Data breaches have recently been announced by Tri Century Eye Care in Pennsylvania, Pittsburgh Gastroenterology Associates, NAHGA Claims Services, and the Texas revenue cycle management company, Legacy Health.

Tri Century Eye Care

Tri Century Eye Care, P.C., in Pennsylvania, has recently started notifying patients about a September 2025 data security incident involving the theft of files containing sensitive data. Suspicious network activity was identified on September 3, 2025, and immediate steps were taken to secure its network. Third-party cybersecurity specialists were engaged to investigate and determine the nature and scope of the activity, and on September 19, 2025, Tri Century Eye Care learned that an unknown actor had accessed its network and acquired files. There was no unauthorized access to its electronic medical record system.

The files were reviewed and found to contain personal and protected health information of patients and employees. The types of information involved varied from individual to individual and may have included names in combination with one or more of the following: Social Security number, date of birth, medical or health information, diagnostic and treatment information, health insurance information, billing or payment information, and/or tax/financial information.

Tri Century Eye Care has implemented additional security measures to reduce the risk of similar incidents in the future, including enforcing stronger password requirements, requiring more frequent password changes, reducing access permissions, and ensuring older data is stored offline. The HHS’ Office for Civil Rights has been notified about the incident, as has the FBI. The OCR breach portal is not currently showing the data breach, so it is unclear how many individuals have been affected.

The Pear threat group claimed responsibility for the incident. Pear (Pure Extraction And Ransom) is a private hacking group that does not engage in data encryption. While no specific industry is targeted, the group has claimed several healthcare victims. Pear claims to have exfiltrated 3.3 GB of data, and appears to have leaked the full dataset.

Pittsburgh Gastroenterology Associates

Pittsburgh Gastroenterology Associates has notified patients about an August 2025 cyberattack that involved unauthorized access to patient information. This appears to have been a ransomware attack, based on the description in its breach notification letters. Network disruption was experienced on August 12, 2025, and after taking steps to secure its IT systems, an investigation was launched to determine the nature and scope of the activity. Assisted by digital forensics specialists, Pittsburgh Gastroenterology Associates determined on August 28, 2025, that a threat actor had accessed its network and may have exfiltrated files containing patient information.

The exposed files were reviewed and found to contain first and last names, birth dates, treatment and procedure information, and health insurance information. Social Security numbers and financial information were not involved, and there was no unauthorized access to its electronic medical record system. Third-party experts have been engaged to conduct a full review of its security practices, and enhancements have been made to improve network and data security.

The Sinobi ransomware group claimed responsibility for the attack and added Pittsburgh Gastroenterology Associates to its dark web data leak site. The dark web leak site appears to list the full 198 Gb of data stolen in the attack.

NAHGA Claims Services

The National Accident Health General Agency (NAHGA) Claims Servicers, a Bridgton, Maine-based third-party administrator specializing in accident and health insurance claims, has recently notified state attorneys general about a recent security incident involving unauthorized access to its computer network. Suspicious network activity was identified on April 13, 2025, and third-party cybersecurity experts were engaged to investigate the activity.

The investigation revealed that its computer network had been accessed by an unauthorized third party between April 8, 2025, and April 10, 2025, during which time certain files on its network may have been acquired. A review was conducted to determine the types of information compromised in the incident, and that process was completed in October. NAHGA has been working with the affected clients to issue notifications to the affected individuals.

At present, it is unclear how many individuals have been affected; however, given that NAHGA provides services nationally, the data breach has the potential to be significant. NAHGA is offering the affected individuals complimentary credit monitoring and identity theft protection services, which include a $1 million identity theft insurance policy. NAHGA has also taken steps to improve network and data security to prevent similar data breaches in the future.

Legacy Health

Legacy Health, a Texas revenue cycle management company that works with more than 12,000 healthcare providers, has recently disclosed a security incident that has exposed patient data.  Little is currently known about the data breach, other than it potentially involves unauthorized access to individuals’ names, medical information, and health insurance information. The HHS’ Office for Civil Rights data breach portal is not currently showing the breach, so it is unclear how many individuals have been affected in total, although the Texas Attorney General was informed that 4,031 Texas residents have been affected.

The post Tri Century Eye Care & Pittsburgh Gastroenterology Associates Announce Data Breaches appeared first on The HIPAA Journal.