<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>HealthConsent Breach Tracker</title><description>Live tracker of 2026 healthcare data breaches reported to HHS OCR. New entries published as breaches are disclosed.</description><link>https://myhealthconsent.org/</link><language>en-us</language><copyright>HealthConsent</copyright><ttl>60</ttl><item><title>Capitol Pain Institute: 695 exposed</title><link>https://myhealthconsent.org/breaches/capitol-pain-institute-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/capitol-pain-institute-2026/</guid><description>Capitol Pain Institute, a multi-state interventional pain management practice headquartered in Colorado Springs with 16 clinics across CO, TX, IN, KY, and OH, filed an HHS OCR breach in May 2026 affecting 695 patients via an email account compromise. Specific PHI categories and remediation not yet publicly disclosed. Controlled-substance prescription history potentially in scope. Here is what to do.</description><pubDate>Fri, 01 May 2026 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>Cunningham Prosthetic Care LLC: 2,523 exposed</title><link>https://myhealthconsent.org/breaches/cunningham-prosthetic-care-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/cunningham-prosthetic-care-2026/</guid><description>Cunningham Prosthetic Care LLC, a family-owned Saco, Maine prosthetic and orthotic practice serving York County, Cumberland County, and southern New Hampshire, disclosed in May 2026 an October 2025 employee email compromise exposing names, Social Security numbers, driver&apos;s licenses, medical record numbers, diagnostic information, treatment, and health insurance data for 2,523 patients. Here is what to do.</description><pubDate>Fri, 01 May 2026 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>Western Orthopaedics, P.C.: 113,330 exposed</title><link>https://myhealthconsent.org/breaches/western-orthopaedics-pc-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/western-orthopaedics-pc-2026/</guid><description>Western Orthopaedics, P.C., a Denver-area orthopaedic surgery group founded in 1938, disclosed in May 2026 a September 2025 ransomware attack by the PEAR group. Approximately 1.7 TB exfiltrated including patient PII, PHI, financial records, and email mailboxes. 113,330 affected. Data was not paid for and was leaked. Here is what to do.</description><pubDate>Fri, 01 May 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>PEAR (Pure Extortion and Ransom)</category></item><item><title>City Health, a medical corporation: 65,000 exposed</title><link>https://myhealthconsent.org/breaches/city-health-a-medical-corporation-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/city-health-a-medical-corporation-2026/</guid><description>CityHealth, a San Leandro and Oakland urgent-care and dermatology medical corporation, disclosed in May 2026 that a former business counterparty re-entered its DrChrono EMR platform after their authorized access had been terminated. 65,000 patients exposed. No SSN or financial data in scope per the company notice. Here is what to do.</description><pubDate>Thu, 30 Apr 2026 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Exclusive Physicians PLLC: 58,000 exposed</title><link>https://myhealthconsent.org/breaches/exclusive-physicians-pllc-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/exclusive-physicians-pllc-2026/</guid><description>Exclusive Physicians PLLC, doing business as EPIC Health, a Detroit-area primary care medical group, disclosed in April 2026 a January 2026 network intrusion exposing names, dates of birth, demographic and contact information, insurance payor, and diagnosis category for 58,000 patients. EMR was not accessed. SSN and financial data not in scope. Here is what to do.</description><pubDate>Thu, 30 Apr 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Integrated Pain Associates: 500 exposed</title><link>https://myhealthconsent.org/breaches/integrated-pain-associates-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/integrated-pain-associates-2026/</guid><description>Integrated Pain Associates (IPA), a Texas interventional pain management practice with seven locations across Central and West Texas (Killeen, Abilene, Waco, Lampasas, Temple, Odessa, Brownwood), disclosed a February 2026 network intrusion. Names, Social Security numbers, driver&apos;s licenses, controlled-substance prescription records, and financial accounts exposed. Complimentary credit monitoring offered. Here is what to do.</description><pubDate>Thu, 30 Apr 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Mt. Spokane Pediatrics: 32,021 exposed</title><link>https://myhealthconsent.org/breaches/mt-spokane-pediatrics-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/mt-spokane-pediatrics-2026/</guid><description>Mt. Spokane Pediatrics, a pediatric practice with two clinics in North Spokane and Spokane Valley, Washington, disclosed in April 2026 a January 2026 LockBit 5.0 ransomware attack exposing names, Social Security numbers, dates of birth, diagnoses, and prescription information for 32,021 patients (29,410 Washington residents). 12 months Cyberscout monitoring offered. Here is what to do.</description><pubDate>Thu, 30 Apr 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>LockBit 5.0</category></item><item><title>Ouster, Inc.: 574 exposed</title><link>https://myhealthconsent.org/breaches/ouster-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/ouster-2026/</guid><description>Ouster, Inc. (NYSE: OUST), the publicly-traded LiDAR sensor manufacturer headquartered in San Francisco, filed an HHS OCR breach in April 2026 affecting 574 individuals — almost certainly the company&apos;s employee group health plan, not LiDAR products. No public disclosure, no SEC 8-K, and no California AG entry has surfaced as of mid-May 2026. Here is what to do.</description><pubDate>Thu, 30 Apr 2026 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Tri-Cities Gastroenterology, P.C.: 67,115 exposed</title><link>https://myhealthconsent.org/breaches/tri-cities-gastroenterology-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/tri-cities-gastroenterology-2026/</guid><description>Tri-Cities Gastroenterology, a five-office GI specialty group in northeast Tennessee (Kingsport, Johnson City, Elizabethton, Erwin, Greeneville), disclosed in April 2026 a December 2025 ransomware attack by the Insomnia group. Stolen data was leaked publicly after ransom non-payment. 67,115 patients affected. Here is what to do.</description><pubDate>Wed, 29 Apr 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Insomnia</category></item><item><title>Rocky Mountain Associated Physicians, P.C.: 50,640 exposed</title><link>https://myhealthconsent.org/breaches/rocky-mountain-associated-physicians-pc-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/rocky-mountain-associated-physicians-pc-2026/</guid><description>Rocky Mountain Associated Physicians, P.C., operating as Utah Bariatrics, a Salt Lake City bariatric surgery and medical weight-loss practice, disclosed in April 2026 a 2025 PEAR ransomware attack exposing names, Social Security numbers, dates of birth, medical records, diagnoses, treatment information, and (for some patients) payment card data and PINs for 50,640 affected individuals. Data was not paid for and was leaked. 12 months Experian IdentityWorks offered. Here is what to do.</description><pubDate>Tue, 21 Apr 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>PEAR (Pure Extortion and Ransom)</category></item><item><title>Prime-Care 12 Priority Health, Inc.: 1,000 exposed</title><link>https://myhealthconsent.org/breaches/prime-care-12-priority-health-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/prime-care-12-priority-health-2026/</guid><description>Prime-Care 12 Priority Health, Inc., a two-nurse-practitioner family practice clinic in Princeton, West Virginia (Mercer County), filed an HHS OCR breach in April 2026 affecting 1,000 patients — likely most of the practice&apos;s active panel. Specific PHI categories, threat actor, and remediation details not publicly disclosed. Here is what to do.</description><pubDate>Mon, 20 Apr 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Aligned Orthopedic Partners: 7,213 exposed</title><link>https://myhealthconsent.org/breaches/aligned-orthopedic-partners-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/aligned-orthopedic-partners-2026/</guid><description>ASC Ortho Management Company, LLC (d/b/a Aligned Orthopedic Partners), a Bethesda, Maryland orthopedic management services organization (MSO), disclosed in April 2026 a November-December 2025 email environment compromise exposing names, Social Security numbers, driver&apos;s licenses, Medicare/Medicaid IDs, financial accounts, and clinical narratives for 7,213 patients across DC/MD/VA orthopedic practices. 