Data Breaches Announced by US HealthConnect & Altos Inc. – The HIPAA Journal
Data Breaches Announced by US HealthConnect & Altos Inc. The HIPAA Journal
Data Breaches Announced by US HealthConnect & Altos Inc.
The medical education provider US HealthConnect and the California billing services vendor Altos Inc have recently announced cyberattacks and data breaches.
US HealthConnect
US HealthConnect, a provider of continuing medical education and promotional education to healthcare providers, has recently announced a cybersecurity incident that was identified on January 25, 2025. Suspicious activity was identified within its computer network, and third-party cybersecurity specialists were engaged to investigate to determine the nature and scope of the activity.
The investigation confirmed that an unauthorized third party had access to its network and may have obtained certain information from the affected systems, including names and Social Security numbers. After validating the results and obtaining up-to-date contact information, notification letters started to be issued on September 4, 2025.
US HealthConnect has enhanced its existing policies and procedures and implemented additional administrative and technical safeguards to protect against similar incidents in the future, and the affected individuals have been offered up to 24 months of complimentary credit monitoring and identity theft protection services. The data breach has been reported to regulators, although it is currently unclear how many individuals have been affected.
Altos Inc.
Altos Inc., a provider of medical billing, medical transcription & medical management services to healthcare providers in southern California, has discovered that an internal system containing patients’ protected health information has been accidentally exposed to the Internet.
The security error was identified on June 17, 2025. The exposed system was immediately secured, and an investigation was launched to determine how the error occurred and the information that had been exposed. On July 21, 2025, Altos determined that the exposed system contained the protected health information of 6,414 individuals, including names, addresses, dates of birth, Social Security numbers, and health information.
In addition to securing the exposed system and implementing procedures to reduce the risk of similar incidents in the future, additional security reviews have been conducted, and steps are being taken to improve its overall security posture. While there have been no reports of misuse of patient data in connection with the incident, out of an abundance of caution, the affected individuals have been offered complimentary credit monitoring and identity theft protection services.
The post Data Breaches Announced by US HealthConnect & Altos Inc. appeared first on The HIPAA Journal.
Data Breaches Announced by Washington, Florida, and Minnesota Healthcare Providers
Data breaches have recently been announced by Northwest Medical Specialties in Washington, Medical Associates of Brevard in Florida, and Twin Cities Pain Clinic in Minnesota.
Northwest Medical Specialties
Northwest Medical Specialties, PLLC (NWMS), a physician-owned practice with six locations in the South Puget Sound area of Washington state, has started notifying patients about a recent security incident that potentially involved unauthorized access to some of their protected health information.
NWMS was contacted by an unidentified party on August 18, 2025, who claimed to have accessed its network and sensitive patient data. After securing the network and engaging third-party digital forensics specialists to investigate a potential breach, it was concluded that patient data was potentially copied without authorization. The review of the affected files was completed on August 22, 2025, and confirmed that the potentially compromised data included full names, dates of birth, Social Security numbers, and medical information. Notification letters are now being sent to the affected individuals, who have been offered complimentary credit monitoring services.
NWMS said it is reviewing its policies and procedures related to data privacy and security and has implemented additional technical safeguards to further enhance system security. The data breach is not yet shown on the HHS’ Office for Civil Rights breach portal, so the total number of affected individuals cannot yet be confirmed; however, the Washington Attorney General was notified that 3,846 Washingtonians were affected.
Medical Associates of Brevard
Medical Associates of Brevard, a provider of comprehensive healthcare services to residents of Brevard County in Florida, has recently notified state attorneys general about a recent criminal cyberattack that occurred on or around January 17, 2025. Third-party cybersecurity experts were engaged to investigate the incident and review the files on the compromised parts of its network. The review was completed on July 7, 2025, when it was confirmed that the potentially compromised data included names, dates of birth, medical treatment information, health insurance information, Social Security numbers, driver’s license numbers/state identification numbers, and, for a limited number of individuals, financial account information.
Notification letters were mailed to the affected individuals on September 5, 2025. Complimentary credit monitoring and identity theft protection services have been offered, and a series of cybersecurity enhancements have been made to prevent similar incidents in the future. The incident is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is unclear how many individuals have been affected.
Twin Cities Pain Clinic
Twin Cities Pain Clinic, a specialized pain management medical group with six locations in Minnesota, has recently disclosed an email security incident that has exposed patient data. Suspicious activity was identified within an employee’s email account on or around July 9, 2025. A digital forensics firm was engaged to investigate the activity and confirmed on July 31, 2025, that an unauthorized user had accessed the account and a limited number of files stored within SharePoint.
A data mining review was initiated to identify any patients who may have had their protected health information exposed. On August 18, 2025, the review was completed, and determined that patient data was present within emails, attachments, and SharePoint. The exposed data included full names, dates of birth, mailing addresses, phone numbers, email addresses, Social Security numbers, medical record numbers, treatment notes, provide information, Social Security numbers, health insurance information, and financial account information.
Legal counsel is conducting a full review of security practices and systems, and enhanced security protocols and security awareness training will be implemented. While no evidence was found to suggest any information had been downloaded or otherwise removed from its email or SharePoint environments, as a precaution, the affected individuals have been offered complimentary single-bureau credit monitoring, credit report, and credit score services for 24 months.
The post Data Breaches Announced by Washington, Florida, and Minnesota Healthcare Providers appeared first on The HIPAA Journal.
HIPAA Compliance for Dentists: 2025 Update – The HIPAA Journal
HIPAA Compliance for Dentists: 2025 Update The HIPAA Journal
HHS Releases Updated Security Risk Assessment Tool – The HIPAA Journal
HHS Releases Updated Security Risk Assessment Tool The HIPAA Journal
HHS Releases Updated Security Risk Assessment Tool – The HIPAA Journal
HHS Releases Updated Security Risk Assessment Tool The HIPAA Journal
Legislators accuse CVS Health of violating HIPAA – Supermarket News
Legislators accuse CVS Health of violating HIPAA Supermarket News