EHR Vendor Identifies Business Associate Data Breach – The HIPAA Journal
EHR Vendor Identifies Business Associate Data Breach The HIPAA Journal
EHR Vendor Identifies Business Associate Data Breach
Data breaches have recently been announced by the EHR vendor CareTracker (Amazing Charts) and the Wisconsin health system, Marshfield Clinic.
CareTracker (Amazing Charts)
CareTracker Inc., doing business as Amazing Charts, an electronic health record and practice management platform provider, has been affected by a security incident at one of its vendors. On June 19, 2025, Amazing Charts identified unusual activity within a system managed by a third-party vendor. Immediate action was taken to secure the vendor’s environment, and an investigation was launched to determine the nature and scope of the activity.
The investigation confirmed unauthorized access to the service provider’s network between June 15, 2025, and June 19, 2025. Files were then reviewed to determine the individuals affected and the types of data involved. Due to the complexity of the data review, that process has only recently been completed.
Data potentially compromised in the incident included names in combination with one or more of the following: diagnoses, treatment information, physician names, medical record numbers, and health insurance information. Notification letters have recently been mailed to the affected individuals, and complimentary credit monitoring services have been offered for 12 months. At the time of notification, no misuse of the affected information had been identified.
Marshfield Clinic Health System
Marshfield Clinic Health System, an integrated health system serving Wisconsin and Michigan’s Upper Peninsula, identified unauthorized access to certain employee email accounts on or around August 27, 2025. The forensic investigation confirmed that an unauthorized third party had access to the accounts from August 26 to August 27, 2025, and potentially accessed or copied emails containing patient information. The types of information compromised in the incident varied from individual to individual and may have included names, medical record numbers, health insurance information, diagnosis, and treatment information.
The affected individuals are being notified by mail and have been offered complimentary credit monitoring and identity theft protection services. The incident is not yet shown on the HHS’ Office for Civil Rights website, so it is currently unclear how many individuals have been affected.
The post EHR Vendor Identifies Business Associate Data Breach appeared first on The HIPAA Journal.
IDT Launches HIPAA-Compliant AI Solution for Healthcare Efficien – GuruFocus
net2phone Launches HIPAA-Compatible AI Agent to Enhance Healthcare Communications – Quiver Quantitative
net2phone Launches HIPAA-Compatible Agentic AI Solution for Healthcare – The Manila Times
net2phone Launches HIPAA-Compatible Agentic AI Solution for Healthcare – The Manila Times
net2phone (IDT) Debuts HIPAA-Compatible AI Agent to Automate Patient Communications – Stock Titan
net2phone Launches HIPAA-Compatible Agentic AI Solution for Healthcare – GlobeNewswire
Doctor Alliance Investigating 353 GB Data Theft Claim – The HIPAA Journal
Doctor Alliance Investigating 353 GB Data Theft Claim The HIPAA Journal