The electronic medical record vendor MDLand International Corporation has fallen victim to a ransomware attack that resulted in the encryption of some of its computer systems. The ransomware attack was detected on May 2, 2025, when certain systems became inaccessible. Immediate action was taken to isolate its network, and a forensic investigation was launched with the assistance of third-party cybersecurity specialists.

The forensic investigation confirmed that an unknown actor encrypted a limited number of MDLand’s systems on May 1, 2025, and may have gained access to patient information stored in one specific database on its network. There was no unauthorized access to the networks or systems of its clients, and no evidence was found to indicate any information in the impacted database was viewed or exfiltrated in the attack, although unauthorized data access and data theft could not be ruled out.

Certain data was encrypted and rendered inaccessible; however, it was possible to restore some of the impacted data, but despite MDLand’s best efforts, some records could not be recovered or recreated. Those records related to the period from April 1, 2025, to May 1, 2025. Data input into patients’ medical records during that time has been lost, including patient names, treatment plan information, and providers’ notes about patients.

The impacted database includes the following data elements: name, date of birth, gender, marital status, address, phone number, and prescription information. Financial account information, Social Security numbers, and health benefits information were not involved.

The incident has been reported to the HHS’ Office for Civil Rights as affecting 22,586 individuals. Additional security measures have been implemented, and security policies and procedures are being reviewed to identify any areas for improvement. At the time of issuing notifications, no evidence of misuse of patient data had been identified; however, as a precaution, the affected individuals have been offered 12 months of complimentary credit monitoring and identity theft protection services.

The post Patient Data Lost in Ransomware Attack on EHR Vendor appeared first on The HIPAA Journal.

Three insider incidents have recently been identified by healthcare providers in Florida, Massachusetts, and Indiana, including one privacy breach that has been ongoing for more than two and a half years.

University of Miami Health System

University of Miami Health System (UMHS) is notifying almost 3,000 patients about an insider data breach that has been ongoing for more than two and a half years. In June 2025, UMHS discovered that an employee had been accessing the medical records of patients when there was no legitimate business or clinical reason for doing so.

The review of access logs showed the unauthorized access started in September 2022 and continued until May 2025. Under HIPAA, medical records may only be accessed by employees for reasons related to treatment, payment for healthcare, and healthcare operations. If unauthorized medical record access is identified, individuals face sanctions, which in this case was termination of employment. UMHS is also collaborating with law enforcement over the incident.

The former employee did not have the necessary access rights to view financial information or Social Security numbers, but was able to view patient information such as names, dates of birth, medical record numbers, provider names, diagnosis/condition information, insurance information, and vaccination status. In total, the medical records of 2,928 patients were accessed over the space of more than two and a half years.

The affected individuals are being notified by Kroll and are being offered complimentary credit monitoring and identity theft protection services. UMHS is also enhancing its security measures and practices to better safeguard patient data.

Berkshire Health Systems

Berkshire Health Systems (BHS) in Massachusetts has discovered that an employee has been accessing patients’ medical records without authorization. An investigation was launched after BHS received a report about an employee potentially accessing patients’ medical records without a legitimate work reason for doing so. The privacy team immediately launched an investigation, which involved a review of access logs.

The access logs confirmed there had been unauthorized access to patient records, but no evidence was found to indicate any of the information in those records was downloaded, printed, or copied. BHS believes the employee was acting independently, with no other individuals involved. The employee was interviewed and denied disclosing any patient information to other individuals and was terminated for the HIPAA violation.

BHS said it has optimized its privacy monitoring software to help prevent further incidents of this nature in the future, and wrote to the affected patients on August 12, 2025, informing them about the privacy breach. The former employee only had limited access to patient data and could not view highly sensitive information such as financial information, health insurance information, or Social Security numbers. Information potentially viewed includes patient names, dates of birth, medical record numbers, diagnoses, and visit notes. BHS has not publicly disclosed how many individuals were affected, and the incident is not currently shown on the HHS’ Office for Civil Rights breach portal.

Life in Motion Family Wellness Center

Life in Motion Family Wellness Center in Evansville, Indiana, has discovered that patient data has been provided to a local physician and used to try to solicit business. The data breach occurred on July 22, 2025, and involved an individual who had previously rented office space in the center. That individual obtained a list of patient names, addresses, telephone numbers, and dates of birth, which she provided to the physician for marketing purposes.

The HHS’ Office for Civil Rights has been notified, law enforcement has been informed, and individual notification letters have been sent to the affected patients. Steps have also been taken to prevent similar incidents in the future, including reviewing system access and adding new layers of protection.

The post Insider Breaches Identified by Three Healthcare Providers appeared first on The HIPAA Journal.