12 months Cyberscout (TransUnion) offered. Here is what to do.</description><pubDate>Fri, 17 Apr 2026 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>Innovative Scientific Solutions, LLC: 143,842 exposed</title><link>https://myhealthconsent.org/breaches/innovative-scientific-solutions-llc-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/innovative-scientific-solutions-llc-2026/</guid><description>Innovative Scientific Solutions LLC, operating as Luxor Scientific, a Greenville SC clinical diagnostic lab, disclosed in April 2026 a September 2025 network intrusion exposing names, Social Security numbers, driver&apos;s license numbers, financial account information, prescription data, and medical histories for 143,842 patients. 12 months of Experian IdentityWorks Credit 3B and $1M identity theft insurance offered. Here is what to do.</description><pubDate>Fri, 17 Apr 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>University of Nebraska Medical Center: 26,937 exposed</title><link>https://myhealthconsent.org/breaches/university-of-nebraska-medical-center-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/university-of-nebraska-medical-center-2026/</guid><description>The University of Nebraska Medical Center disclosed in April 2026 that a vulnerability in its REDCap research-data platform allowed unauthorized access between September 2023 and February 2026 — roughly 2.5 years. Names, dates of birth, medical record numbers, clinical info, and (for a subset) Social Security numbers exposed for 26,937 research participants. Here is what to do.</description><pubDate>Fri, 17 Apr 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Amedisys: 9,111 exposed</title><link>https://myhealthconsent.org/breaches/amedisys-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/amedisys-2026/</guid><description>Amedisys, a major US home health and hospice provider and UnitedHealth/Optum subsidiary, disclosed in 2026 that its third-party vendor Doctor Alliance suffered a November 2025 network intrusion. 9,111 Amedisys home-health patients exposed. Threat actor &apos;Kazu&apos; claimed 353 GB / 1.24 million records stolen across all Doctor Alliance clients. Here is what to do.</description><pubDate>Wed, 15 Apr 2026 00:00:00 GMT</pubDate><category>vendor-breach</category><category>ocr-open</category><category>Kazu</category></item><item><title>Liberty Bankers Life Insurance Co.: 20,202 exposed</title><link>https://myhealthconsent.org/breaches/liberty-bankers-life-ins-co-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/liberty-bankers-life-ins-co-2026/</guid><description>Liberty Bankers Life Insurance Co., a Texas life and annuity carrier, disclosed in April 2026 that its third-party administrator Illumifin suffered a November 2025 network intrusion exposing names, Social Security numbers, financial information, and medical information for 20,202 Liberty Bankers Life policyholders (97,781 total across Illumifin&apos;s client portfolio). 1 to 2 years of identity monitoring offered. Here is what to do.</description><pubDate>Wed, 15 Apr 2026 00:00:00 GMT</pubDate><category>vendor-breach</category><category>ocr-open</category></item><item><title>Mazzola Mardon, P.C.: 2,123 exposed</title><link>https://myhealthconsent.org/breaches/mazzola-mardon-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/mazzola-mardon-2026/</guid><description>Mazzola Mardon, P.C., a New York labor and ERISA law firm representing the Management-ILA Managed Health Care Trust Fund (longshoremen&apos;s union health plan), disclosed an August 2025 network intrusion. Names, Social Security numbers, driver&apos;s licenses, mental and physical condition records, treatment, diagnosis, prescriptions, Medicare IDs, and health insurance data for 2,123 plan members exposed. Here is what to do.</description><pubDate>Wed, 15 Apr 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Defense Health Agency: 1,300 exposed</title><link>https://myhealthconsent.org/breaches/defense-health-agency-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/defense-health-agency-2026/</guid><description>The Defense Health Agency (DHA), the DoD component administering TRICARE for ~9.6M military beneficiaries, filed an HHS OCR breach in April 2026 affecting 1,300 individuals via an unauthorized email access/disclosure. Specific incident mechanism, PHI categories, and remediation not yet publicly disclosed. Distinct from the larger March 2026 DHA EMR incident. Here is what to do.</description><pubDate>Tue, 14 Apr 2026 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>CardioFit Medical Group, Inc.: 7,243 exposed</title><link>https://myhealthconsent.org/breaches/cardiofit-medical-group-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/cardiofit-medical-group-2026/</guid><description>CardioFit Medical Group, a Torrance, California cardiology practice, disclosed in April 2026 a January-February 2026 disclosure incident in which patient PHI was transmitted via unencrypted email. 7,243 patients affected. No SSN exposure; no credit monitoring offered. Filed under California SB 446. Here is what to do.</description><pubDate>Fri, 10 Apr 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>C.A.R.E. Clinic: 500 exposed</title><link>https://myhealthconsent.org/breaches/care-clinic-red-wing-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/care-clinic-red-wing-2026/</guid><description>C.A.R.E. Clinic in Red Wing, Minnesota, a volunteer-physician free clinic serving uninsured adults in Goodhue County, filed an HHS OCR breach in April 2026 affecting 500 individuals via email compromise. Likely near-total active patient panel exposure at this small Tuesday-evening volunteer clinic. Limited public disclosure. Here is what to do.</description><pubDate>Fri, 10 Apr 2026 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>Springfield Hospital: 5,892 exposed</title><link>https://myhealthconsent.org/breaches/springfield-hospital-vermont-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/springfield-hospital-vermont-2026/</guid><description>Springfield Hospital, a not-for-profit critical access hospital in Springfield, Vermont, disclosed in April 2026 a December 2025 employee email account compromise exposing names, dates of birth, Social Security numbers, reason for visit, treating physician, and medical record numbers for 5,892 individuals. No credit monitoring offered despite SSN exposure. Here is what to do.</description><pubDate>Fri, 10 Apr 2026 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>Interventional Pain Center, PLLC: 3,171 exposed</title><link>https://myhealthconsent.org/breaches/interventional-pain-center-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/interventional-pain-center-2026/</guid><description>Interventional Pain Center, PLLC, a Tennessee pain management practice in Hendersonville and Nashville, disclosed in April 2026 a December 2025 employee email compromise exposing names, Social Security numbers, driver&apos;s licenses, dates of birth, medical history, diagnoses, treatment, and prescription information for 3,171 patients. Controlled-substance prescription records are particularly sensitive. No credit monitoring named in the public notice. Here is what to do.</description><pubDate>Thu, 09 Apr 2026 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>Option Care Health, Inc.: 1,891 exposed</title><link>https://myhealthconsent.org/breaches/option-care-health-april-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/option-care-health-april-2026/</guid><description>Option Care Health, Inc. (NASDAQ: OPCH), the largest US independent home infusion provider, filed a second HHS OCR breach report on April 6, 2026 for 1,891 individuals. This appears to be the formal HIPAA filing for the same February 2026 email-compromise incident first disclosed Feb 20 (2,086 individuals). Likely the same underlying event with finalized notification numbers. Here is what to do.</description><pubDate>Tue, 07 Apr 2026 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>Option Care Health, Inc.: 2,086 exposed</title><link>https://myhealthconsent.org/breaches/option-care-health-feb-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/option-care-health-feb-2026/</guid><description>Option Care Health, Inc. (NASDAQ: OPCH), the largest US independent home infusion provider, disclosed a February 2026 employee email account compromise exposing names, dates of birth, medical record numbers, treatment information, and health insurance data for 2,086 patients. Infusion treatment records (TPN, IVIG, antibiotics, specialty biologics) can re-identify diagnoses. Federman &amp; Sherwood reports SSN in scope. A separate April 2026 OCR filing covers a distinct second incident. Here is what to do.