Health Plan Members’ PHI Exposed in Cyberattack on Fieldtex Products

Posted by Steve Alder

Data breaches have been announced by Fieldtex Products in New York State and the Utah ear, nose & throat specialists, Cache Valley Ear ENT.

Fieldtex Products, New York

Fieldtex Products, a medical supply fulfillment organization based in Rochester, New York, has announced a data security incident involving unauthorized access to its computer systems. The intrusion was identified on August 19, 2025, and action was immediately taken to secure its network and prevent further unauthorized access. A third-party digital forensics team was engaged to investigate the incident, which confirmed that a limited amount of protected health information had been exposed and may have been accessed or stolen in the attack.

The exposed data related to the over-the-counter healthcare-related products provided by Fieldtex to members of its health plan clients. In order to provide those products, health plans provided Fieldtex with protected health information such as patient names, addresses, dates of birth, insurance member identification numbers, plan names, effective terms, and gender.

The analysis of the exposed data was completed on September 30, 2025, and the affected health plans were notified immediately. Fieldtex has sent notification letters to the affected individuals on behalf of the health plans that authorized Fieldtex to provide direct notice and has offered those individuals complimentary credit monitoring services.

At the time of issuing notification letters, Fieldtex was unaware of any misuse of the exposed data. Steps have been taken to improve security, and data security policies and procedures are being reviewed. The data breach is not currently shown on the HHS’ Office for Civil Rights website, so it is currently unclear how many individuals have been affected.

Cache Valley Ear, Nose & Throat, Utah

Legal counsel for Cache Valley Ear, Nose & Throat (Cache Valley ENT) has notified state attorneys general about a February 2025 data security incident that exposed patient information. Suspicious activity was identified within its network on February 4, 2025. An investigation was launched to determine the nature and scope of the activity, with assistance provided by third-party cybersecurity experts.

The North Logan, Utah-based healthcare provider confirmed that data may have been viewed or copied on February 4, 2025. The review of the exposed data was completed on November 4, 2025, when it was confirmed that names, addresses, provider names, drug names, and insurance provider names were involved. While highly sensitive patient data such as Social Security numbers and financial information do not appear to have been involved, out of an abundance of caution, the affected individuals have been offered 12 or 24 months of complimentary credit monitoring and identity theft protection services. The data breach is not currently shown on the HHS’ Office for Civil Rights website, so it is currently unclear how many individuals have been affected.

The post Health Plan Members’ PHI Exposed in Cyberattack on Fieldtex Products appeared first on The HIPAA Journal.

Main Line Fertility Center Settles Tracking Technology Lawsuit

Posted by Steve Alder

Main Line Fertility Center in Pennsylvania will pay cash payments to individuals whose sensitive data may have been disclosed to third parties via website tracking technologies. Like many healthcare providers, Main Line Fertility Center deployed third-party tracking tools and analytics code on its public website, including Meta Pixel. While these tools can provide valuable data to website owners, their use is problematic in healthcare due to the potential for sensitive data to be transferred to the providers of those tools. Depending on how and where these tools are deployed, they can potentially transfer personally identifiable and health information to those third parties.

In the case of Main Line Fertility Center, it was alleged to have used these tools without patients’ knowledge or consent, resulting in individually identifiable information being transferred to third parties, such as Meta. Anonymous plaintiff Jane Doe filed a lawsuit – Jane Doe v. Main Line Fertility, Ltd. – in the Court of Common Pleas of Philadelphia County, Pennsylvania, alleging the use of these tools without the knowledge or consent of patients amounted to negligence and violated the Pennsylvania Unfair Trade Practices Act. The lawsuit also asserted claims of invasion of privacy, breach of implied contract, and unjust enrichment.

Main Line Fertility Center maintains that there was no wrongdoing and filed its preliminary objections to the complaint on September 19, 2024; however, the court overruled the objections and ordered Main Line Fertility Center to file its answer to the plaintiff’s complaint, which was filed on February 6, 2024. Following substantive discovery efforts and extensive settlement discussions, Main Line Fertility Center agreed to participate in private mediation, and the material terms of a settlement were agreed upon. The full terms of the settlement have now been finalized, and the settlement has received preliminary approval from the court.

Similar to several other pixel-related settlements in recent months, class members will be provided with a cash payment and membership to a Privacy Shield Pro product. Class members wishing to submit a claim can elect to receive a one-time cash payment of $35, and if they submit a valid and timely claim, they will receive a code to enroll in the PRivacy Shield Pro product. Main Line Fertility Center has also agreed to pay attorneys’ fees and expenses, settlement administration costs, and service awards for the class representatives.

The deadline for opting out of and objecting to the settlement is December 1, 2025, and claims must be submitted by December 29, 2025. The final fairness hearing has been scheduled for January 6, 2026.

The post Main Line Fertility Center Settles Tracking Technology Lawsuit appeared first on The HIPAA Journal.