Vida Y Salud-Health Systems & Dublin Medical Center Confirm Data Breaches

Posted by Steve Alder

Data breaches have recently been announced by Vida Y Salud-Health Systems in Crystal City, Texas, and Dublin Medical Center in Georgia.

Vida Y Salud-Health Systems, Texas

Vida Y Salud-Health Systems, a Crystal City, TX-based Federally Qualified Health Center, has recently reported a data breach to the Texas Attorney General involving unauthorized access to the protected health information of 34,504 Texas residents. On October 8, 2025, suspicious activity was identified within its network. The forensic investigation confirmed that an unauthorized third party gained access to its network on October 7, 2025, and exfiltrated data.

The investigation and data review have recently concluded, and it was confirmed that names, addresses, dates of birth, Social Security numbers, driver’s license numbers, account numbers, and claim numbers had been stolen. Vida Y Salud-Health Systems has notified the HHS’ Office for Civil Rights; however, the data breach is not currently shown on the OCR data breach portal, so it is unclear how many individuals in total have been affected. Vida Y Salud-Health Systems said steps have been taken to strengthen security to prevent similar breaches in the future, and the affected individuals have been offered complimentary credit monitoring and identity theft protection services.

Dublin Medical Center, Georgia

Dublin Medical Center in Georgia has recently started notifying individuals affected by an October 2025 cybersecurity incident. Suspicious activity was identified within its computer network on October 17, 2025. The substitute data breach notice on Dublin Medical Center’s website does not state when the unauthorized access started.

The review of the files on the affected parts of its network confirmed that patient data was compromised in the incident. The data types varied from individual to individual and may have included names in combination with some or all of the following: contact information, date of birth, patient status, provider name, diagnosis and treatment information, prescriptions, medical history, radiology imaging and reports, medical consent forms, lab reports, patient identification number, dates of service, and health insurance information.

The investigation is continuing; however, notification letters started to be mailed to the affected individuals on December 17, 2025. The affected individuals have been advised to remain vigilant against misuse of their data by reviewing their account statements, free credit reports, and explanation of benefits statements. The incident is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.

The post Vida Y Salud-Health Systems & Dublin Medical Center Confirm Data Breaches appeared first on The HIPAA Journal.

Consulting Radiologists Pays $2.2M to Settle Class Action Data Breach Litigation

Posted by Steve Alder

A settlement has been approved to resolve class action data breach litigation against Consulting Radiologists Ltd., a physician-owned radiology practice that provides medical imaging services at more than 100 healthcare facilities in Minnesota and the surrounding areas.

The Consulting Radiologists data breach was reported to the HHS’ Office for Civil Rights on June 14, 2024, as involving the protected health information of up to 583,824 individuals. A network intrusion was identified on February 12, 2024, and the investigation confirmed that the network was accessed by an unauthorized third party who may have obtained patient data such as names, addresses, dates of birth, medical information, health insurance information, along with the Social Security numbers of 19,346 individuals.

The data breach was announced in April 2024, and notification letters were sent to the affected individuals. Shortly thereafter, a class action lawsuit was filed in response to the data breach, followed by a further 18 complaints. In August 2024, District Court Judge Thomas Conley issued an order to consolidate all complaints against Consulting Radiologists. The consolidated lawsuit – In re Consulting Radiologists Data Incident Litigation – was filed in the District Court of the 4th Judicial District Court of Hennepin County, Minnesota, on November 1, 2024.

The lawsuit claimed the data breach was the result of negligence and could have been prevented had reasonable and appropriate cybersecurity measures been implemented and maintained. The lawsuit alleged that Consulting Radiologists had violated the HIPAA Rules, including the HIPAA Security Rule, by failing to properly secure patient data and the HIPAA Breach Notification Rule due to the delay in issuing notifications to the affected individuals.

The lawsuit asserted claims of negligence, negligence per se, breach of contract, breach of implied contract, breach of third-party contract, breach of implied covenant of good faith and fair dealing, breach of fiduciary duty, breach of confidence, invasion of privacy/intrusion upon seclusion, unjust enrichment, and violations of the Minnesota Consumer Fraud Act and Minnesota Health Records Act.