</description><pubDate>Tue, 07 Apr 2026 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>Pinnacle Holdings, LTD: 18,313 exposed</title><link>https://myhealthconsent.org/breaches/pinnacle-holdings-ltd-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/pinnacle-holdings-ltd-2026/</guid><description>Pinnacle Holdings, LTD, parent of Pinnacle Healthcare Consulting (a HIPAA business associate serving hospitals and physician groups), disclosed in April 2026 a November 2024 network intrusion exposing names, Social Security numbers, passports, biometrics, and clinical records for 18,313 individuals. Downstream covered entities including Providence St. Joseph Orange and Corewell Health filed separate OCR reports. Here is what to do.</description><pubDate>Tue, 07 Apr 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Heart South Cardiovascular Group, P.C.: 46,666 exposed</title><link>https://myhealthconsent.org/breaches/heart-south-cardiovascular-group-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/heart-south-cardiovascular-group-2026/</guid><description>Heart South Cardiovascular Group, a central Alabama cardiology and vascular practice operating three clinics, disclosed in April 2026 a November 2025 Rhysida ransomware attack exposing names, Social Security numbers, dates of birth, medications, and procedure information for 46,666 patients. This is Heart South&apos;s second breach in 18 months — the prior May 2024 incident settled for $500,000. 12 months credit monitoring offered. Here is what to do.</description><pubDate>Mon, 06 Apr 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Rhysida</category></item><item><title>Hospital Caribbean Medical Center: 92,000 exposed</title><link>https://myhealthconsent.org/breaches/hospital-caribbean-medical-center-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/hospital-caribbean-medical-center-2026/</guid><description>Hospital Caribbean Medical Center in Fajardo, Puerto Rico disclosed in February 2026 a ransomware attack by The Gentlemen group that exfiltrated approximately 577 GB of patient and operational data. 92,000 individuals affected. Initial Spanish-language press release did not offer credit monitoring. Here is what to do.</description><pubDate>Mon, 06 Apr 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>The Gentlemen</category></item><item><title>LifeSpring Home Care: 7,509 exposed</title><link>https://myhealthconsent.org/breaches/lifespring-home-care-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/lifespring-home-care-2026/</guid><description>LifeSpring In-Home Care Network LLC, an Oklahoma home health, hospice, and personal-care provider, disclosed in April 2026 a network intrusion exposing patient data for 7,509 individuals. Patient base skews elderly, disabled, and medically fragile. Limited public detail. Here is what to do.</description><pubDate>Mon, 06 Apr 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Village Heart &amp; Vein Center: 687 exposed</title><link>https://myhealthconsent.org/breaches/village-heart-vein-center-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/village-heart-vein-center-2026/</guid><description>Village Heart Seller, PC (d/b/a Village Heart &amp; Vein Center), a small cardiology and vein practice in The Villages, Florida, filed an HHS OCR breach on April 3, 2026 affecting 687 patients via an email account compromise. Patient base skews elderly retirees. No entity notice or class action filings have surfaced. Here is what to do.</description><pubDate>Fri, 03 Apr 2026 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>Southern Illinois Dermatology: 160,312 exposed</title><link>https://myhealthconsent.org/breaches/southern-illinois-dermatology-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/southern-illinois-dermatology-2026/</guid><description>Southern Illinois Dermatology disclosed in April 2026 a November 2025 network intrusion by the Insomnia data-theft extortion group. 160,312 patients across 13 rural Illinois clinics had names, Social Security numbers, dates of birth, and medical record numbers exposed. The Insomnia group publicly leaked sample data on its dark web site two months before the practice notified patients. No credit monitoring was offered. Here is what to do.</description><pubDate>Thu, 02 Apr 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Insomnia</category></item><item><title>Woodfords Family Services: 38,061 exposed</title><link>https://myhealthconsent.org/breaches/woodfords-family-services-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/woodfords-family-services-2026/</guid><description>Woodfords Family Services, a Maine nonprofit serving 2,000+ children and adults with autism, intellectual/developmental disabilities, and mental-health diagnoses across 13 counties, disclosed in March 2026 a 2024 Medusa ransomware attack exposing names, SSNs, driver&apos;s license, passport, and developmental-disability diagnoses. 38,061 affected. 24-month notification gap. Second ransomware breach in 18 months. 12 months Cyberscout monitoring offered. Here is what to do.</description><pubDate>Fri, 27 Mar 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Medusa</category></item><item><title>Corporación de Servicios Médicos Primarios y Prevención de Hatillo: 24,236 exposed</title><link>https://myhealthconsent.org/breaches/corporacion-de-servicios-medicos-primarios-y-prevencion-de-hatillo-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/corporacion-de-servicios-medicos-primarios-y-prevencion-de-hatillo-2026/</guid><description>Hatimedik, the Hatillo, Puerto Rico Federally Qualified Health Center serving roughly 19,000 patients across 10 service sites in north-central PR, disclosed in March 2026 a cybersecurity incident affecting 24,236 individuals. The public notice did not enumerate specific data categories or offer credit monitoring. Here is what to do.</description><pubDate>Thu, 26 Mar 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Cullen/Frost Bankers, Inc.: 4,698 exposed</title><link>https://myhealthconsent.org/breaches/cullen-frost-bankers-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/cullen-frost-bankers-2026/</guid><description>Cullen/Frost Bankers, Inc., the Texas-based parent of Frost Bank, filed an HHS OCR breach on March 26, 2026 covering 4,698 employee group health plan members. This is distinct from the larger Everest ransomware breach disclosed in April 2026 that affected 100,000+ Frost Bank customers (financial data only). Limited public detail on the HIPAA filing. Here is what to do.</description><pubDate>Thu, 26 Mar 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Securian Financial: 500 exposed</title><link>https://myhealthconsent.org/breaches/securian-financial-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/securian-financial-2026/</guid><description>Securian Financial&apos;s group health plan filed an HHS OCR breach in March 2026 classified by HIPAA Journal as &apos;hacking incident at a business associate&apos; — meaning Securian&apos;s plan was the victim, not the source. 500 individuals (placeholder figure). Business associate name, threat actor, and specific PHI categories not publicly disclosed. Here is what to do.</description><pubDate>Wed, 25 Mar 2026 00:00:00 GMT</pubDate><category>vendor-breach</category><category>ocr-open</category></item><item><title>Coastal Carolina Health Care, PA: 110,304 exposed</title><link>https://myhealthconsent.org/breaches/coastal-carolina-health-care-pa-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/coastal-carolina-health-care-pa-2026/</guid><description>Coastal Carolina Health Care, PA, a multi-specialty group based in New Bern, NC, disclosed in March 2026 a March 2025 network intrusion exposing names and Social Security numbers for 110,304 patients in Craven, Pamlico, and Carteret counties. 12 months Cyberscout credit monitoring + $1M identity theft insurance offered. Here is what to do.</description><pubDate>Tue, 24 Mar 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Mays Housecall Home Health, Inc.: 5,208 exposed</title><link>https://myhealthconsent.org/breaches/mays-housecall-home-health-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/mays-housecall-home-health-2026/</guid><description>Mays Housecall Home Health, Inc., part of the 30+-location Mays Home Care network across Texas, Oklahoma, and Kansas, disclosed in March 2026 a network intrusion exposing patient data for 5,208 home-health patients. No substitute notice posted on the entity&apos;s website. Limited public detail. Here is what to do.