/b/a Pediatric Home Service Litigation –in the District Court for Ramsey County, Minnesota. The lawsuit asserted claims of negligence, negligence per se, breach of implied contract, violation of the Minnesota Health Records Act, breach of fiduciary duty, declaratory judgment, and unjust enrichment. Pediatric Home Service denies all claims and contentions in the lawsuit and maintains there was no wrongdoing. Pediatric Home Service sought to have the lawsuit dismissed for lack of standing and failure to state a claim. The plaintiffs opposed the motion, and following mediation, a settlement was agreed to resolve the litigation.

There are two cash payment options, one of which can be selected by all class members. A claim may be submitted for reimbursement of documented, unreimbursed losses due to the data breach up to a maximum of $1,500 per class member. Alternatively, a one-time cash payment of $50 may be claimed. In addition, a claim may be submitted for a 12- month membership to one of three credit monitoring options: CyEx Medical Shield Complete, CyEx Identity Defense Total, or CyEx Minor Defense Pro (for minors). The deadline for objecting to the settlement and exclusion is April 8, 2026. The claims deadline is April 23, 2026, and the final fairness hearing has been scheduled for May 8, 2026.

The post Granite Wellness Centers & Pediatric Home Service Settle Class Action Data Breach Lawsuits appeared first on The HIPAA Journal.

WIRX Pharmacy in Pennsylvania has experienced a security incident that exposed the protected health information of more than 20,000 current and former patients. Emanuel Medical Center in California has started notifying patients about a May 2025 cyberattack that exposed patient data.

WIRX Pharmacy, Pennsylvania

WIRX Pharmacy in Fort Washington, Pennsylvania, has notified 20,104 individuals about a December 2025 cybersecurity incident that may have resulted in unauthorized access and/or theft of protected health information. Suspicious activity was identified within its network environment on or around December 7, 2025. Systems were secured, and an investigation was launched, which confirmed unauthorized access to certain data on its systems between December 6, 2025, and December 7, 2025.

A review of the exposed files confirmed that personal and protected health information were present in files on the compromised parts of its network. The affected data varies from individual to individual and may include names in combination with one or more of the following: clinical information (diagnosis/conditions, medications, and other treatment information), demographic information (Social Security number, address, date of birth, and other identifiers), and financial account or claims information.

WIRX Pharmacy said it is reviewing its security policies and procedures and will take steps to harden security to prevent similar incidents in the future. The affected individuals have been advised to remain vigilant against identity theft and fraud by monitoring their financial accounts and free credit reports.

Emanuel Medical Center, California

Emanuel Medical Center, a 209-bed acute care hospital located in Turlock, California, has started notifying current and former patients about a May 2025 security incident. Suspicious network activity was identified on May 22, 2025, and third-party cybersecurity experts were engaged to investigate the activity. They confirmed unauthorized access to its network between May 21 and May 24, 2025, and that files containing personal and protected health information were present on the affected systems.

The review of those files has recently been completed, and notification letters started to be mailed to the affected individuals on February 17, 2026. Data compromised in the incident varies from individual to individual and may include names, dates of birth, contact information, government identification numbers (including Social Security numbers and driver’s license numbers), health insurance information, patient identification numbers, dates of service, provider names, diagnoses, treatment information, prescriptions, medical histories, and lab reports.

Third-party cybersecurity experts have evaluated security and assisted with strengthening system security. The affected individuals have been advised to remain vigilant against identity theft and fraud by monitoring their accounts and free credit reports for suspicious activity. The incident is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.

The post Cyberattacks Announced by WIRX Pharmacy and Emanuel Medical Center appeared first on The HIPAA Journal.