Vida Y Salud-Health Systems & Dublin Medical Center Confirm Data Breaches
Data breaches have recently been announced by Vida Y Salud-Health Systems in Crystal City, Texas, and Dublin Medical Center in Georgia.
Vida Y Salud-Health Systems, Texas
Vida Y Salud-Health Systems, a Crystal City, TX-based Federally Qualified Health Center, has recently reported a data breach to the Texas Attorney General involving unauthorized access to the protected health information of 34,504 Texas residents. On October 8, 2025, suspicious activity was identified within its network. The forensic investigation confirmed that an unauthorized third party gained access to its network on October 7, 2025, and exfiltrated data.
The investigation and data review have recently concluded, and it was confirmed that names, addresses, dates of birth, Social Security numbers, driver’s license numbers, account numbers, and claim numbers had been stolen. Vida Y Salud-Health Systems has notified the HHS’ Office for Civil Rights; however, the data breach is not currently shown on the OCR data breach portal, so it is unclear how many individuals in total have been affected. Vida Y Salud-Health Systems said steps have been taken to strengthen security to prevent similar breaches in the future, and the affected individuals have been offered complimentary credit monitoring and identity theft protection services.
Dublin Medical Center, Georgia
Dublin Medical Center in Georgia has recently started notifying individuals affected by an October 2025 cybersecurity incident. Suspicious activity was identified within its computer network on October 17, 2025. The substitute data breach notice on Dublin Medical Center’s website does not state when the unauthorized access started.
The review of the files on the affected parts of its network confirmed that patient data was compromised in the incident. The data types varied from individual to individual and may have included names in combination with some or all of the following: contact information, date of birth, patient status, provider name, diagnosis and treatment information, prescriptions, medical history, radiology imaging and reports, medical consent forms, lab reports, patient identification number, dates of service, and health insurance information.
The investigation is continuing; however, notification letters started to be mailed to the affected individuals on December 17, 2025. The affected individuals have been advised to remain vigilant against misuse of their data by reviewing their account statements, free credit reports, and explanation of benefits statements. The incident is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.
The post Vida Y Salud-Health Systems & Dublin Medical Center Confirm Data Breaches appeared first on The HIPAA Journal.
Consulting Radiologists Pays $2.2M to Settle Class Action Data Breach Litigation
A settlement has been approved to resolve class action data breach litigation against Consulting Radiologists Ltd., a physician-owned radiology practice that provides medical imaging services at more than 100 healthcare facilities in Minnesota and the surrounding areas.
The Consulting Radiologists data breach was reported to the HHS’ Office for Civil Rights on June 14, 2024, as involving the protected health information of up to 583,824 individuals. A network intrusion was identified on February 12, 2024, and the investigation confirmed that the network was accessed by an unauthorized third party who may have obtained patient data such as names, addresses, dates of birth, medical information, health insurance information, along with the Social Security numbers of 19,346 individuals.
The data breach was announced in April 2024, and notification letters were sent to the affected individuals. Shortly thereafter, a class action lawsuit was filed in response to the data breach, followed by a further 18 complaints. In August 2024, District Court Judge Thomas Conley issued an order to consolidate all complaints against Consulting Radiologists. The consolidated lawsuit – In re Consulting Radiologists Data Incident Litigation – was filed in the District Court of the 4th Judicial District Court of Hennepin County, Minnesota, on November 1, 2024.
The lawsuit claimed the data breach was the result of negligence and could have been prevented had reasonable and appropriate cybersecurity measures been implemented and maintained. The lawsuit alleged that Consulting Radiologists had violated the HIPAA Rules, including the HIPAA Security Rule, by failing to properly secure patient data and the HIPAA Breach Notification Rule due to the delay in issuing notifications to the affected individuals.
The lawsuit asserted claims of negligence, negligence per se, breach of contract, breach of implied contract, breach of third-party contract, breach of implied covenant of good faith and fair dealing, breach of fiduciary duty, breach of confidence, invasion of privacy/intrusion upon seclusion, unjust enrichment, and violations of the Minnesota Consumer Fraud Act and Minnesota Health Records Act.