</description><pubDate>Sat, 21 Mar 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Orem Eye Clinic: 5,800 exposed</title><link>https://myhealthconsent.org/breaches/orem-eye-clinic-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/orem-eye-clinic-2026/</guid><description>Complete Eye Care (d/b/a Orem Eye Clinic), a Utah optometry and ophthalmology practice, was attacked by the NightSpire ransomware group in January 2026. NightSpire claims 1 TB of data exfiltrated. 5,800 patients exposed; the practice has not posted a substitute breach notice. Here is what to do.</description><pubDate>Thu, 19 Mar 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>NightSpire</category></item><item><title>The South Alabama Regional Planning Commission: 3,043 exposed</title><link>https://myhealthconsent.org/breaches/south-alabama-regional-planning-commission-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/south-alabama-regional-planning-commission-2026/</guid><description>The South Alabama Regional Planning Commission (SARPC), the Area Agency on Aging serving Mobile, Baldwin, and Escambia counties, was attacked by the Qilin ransomware group in October 2025. 3,043 elderly individuals exposed. PHI from in-home assessments, SenioRx prescription assistance, and SHIP/Medicare counseling programs likely in scope. Limited public detail. Here is what to do.</description><pubDate>Wed, 18 Mar 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Qilin</category></item><item><title>OpenLoop Health, Inc.: 716,000 exposed</title><link>https://myhealthconsent.org/breaches/openloop-health-inc-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/openloop-health-inc-2026/</guid><description>OpenLoop Health, the white-label telehealth infrastructure platform powering ~120 direct-to-consumer brands including Remedy Meds, MEDVi, JoinFridays, and Triad RX, disclosed in March 2026 a January 7 to 8 breach affecting 716,000 patients. A lone threat actor briefly posted samples claiming 1.6 million records. If you received care from any DTC telehealth brand, here is what was taken and what to do.</description><pubDate>Tue, 17 Mar 2026 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category><category>Stuckin2019</category></item><item><title>MedPeds Associates of Sarasota: 22,017 exposed</title><link>https://myhealthconsent.org/breaches/medpeds-associates-of-sarasota-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/medpeds-associates-of-sarasota-2026/</guid><description>MedPeds Associates of Sarasota, a Florida internal medicine and pediatrics group, disclosed in March 2026 a September 2025 Beast ransomware attack with approximately 400 GB of patient data exfiltrated. 22,017 patients affected. Here is what to do.</description><pubDate>Mon, 16 Mar 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Beast</category></item><item><title>illumifin Corporation: 5,385 exposed</title><link>https://myhealthconsent.org/breaches/illumifin-corporation-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/illumifin-corporation-2026/</guid><description>illumifin Corporation, a third-party administrator serving 100+ life, long-term care, health, and annuity carriers, disclosed in March 2026 a November 2025 network intrusion exposing names, Social Security numbers, dates of birth, insurance policy data, underwriting and claims data, medical records, and financial accounts for 5,385 individuals in Minnesota (97,781 aggregate across all carriers). 1-2 years identity monitoring offered. Here is what to do.</description><pubDate>Fri, 13 Mar 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Lena Health: 3,651 exposed</title><link>https://myhealthconsent.org/breaches/lena-health-bloom-circle-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/lena-health-bloom-circle-2026/</guid><description>Bloom Circle, Inc. (d/b/a Lena Health), a Houston-based AI-driven care-coordination SaaS platform serving health systems including Houston Methodist, was breached in late 2025 by the FulcrumSec extortion group. Names, dates of birth, phone numbers, medical record numbers, 7,500+ recorded patient phone calls with AI transcriptions covering erectile dysfunction, incontinence, opioid prescriptions, and cardiac surgery for 3,651 individuals exposed. No public credit monitoring offer. Here is what to do.</description><pubDate>Fri, 13 Mar 2026 00:00:00 GMT</pubDate><category>vendor-breach</category><category>ocr-open</category><category>FulcrumSec</category></item><item><title>Trinity Health Corporation: 2,740 exposed</title><link>https://myhealthconsent.org/breaches/trinity-health-health-gorilla-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/trinity-health-health-gorilla-2026/</guid><description>Trinity Health Corporation, the Livonia, Michigan-based Catholic non-profit health system with 90+ hospitals across 26 states, disclosed in March 2026 that its records were extracted through an abused Health Information Exchange (HIE) pipeline operated by Health Gorilla. Records allegedly funneled to third-party health-tech firms for mass-tort marketing rather than treatment. 2,740 Trinity patients exposed. Trinity is suing Health Gorilla; patients are suing Trinity. Cyberscout monitoring offered. Here is what to do.</description><pubDate>Fri, 13 Mar 2026 00:00:00 GMT</pubDate><category>vendor-breach</category><category>class-action-filed</category></item><item><title>True RCM: 1,247 exposed</title><link>https://myhealthconsent.org/breaches/true-rcm-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/true-rcm-2026/</guid><description>True RCM (a Rapid Care Transcription, Inc. subsidiary), a Maryland-based revenue cycle management vendor for healthcare providers, disclosed a November 2025 endpoint compromise exposing names, Social Security numbers, driver&apos;s licenses, admission dates, diagnoses, care provider names, and treatment facilities for 1,247 patients. Comprehensive Rehab Consultants LLC named as upstream covered entity. 24 months Cyberscout monitoring offered. Here is what to do.</description><pubDate>Fri, 13 Mar 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>University of Pittsburgh Medical Center: 687 exposed</title><link>https://myhealthconsent.org/breaches/upmc-health-gorilla-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/upmc-health-gorilla-2026/</guid><description>The University of Pittsburgh Medical Center (UPMC) disclosed in March 2026 that its patient records were extracted through an abused Health Information Exchange (HIE) pipeline operated by Health Gorilla. Records funneled to law firms under sham NPIs and a &apos;treatment purposes&apos; pretext. 687 UPMC patients exposed. Parallel to Trinity Health 2026 filing. No SSN; clinical notes, visit reasons, diagnoses exposed. No credit monitoring offered (no financial data in scope). Here is what to do.</description><pubDate>Fri, 13 Mar 2026 00:00:00 GMT</pubDate><category>vendor-breach</category><category>ocr-open</category></item><item><title>Good Samaritan Health Center: 10,000 exposed</title><link>https://myhealthconsent.org/breaches/good-samaritan-health-center-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/good-samaritan-health-center-2026/</guid><description>Good Samaritan Health Center, an Atlanta charitable safety-net clinic, disclosed in March 2026 a February 2026 ransomware attack exposing names, dates of birth, ZIP codes, and limited clinical information for 10,000 uninsured and underinsured patients. SSN and financial data not in scope. No credit monitoring offered. Here is what to do.</description><pubDate>Thu, 12 Mar 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category></item><item><title>Team Select: 949 exposed</title><link>https://myhealthconsent.org/breaches/team-select-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/team-select-2026/</guid><description>Team Select Home Care, a national pediatric and adult home health provider headquartered in Phoenix, AZ, was caught in the Doctor Alliance vendor breach also affecting BAYADA, Amedisys, and LHC Group. 949 Arizona patients exposed — likely medically complex pediatric Medicaid/CHIP children. Threat actor &apos;Kazu&apos; demanded $200K ransom. Here is what to do.</description><pubDate>Thu, 12 Mar 2026 00:00:00 GMT</pubDate><category>vendor-breach</category><category>ocr-open</category><category>Kazu</category></item><item><title>Austin Plastic &amp; Reconstructive Surgery: 4,266 exposed</title><link>https://myhealthconsent.org/breaches/austin-plastic-reconstructive-surgery-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/austin-plastic-reconstructive-surgery-2026/</guid><description>Austin Plastic &amp; Reconstructive Surgery, a Texas plastic surgery practice specializing in microvascular breast reconstruction for breast cancer patients, was attacked by the 3AM (ThreeAM) ransomware group in July 2025 and listed on the leak site August 10, 2025. Names, Social Security numbers, driver&apos;s licenses, passport numbers, financial account numbers, medical, and health insurance data for 4,266 patients exposed. Credit monitoring offered to SSN-affected subset. Here is what to do.