Consulting Radiologists sought to have the lawsuit dismissed, and that attempt was partially successful; however, the court failed to dismiss the claims of negligence, negligence per se, unjust enrichment, injunctive/declaratory relief, and violations of the Minnesota Consumer Fraud Act and Minnesota Health Records Act. Following mediation and ongoing negotiations, a settlement was agreed to bring the litigation to an end, with no admission of liability or wrongdoing. Consulting Radiologists has agreed to pay $2,200,000 in aggregate to cover attorneys’ fees and expenses, settlement administration and notification costs, service awards for the 19 class representatives, and benefits to the class members.

Class members may claim up to three benefits under the settlement: A claim may be submitted for reimbursement of documented, unreimbursed losses due to the data breach up to a maximum of $5,000 per class member. Two years of single-bureau credit monitoring services may be claimed, and class members may also claim a cash payment. The cash payments depend on the types of data compromised in the incident, and are expected to be $125 for individuals whose Social Security numbers were involved, and $50 for all other class members. The cash payments are subject to a pro rata reduction to remain under the cap of $2,200,000.

The deadline for objection to and exclusion from the settlement is January 30, 2026. The deadline for submitting a claim is March 2, 2026, and the final fairness hearing has been scheduled for February 25, 2026. Further information can be found on the settlement website: https://www.crdatasettlement.com/

The post Consulting Radiologists Pays $2.2M to Settle Class Action Data Breach Litigation appeared first on The HIPAA Journal.

FREE WEBINAR NEXT WEEK: 2025 HIPAA Breaches & Fines. Avoid Being the Next Headline

Posted by Steve Alder

The healthcare sector saw a surge in 2025 of HIPAA breach reports and enforcement activity, and smaller organizations were not immune. Many cases trace back to the same avoidable breakdowns, such as inconsistent training, weak or outdated policies, and blind spots in Business Associate vendor oversight.

Breaches. Fines. Audits. Do not be the next headline.

If you are a covered entity or a healthcare adjacent organization without a dedicated compliance team, those gaps add up fast. Regulators are paying closer attention, and the cost of getting it wrong can be steep in HIPAA violation fines and related remediation costs.

Webinar attendees will learn how to:

  • Spot the recurring breakdowns behind 2025 breach cases and enforcement actions
  • Connect those failures to HIPAA expectations and oversight from OCR, HHS, and the OIG
  • Prioritize the biggest risk areas that most often lead to investigations, penalties, and costly remediation
  • Put a simple, repeatable compliance routine in place for 2026 that holds up even without a dedicated team
  • Take away practical next steps to reduce exposure and close gaps before the next audit or incident

Why Attend?

You will gain a clearer insight into why breaches and fines keep happening, what regulators look for during investigations and audits, and a practical roadmap you can apply in 2026 to reduce risk and strengthen compliance.

Reserve your seat today and learn how to avoid the compliance mistakes that lead to costly breaches and enforcement actions in 2025.

WEBINAR DETAILS

      2025 HIPAA Data Breaches and Fines Costly Compliance Mistakes and How to Avoid Them in 2026

Date: Thursday, January 22, 2026
  Time: 1:00 PM ET / 6:00 PM GMT
                        Format: Live webinar (with practical guidance)

Speaker: Liam Degnan, Director, Solutions Engineering, Compliancy Group

 

Speaker: Liam Degnan, Director, Solutions Engineering

Liam Degnan Compliancy GroupLiam Degnan brings more than eight years of experience in risk management, SaaS sales, and healthcare compliance. As Compliancy Group’s Senior Solutions Engineer, he advises healthcare decision-makers, healthcare providers, and medical vendors. He speaks on a variety of platforms and topics, with an emphasis on simplifying HIPAA, OSHA, SOC 2, and other healthcare compliance regulations.

 

 

 

The post FREE WEBINAR NEXT WEEK: 2025 HIPAA Breaches & Fines. Avoid Being the Next Headline appeared first on The HIPAA Journal.