Consulting Radiologists sought to have the lawsuit dismissed, and that attempt was partially successful; however, the court failed to dismiss the claims of negligence, negligence per se, unjust enrichment, injunctive/declaratory relief, and violations of the Minnesota Consumer Fraud Act and Minnesota Health Records Act. Following mediation and ongoing negotiations, a settlement was agreed to bring the litigation to an end, with no admission of liability or wrongdoing. Consulting Radiologists has agreed to pay $2,200,000 in aggregate to cover attorneys’ fees and expenses, settlement administration and notification costs, service awards for the 19 class representatives, and benefits to the class members.
Class members may claim up to three benefits under the settlement: A claim may be submitted for reimbursement of documented, unreimbursed losses due to the data breach up to a maximum of $5,000 per class member. Two years of single-bureau credit monitoring services may be claimed, and class members may also claim a cash payment. The cash payments depend on the types of data compromised in the incident, and are expected to be $125 for individuals whose Social Security numbers were involved, and $50 for all other class members. The cash payments are subject to a pro rata reduction to remain under the cap of $2,200,000.
The deadline for objection to and exclusion from the settlement is January 30, 2026. The deadline for submitting a claim is March 2, 2026, and the final fairness hearing has been scheduled for February 25, 2026. Further information can be found on the settlement website: https://www.crdatasettlement.com/
The post Consulting Radiologists Pays $2.2M to Settle Class Action Data Breach Litigation appeared first on The HIPAA Journal.
Mindcore Technologies Completes HIPAA Compliance Examination for ShieldHQ – Hattiesburg American
Mindcore Technologies Completes HIPAA Compliance Examination for ShieldHQ Hattiesburg American
Mindcore Technologies Completes HIPAA Compliance Examination for ShieldHQ – kitsapsun.com
Mindcore Technologies Completes HIPAA Compliance Examination for ShieldHQ – recordonline.com
FREE Webinar Tomorrow: How to Complete Your Annual HIPAA Risk Assessment
In 2025, 95% of OCR HIPAA fines cited missing or deficient HIPAA risk assessments as a core basis for enforcement.
HIPAA risk assessments are expected at least annually, and if you haven’t completed one yet this year, now is the time.
That’s why we’re strongly suggesting you attend Compliancy Group’s most popular annual webinar, How to Complete your Annual HIPAA Risk Assessment, on February 19, from 1–2 pm ET.
Practical Guidance for Real-World Compliance
Whether you’re new to HIPAA risk assessments or refining your approach, you’ll gain insights you can actually use and hear perspectives from others facing similar realities.
Webinar attendees will learn:
- Why HIPAA risk assessments break down and how to avoid it.
- What regulators actually expect.
- How to identify and prioritize real risk.
- How to stay compliant year over year through training, remediation, and ongoing risk management.
Why Attend?
HIPAA risk assessments are one of the most misunderstood and dreaded parts of HIPAA compliance. They’re time-consuming. They feel overwhelming. And many organizations aren’t confident they’re doing them correctly.
You may be doing all the right things with training and policies, but avoiding or rushing a risk assessment can leave serious gaps that regulators will scrutinize. Some 95% of HIPAA OCR fines in 2025 had missing or deficient HIPAA risk assessments as the core legal basis for enforcement.
This session is designed as more than a webinar; it’s a gathering place for people navigating the same challenges. A space to learn, share perspectives, and walk away with practical clarity.
Reserve your seat today and learn how to break risk assessment into manageable steps, including critical employee training, remediation, and ongoing risk management that comes after.
WEBINAR DETAILS
How to Complete Your Annual HIPAA Risk Assessment: Practical Guidance for Real-World Compliance
Date: Thursday, February 19, 2026
Time: 1:00 PM ET / 6:00 PM GMT
Format: Live webinar (with practical guidance)
Speaker: Liam Degnan, Director, Solutions Engineering
Liam Degnan brings more than eight years of experience in risk management, SaaS sales, and healthcare compliance. As Compliancy Group’s Senior Solutions Engineer, he advises healthcare decision-makers, healthcare providers, and medical vendors. He speaks on a variety of platforms and topics, with an emphasis on simplifying HIPAA, OSHA, SOC 2, and other healthcare compliance regulations.
The post FREE Webinar Tomorrow: How to Complete Your Annual HIPAA Risk Assessment appeared first on The HIPAA Journal.