</description><pubDate>Wed, 11 Mar 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>3AM (ThreeAM)</category></item><item><title>Delta Medical Systems, Inc.: 1,574 exposed</title><link>https://myhealthconsent.org/breaches/delta-medical-systems-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/delta-medical-systems-2026/</guid><description>Delta Medical Systems, Inc., a Wisconsin-based Siemens Healthineers Advanced Partner serving rural hospitals and ASCs across WI, MN, IL, and MI, disclosed a July 2025 employee email compromise exposing names, Social Security numbers, driver&apos;s licenses, bank account information, medical, and health insurance data for 1,574 individuals (1,869 total notified). 12 months TransUnion identity protection offered to SSN-affected. Here is what to do.</description><pubDate>Tue, 10 Mar 2026 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>Renovo Chiropractic &amp; Wellness LLC: 538 exposed</title><link>https://myhealthconsent.org/breaches/renovo-chiropractic-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/renovo-chiropractic-2026/</guid><description>Renovo Chiropractic &amp; Wellness in Auburn, Washington, disclosed a January 2026 break-in at an off-site archived storage facility. Approximately three years (2021-2024) of paper Explanation of Benefits documents stolen, containing names, insurance IDs, and diagnosis codes for 538 patients. No SSN, financial data, or contact info in scope. No credit monitoring offered. Here is what to do.</description><pubDate>Tue, 10 Mar 2026 00:00:00 GMT</pubDate><category>physical-theft</category><category>ocr-open</category></item><item><title>Barrio Comprehensive Family Health Care Center: 19,971 exposed</title><link>https://myhealthconsent.org/breaches/barrio-comprehensive-family-health-care-center-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/barrio-comprehensive-family-health-care-center-2026/</guid><description>Barrio Comprehensive Family Health Care Center (operating as CommuniCare Health Centers), a San Antonio FQHC serving Bexar, Kendall, Hays, and Comal counties, disclosed in March 2026 a September 2025 employee email compromise exposing names, dates of birth, health insurance, and clinical information for 19,971 patients. No SSN or financial data in scope. Here is what to do.</description><pubDate>Sun, 08 Mar 2026 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>Cedar Valley Hospice: 10,666 exposed</title><link>https://myhealthconsent.org/breaches/cedar-valley-hospice-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/cedar-valley-hospice-2026/</guid><description>Cedar Valley Hospice, Northeast Iowa&apos;s largest hospice and palliative-care nonprofit since 1979, disclosed in March 2026 a November 2025 network intrusion exposing names, Social Security numbers, driver&apos;s licenses, health information, and financial account information for 10,666 patients and family caregivers. End-of-life context. 12 months Kroll monitoring offered. Here is what to do.</description><pubDate>Fri, 06 Mar 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Community Health Action of Staten Island: 501 exposed</title><link>https://myhealthconsent.org/breaches/community-health-action-staten-island-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/community-health-action-staten-island-2026/</guid><description>Community Health Action of Staten Island (CHASI), a NYC nonprofit providing harm reduction, HIV/AIDS, syringe exchange, and substance use services, suffered a November 2025 - January 2026 ransomware attack by GENESIS. Group claims ~200,000 records including ~60,000 HIV testing patient records. Massachusetts AG filing adds SSN and bank account data. 2 years Experian IdentityWorks offered. 42 CFR Part 2 implications. Here is what to do.</description><pubDate>Fri, 06 Mar 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>GENESIS</category></item><item><title>Metrocare Services: 602 exposed</title><link>https://myhealthconsent.org/breaches/metrocare-services-mar-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/metrocare-services-mar-2026/</guid><description>Dallas County MHMR (d/b/a Metrocare Services), Dallas&apos;s primary mental health and IDD authority, filed a second HHS OCR breach in March 2026 affecting 602 individuals via combined Email and Other Portable Electronic Device. Follows the larger October 2025 incident (8,599 individuals). Likely lost laptop or tablet with cached email. 42 CFR Part 2 implications. No public notice. Here is what to do.</description><pubDate>Fri, 06 Mar 2026 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>North Texas Behavioral Health Authority: 285,086 exposed</title><link>https://myhealthconsent.org/breaches/north-texas-behavioral-health-authority-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/north-texas-behavioral-health-authority-2026/</guid><description>The North Texas Behavioral Health Authority disclosed in March 2026 a network intrusion that exposed names, Social Security numbers, driver&apos;s license numbers, and mental-health treatment information for 285,086 people across Dallas, Ellis, Hunt, Kaufman, Navarro, and Rockwall counties. If you received care from NTBHA or any provider in its network, here is what was taken and what to do.</description><pubDate>Fri, 06 Mar 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Saint Anthony Hospital: 146,108 exposed</title><link>https://myhealthconsent.org/breaches/saint-anthony-hospital-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/saint-anthony-hospital-2026/</guid><description>Saint Anthony Hospital in Chicago disclosed in March 2026 that a February 2025 unauthorized access to two employee email accounts exposed Social Security numbers, medical record numbers, diagnoses, and prescription information for 146,108 patients. Final OCR count revised up from initial 6,679 estimate. No credit monitoring offered. Here is what to do.</description><pubDate>Fri, 06 Mar 2026 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>Tieu Dental Corporation: 8,918 exposed</title><link>https://myhealthconsent.org/breaches/tieu-dental-corporation-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/tieu-dental-corporation-2026/</guid><description>Tieu Dental Corporation (operating as South Bay Oral &amp; Maxillofacial Surgery), a California oral surgery practice with two Bay Area offices, disclosed in March 2026 a July 2025 network intrusion exposing names, Social Security numbers, medical records, treatment plans, prescriptions, and health insurance information for 8,918 patients. 12 months Experian IdentityWorks offered. Here is what to do.</description><pubDate>Thu, 05 Mar 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Longevity Health Plan: 15,000 exposed</title><link>https://myhealthconsent.org/breaches/longevity-health-plan-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/longevity-health-plan-2026/</guid><description>Longevity Health Plan, a Florida-based Medicare Advantage Institutional Special Needs Plan exclusively serving long-term care and assisted-living residents across 7 states, disclosed in March 2026 a network intrusion exposing names, Medicare beneficiary identifiers, and medical information for 15,000 elderly members. Here is what to do.</description><pubDate>Wed, 04 Mar 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Murray County Medical Center: 5,073 exposed</title><link>https://myhealthconsent.org/breaches/murray-county-medical-center-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/murray-county-medical-center-2026/</guid><description>Murray County Medical Center (MCMC), a 25-bed county-owned critical access hospital in Slayton, Minnesota, disclosed in March 2026 an August 2025 network intrusion with 5+ months dwell time. Names, Social Security numbers, driver&apos;s licenses, dates of birth, health insurance, and medical treatment history for 5,073 individuals exposed. Kroll-assisted response and credit monitoring offered. Here is what to do.</description><pubDate>Wed, 04 Mar 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Access Information Management Shared Services, LLC: 1,522 exposed</title><link>https://myhealthconsent.org/breaches/access-information-management-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/access-information-management-2026/</guid><description>Access Information Management Shared Services, LLC, a Woburn, Massachusetts records-management vendor providing paper storage, secure shredding, scanning, and electronic records hosting to healthcare clients, filed an HHS OCR breach on February 28, 2026 affecting 1,522 individuals. No entity notice, AG filing, or press coverage has surfaced. Downstream covered entities not yet named. Here is what to do.</description><pubDate>Sat, 28 Feb 2026 00:00:00 GMT</pubDate><category>vendor-breach</category><category>ocr-open</category></item><item><title>Insurance ACE / Humana Inc.: 1,000 exposed</title><link>https://myhealthconsent.org/breaches/insurance-ace-humana-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/insurance-ace-humana-2026/</guid><description>Humana Inc.&apos;s &apos;Insurance ACE&apos; (Affiliated Covered Entity — the umbrella of Humana&apos;s insurance subsidiaries) filed an HHS OCR breach for 1,000 individuals in February 2026. A separate but contemporaneous incident saw Humana&apos;s outside counsel, law firm Pillsbury Winthrop Shaw Pittman, compromised in a February 27, 2026 social-engineering attack exposing 2,104+ Texas-resident PHI records from litigation discovery files. Names, Social Security numbers, health insurance, and medical information exposed. Class action filed in W.D. Kentucky. What To Do.</description><pubDate>Sat, 28 Feb 2026 00:00:00 GMT</pubDate><category>vendor-breach</category><category>class-action-filed</category></item><item><title>Aetna: 10,888 exposed</title><link>https://myhealthconsent.org/breaches/aetna-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/aetna-2026/</guid><description>Aetna (a CVS Health subsidiary) disclosed in February 2026 two paired 2025 mailing-vendor errors that included member names in letters sent to other plan members. 10,888 + 775 affected (combined 11,663). Root cause was a third-party mailing vendor, not a cyber intrusion. Minimal PHI exposure. Credit monitoring offered. Here is what to do.</description><pubDate>Fri, 27 Feb 2026 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>IPPC Inc., IPPC of New York LLC, and Innovative Pharmacy LLC: 133,862 exposed</title><link>https://myhealthconsent.org/breaches/ippc-inc-ippc-of-new-york-llc-and-innovative-pharmacy-llc-collectively-ippc-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/ippc-inc-ippc-of-new-york-llc-and-innovative-pharmacy-llc-collectively-ippc-2026/</guid><description>IPPC, the long-term care pharmacy network operating IPPC Inc., IPPC of New York LLC, and Innovative Pharmacy LLC, disclosed in February 2026 a September 2025 network intrusion exposing names, Social Security numbers, driver&apos;s license numbers, payment card information, passport numbers, Medicare/Medicaid IDs, and prescription data for 133,862 patients across NJ, NY, PA, DE, MD, and VA. 24 months Cyberscout monitoring offered. Federal class action already filed. Here is what to do.</description><pubDate>Fri, 27 Feb 2026 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>Lakeside Pediatrics &amp; Adolescent Medicine, PLLC: 34,154 exposed</title><link>https://myhealthconsent.org/breaches/lakeside-pediatrics-and-adolescent-medicine-pllc-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/lakeside-pediatrics-and-adolescent-medicine-pllc-2026/</guid><description>Lakeside Pediatrics &amp; Adolescent Medicine, PLLC, a Coeur d&apos;Alene, Idaho pediatric practice, disclosed in February 2026 a late-2024 network intrusion exposing names, Social Security numbers, dates of birth, and medical information for 34,154 patients — overwhelmingly minor patients. 14-month delay between discovery and notification. Cyberscout 12-month monitoring offered. Here is what to do.</description><pubDate>Fri, 27 Feb 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>LHC Group: 8,644 exposed</title><link>https://myhealthconsent.org/breaches/lhc-group-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/lhc-group-2026/</guid><description>LHC Group, a major US home health and hospice provider and UnitedHealth/Optum subsidiary since 2023, disclosed in February 2026 that its third-party vendor Doctor Alliance suffered a November 2025 network intrusion. 8,644 LHC Group patients exposed. Same root cause as BAYADA and Amedisys vendor breaches. Here is what to do.</description><pubDate>Fri, 27 Feb 2026 00:00:00 GMT</pubDate><category>vendor-breach</category><category>ocr-open</category><category>Kazu</category></item><item><title>Nephrology Associates Medical Group, Inc.: 4,631 exposed</title><link>https://myhealthconsent.org/breaches/nephrology-associates-medical-group-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/nephrology-associates-medical-group-2026/</guid><description>Nephrology Associates Medical Group (NAMG), a 16-office California nephrology practice serving the Inland Empire and Coachella Valley, disclosed in February 2026 a May 2025 employee email compromise exposing names, Social Security numbers, dates of birth, treatment records, health insurance, and billing data for 4,631 dialysis and CKD patients. No credit monitoring offered. Here is what to do.</description><pubDate>Fri, 27 Feb 2026 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>BMG of Kansas, Inc.: 1,327 exposed</title><link>https://myhealthconsent.org/breaches/bmg-of-kansas-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/bmg-of-kansas-2026/</guid><description>BMG of Kansas, Inc., a family-owned Hesston, Kansas metal manufacturer with ~70 employees, was attacked by the Qilin ransomware group in October 2025. The HHS OCR filing for 1,327 individuals covers BMG&apos;s self-sponsored employee group health plan (current and former employees plus dependents). Names, Social Security numbers, driver&apos;s licenses, financial accounts, medical, and health insurance data exposed. 12 months Experian monitoring offered. Here is what to do.</description><pubDate>Thu, 26 Feb 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Qilin</category></item><item><title>Couve Healthcare Consulting, LLC DBA Evergreen Healthcare Group: 11,795 exposed</title><link>https://myhealthconsent.org/breaches/couve-healthcare-consulting-llc-dba-evergreen-healthcare-group-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/couve-healthcare-consulting-llc-dba-evergreen-healthcare-group-2026/</guid><description>Couve Healthcare Consulting, operating as Evergreen Healthcare Group, a Vancouver, WA management services organization for 50+ senior care communities across 7 states, disclosed in February 2026 a December 2025 Medusa ransomware attack. Approximately 143 GB exfiltrated. 11,795 affected. Two federal class actions filed in W.D. Washington. 12-24 months Cyberscout monitoring offered. Here is what to do.</description><pubDate>Thu, 26 Feb 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category><category>Medusa</category></item><item><title>Manhattan Retirement Foundation d/b/a Meadowlark Hills: 14,442 exposed</title><link>https://myhealthconsent.org/breaches/manhattan-retirement-foundation-d-b-a-meadowlark-hills-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/manhattan-retirement-foundation-d-b-a-meadowlark-hills-2026/</guid><description>Meadowlark Hills, a Manhattan, Kansas continuing-care retirement community, disclosed in February 2026 a July 2025 Beast ransomware attack with approximately 750 GB of data claimed exfiltrated. 14,442 affected. Resident population is overwhelmingly elderly with high vulnerability to identity theft. 12 months Cyberscout monitoring offered. Here is what to do.</description><pubDate>Thu, 26 Feb 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Beast</category></item><item><title>QualDerm Partners, LLC: 3,117,874 exposed</title><link>https://myhealthconsent.org/breaches/qualderm-partners-llc-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/qualderm-partners-llc-2026/</guid><description>The QualDerm Partners data breach disclosed February 2026 exposed personal and medical information for 3,117,874 patients across 158 dermatology practices in 17 states. If you received a notification letter from QualDerm or any of its affiliated practices (Pinnacle Dermatology, Cumberland Skin Surgery, Webster Dermatology, and dozens more), here is what was taken and what to do.</description><pubDate>Sun, 22 Feb 2026 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>The Center for Advanced Eye Care: 9,300 exposed</title><link>https://myhealthconsent.org/breaches/the-center-for-advanced-eye-care-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/the-center-for-advanced-eye-care-2026/</guid><description>The Center for Advanced Eye Care, a Wilmington, Delaware ophthalmology practice serving Delaware and southeast Pennsylvania, disclosed in February 2026 a December 2025 network intrusion exposing names, Social Security numbers, dates of birth, and medical information for 9,300 patients. Threat actor &apos;Frenshyny&apos; listed stolen data for sale on an open-web forum. Cyberscout monitoring offered. Here is what to do.</description><pubDate>Fri, 20 Feb 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category><category>Frenshyny</category></item><item><title>Benton County Health: 1,476 exposed</title><link>https://myhealthconsent.org/breaches/benton-county-health-oregon-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/benton-county-health-oregon-2026/</guid><description>Benton County Health Services, the Corvallis, Oregon public health and behavioral health agency, disclosed a vendor data breach affecting 1,476 county residents. The incident matches the TriZetto Provider Solutions vendor pattern affecting multiple Oregon county health agencies. Behavioral health, mental health, addictions, and DD services clients potentially in scope. Here is what to do.</description><pubDate>Thu, 19 Feb 2026 00:00:00 GMT</pubDate><category>vendor-breach</category><category>ocr-open</category></item><item><title>Builders FirstSource Flex Plan: 1,514 exposed</title><link>https://myhealthconsent.org/breaches/builders-firstsource-flex-plan-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/builders-firstsource-flex-plan-2026/</guid><description>Builders FirstSource, Inc., the NYSE-listed building products company, filed an HHS OCR breach for 1,514 Flex Plan members tied to a December 2025 Leaknet ransomware attack on its Alpine Lumber subsidiary. Names, Social Security numbers, dates of birth, driver&apos;s licenses, passports, financial accounts, health insurance, and medical information exposed. Credit monitoring offered. Here is what to do.</description><pubDate>Wed, 18 Feb 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Leaknet</category></item><item><title>Resource Corporation of America: 501 exposed</title><link>https://myhealthconsent.org/breaches/resource-corporation-of-america-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/resource-corporation-of-america-2026/</guid><description>Resource Corporation of America (RCA), a Texas-based revenue cycle vendor that screens uninsured hospital patients for Medicaid, charity care, and ACA coverage, was hit by both Medusa AND Qilin ransomware groups in December 2025. ~70 GB of eligibility records leaked publicly after RCA refused an $800,000 ransom. Names, Social Security numbers, household income, household composition, Medicaid IDs, and diagnoses exposed. No credit monitoring offered. Here is what to do.</description><pubDate>Wed, 18 Feb 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Medusa + Qilin (double extortion by two separate groups)</category></item><item><title>Easterseals Arc of Northeast Indiana: 3,158 exposed</title><link>https://myhealthconsent.org/breaches/easterseals-northeast-indiana-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/easterseals-northeast-indiana-2026/</guid><description>Easterseals Arc of Northeast Indiana, a Fort Wayne-based nonprofit serving children and adults with disabilities, autism, and developmental delays, was attacked by the INC RANSOM ransomware group in September 2025. The group claimed 405 GB exfiltrated and posted to its leak site. Names, Social Security numbers, health insurance, medical, and treatment information for 3,158 vulnerable clients exposed. Cyberscout credit monitoring offered. Here is what to do.</description><pubDate>Tue, 17 Feb 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>INC RANSOM</category></item><item><title>Emanuel Medical Center: 28,963 exposed</title><link>https://myhealthconsent.org/breaches/emanuel-medical-center-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/emanuel-medical-center-2026/</guid><description>Emanuel Medical Center, a 72-bed county hospital in Swainsboro, Georgia, disclosed in February 2026 a May 2025 network intrusion exposing names, Social Security numbers, driver&apos;s license numbers, diagnoses, prescriptions, and lab reports for 28,963 patients. Here is what to do.</description><pubDate>Tue, 17 Feb 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>44North: 2,158 exposed</title><link>https://myhealthconsent.org/breaches/44north-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/44north-2026/</guid><description>44North (operating as Acrisure Great Lakes), a Cadillac, Michigan dually-licensed third-party administrator and insurance broker, was hit by a May 2025 ransomware attack with 9-month notification delay. 2,158 individuals affected. Names and other personal identifiers exposed. 12-month Kroll fraud specialist access offered. Here is what to do.</description><pubDate>Mon, 16 Feb 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category></item><item><title>AltaMed Health Services Corporation: 501 exposed</title><link>https://myhealthconsent.org/breaches/altamed-health-services-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/altamed-health-services-2026/</guid><description>AltaMed Health Services Corporation, California&apos;s largest community health center network serving nearly 300,000 Hispanic/Latino patients annually across 50 sites in LA and Orange County, disclosed a November 2025 network intrusion. Names, Social Security numbers, dates of service, payment information, and employee compensation data exposed. Multiple plaintiffs&apos; firms investigating. Here is what to do.</description><pubDate>Mon, 16 Feb 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Academic Urology &amp; Urogynecology of Arizona: 73,281 exposed</title><link>https://myhealthconsent.org/breaches/academic-urology-and-urogynecology-of-arizona-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/academic-urology-and-urogynecology-of-arizona-2026/</guid><description>Academic Urology &amp; Urogynecology of Arizona, a Palo Verde Hematology and Oncology division operating seven Arizona clinics, disclosed in February 2026 a May 2025 INC RANSOM ransomware attack exposing names, Social Security numbers, urology / urogynecology diagnoses, and prescription information for 73,281 patients. 12 months Experian IdentityWorks offered. Here is what to do.</description><pubDate>Fri, 13 Feb 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>INC RANSOM</category></item><item><title>National Association on Drug Abuse Problems: 90,000 exposed</title><link>https://myhealthconsent.org/breaches/national-association-on-drug-abuse-problems-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/national-association-on-drug-abuse-problems-2026/</guid><description>The National Association on Drug Abuse Problems (NADAP), a New York nonprofit substance-use care coordination and NYC Health + Hospitals Lead Health Home contractor, disclosed in March 2026 a November 2025 ransomware attack by the Genesis group. 90,000 affected including 5,086 NYC H+H Lead Health Home patients. Highly sensitive substance-use treatment data potentially in scope. Here is what to do.</description><pubDate>Fri, 13 Feb 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Genesis</category></item><item><title>VPS Medical PLLC: 4,600 exposed</title><link>https://myhealthconsent.org/breaches/vps-medical-pllc-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/vps-medical-pllc-2026/</guid><description>VPS Medical PLLC filed an HHS OCR breach on February 13, 2026 affecting 4,600 Pennsylvania patients. As of mid-May 2026, the entity is not publicly verifiable through the NPI Registry, PA AG portal, HIPAA Journal, or DataBreaches.net. No entity notice, AG filing, or press coverage has surfaced. Here is what to do.</description><pubDate>Fri, 13 Feb 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Alexes Hazen MD, PLLC: 500 exposed</title><link>https://myhealthconsent.org/breaches/alexes-hazen-md-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/alexes-hazen-md-2026/</guid><description>Alexes Hazen MD, PLLC, an Upper East Side Manhattan plastic surgery private practice led by NYU Langone clinical associate professor Dr. Alexes Hazen specializing in breast cancer reconstruction, disclosed a June-July 2025 network intrusion discovered January 2026. Names, Social Security numbers, government IDs, medical history, and pre/post-op clinical photographs for 500+ patients exposed. Here is what to do.</description><pubDate>Thu, 12 Feb 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Cedar Point Health, LLC: 23,114 exposed</title><link>https://myhealthconsent.org/breaches/cedar-point-health-llc-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/cedar-point-health-llc-2026/</guid><description>Cedar Point Health, a multi-specialty medical group operating seven clinics across western Colorado, disclosed in February 2026 a June 2025 network intrusion exposing names, Social Security numbers, driver&apos;s licenses, passport numbers, financial account information, and clinical records for 23,114 patients. 12 months Kroll monitoring offered. Here is what to do.</description><pubDate>Thu, 12 Feb 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Counseling Center of Wayne &amp; Holmes Counties: 83,354 exposed</title><link>https://myhealthconsent.org/breaches/counseling-center-of-wayne-and-holmes-counties-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/counseling-center-of-wayne-and-holmes-counties-2026/</guid><description>The Counseling Center of Wayne &amp; Holmes Counties, an Ohio community behavioral-health provider, disclosed in February 2026 a March 2025 network breach exposing names, Social Security numbers, driver&apos;s licenses, medical records, and diagnoses for 83,354 patients. Substance-use treatment records protected under 42 CFR Part 2 are likely in scope. Here is what to do.</description><pubDate>Mon, 09 Feb 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Wendy Foster OD: 20,000 exposed</title><link>https://myhealthconsent.org/breaches/wendy-foster-od-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/wendy-foster-od-2026/</guid><description>Wendy Foster, O.D., a Wichita, Kansas optometry practice operating as Vision Care 4Life, was affected by a December 2025 ransomware attack exposing names, Social Security numbers, dates of birth, vision diagnostics, and medical records for 20,000 patients. Reported to HHS OCR February 2026. Here is what to do.</description><pubDate>Mon, 09 Feb 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category></item><item><title>Cottage Hospital: 2,156 exposed</title><link>https://myhealthconsent.org/breaches/cottage-hospital-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/cottage-hospital-2026/</guid><description>Cottage Hospital, a 25-bed independent critical access hospital in Woodsville, New Hampshire serving the Connecticut River Valley, was attacked by the Qilin ransomware group in October 2025. Names, Social Security numbers, driver&apos;s licenses, and bank account information for ~2,156 individuals exposed (primarily employees and employee-patients). 12 months Experian IdentityWorks offered. Here is what to do.</description><pubDate>Fri, 06 Feb 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Qilin</category></item><item><title>Marin Cancer Care: 501 exposed</title><link>https://myhealthconsent.org/breaches/marin-cancer-care-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/marin-cancer-care-2026/</guid><description>Marin Cancer Care, a Greenbrae, California community oncology practice founded 1952, disclosed a November-December 2025 network intrusion exposing names, medical information, and health insurance for 501 patients. No ransomware group claimed; multiple plaintiffs&apos; firms investigating. Cyberscout monitoring offered. Here is what to do.</description><pubDate>Fri, 06 Feb 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Triad Radiology Associates: 11,011 exposed</title><link>https://myhealthconsent.org/breaches/triad-radiology-associates-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/triad-radiology-associates-2026/</guid><description>Triad Radiology Associates, a Winston-Salem NC private radiology practice affiliated with Novant Health, disclosed in February 2026 a July 2025 employee email compromise exposing names, Social Security numbers, driver&apos;s licenses, bank account information, dates of birth, medical information, and health insurance for 11,011 patients. 196 days from discovery to notification (well past HIPAA&apos;s 60-day rule). 12 months credit monitoring offered. Class actions filed in NC Business Court. Here is what to do.</description><pubDate>Fri, 06 Feb 2026 00:00:00 GMT</pubDate><category>phishing</category><category>class-action-filed</category></item><item><title>TriZetto Provider Solutions: 3,433,965 exposed</title><link>https://myhealthconsent.org/breaches/trizetto-provider-solutions-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/trizetto-provider-solutions-2026/</guid><description>The TriZetto Provider Solutions data breach, disclosed February 2026, exposed Social Security numbers, Medicare Beneficiary IDs, and health insurance data for 3,433,965 Americans across 44+ downstream healthcare providers. If you received a notification letter from TriZetto, Kroll, or any provider naming TriZetto, here is what was taken and what to do.</description><pubDate>Fri, 06 Feb 2026 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>Apex Spine &amp; Neurosurgery, LLC: 2,500 exposed</title><link>https://myhealthconsent.org/breaches/apex-spine-neurosurgery-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/apex-spine-neurosurgery-2026/</guid><description>Apex Spine &amp; Neurosurgery, LLC, a three-location Georgia neurosurgery and minimally invasive spine practice, was hit by the Interlock ransomware group in December 2025. Interlock claims 20 GB exfiltrated and listed Apex on its leak site January 6, 2026. Names, Social Security numbers, driver&apos;s licenses, passport numbers, prescription information, and diagnosis codes for 2,500 patients exposed. EMR data preserved. Credit monitoring offered. Here is what to do.</description><pubDate>Thu, 05 Feb 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Interlock</category></item><item><title>WIRX Pharmacy: 20,047 exposed</title><link>https://myhealthconsent.org/breaches/wirx-pharmacy-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/wirx-pharmacy-2026/</guid><description>WIRX Pharmacy, a Pennsylvania workers&apos; compensation specialty pharmacy, disclosed in February 2026 a December 2025 network intrusion exposing names, Social Security numbers, dates of birth, prescription information, and workers&apos; compensation claim data for 20,047 injured-worker patients. 12 months credit monitoring offered. Here is what to do.</description><pubDate>Thu, 05 Feb 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Issaqueena Pediatric Dentistry PA: 501 exposed</title><link>https://myhealthconsent.org/breaches/issaqueena-pediatric-dentistry-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/issaqueena-pediatric-dentistry-2026/</guid><description>Issaqueena Pediatric Dentistry &amp; Orthodontics, an upstate South Carolina pediatric dental practice with three locations, was attacked by the Interlock ransomware group in November 2025. Names, Social Security numbers, dates of birth, government IDs, medical, and financial information for 501 pediatric patients exposed; ~118 GB leaked publicly after Interlock cited &apos;low security.&apos; 12 months IDX monitoring offered. Here is what to do.</description><pubDate>Wed, 04 Feb 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Interlock</category></item><item><title>Personalis, Inc.: 650 exposed</title><link>https://myhealthconsent.org/breaches/personalis-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/personalis-2026/</guid><description>Personalis, Inc. (NASDAQ: PSNL), a publicly-traded cancer genomics company and sole sequencing provider to the VA Million Veteran Program, disclosed an HHS OCR breach for 650 individuals via email compromise in February 2026. Genomic data exposure carries lifetime implications for blood relatives. Specific PHI categories and remediation not publicly itemized. Here is what to do.</description><pubDate>Wed, 04 Feb 2026 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>ApolloMD Business Services, LLC: 626,540 exposed</title><link>https://myhealthconsent.org/breaches/apollomd-business-services-llc-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/apollomd-business-services-llc-2026/</guid><description>ApolloMD Business Services, the Atlanta-based emergency-medicine and hospitalist staffing firm, disclosed in September 2025 that the Qilin ransomware group stole 238 GB of patient data from its network in May 2025. 626,540 individuals affected across 11 physician-practice clients. A $4.02M settlement is already in preliminary approval. Here is what to do.</description><pubDate>Mon, 02 Feb 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>settled</category><category>Qilin</category></item><item><title>Fair Oaks Ortho P.C.: 1,544 exposed</title><link>https://myhealthconsent.org/breaches/fair-oaks-ortho-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/fair-oaks-ortho-2026/</guid><description>Fair Oaks Ortho P.C., a solo hand, wrist, elbow, and shoulder orthopedic practice in Fairfax, Virginia led by Dr. Stephen W. Pournaras, Jr., filed an HHS OCR breach in February 2026 affecting 1,544 patients via an email account compromise. Specific PHI categories not yet publicly disclosed. Here is what to do.</description><pubDate>Mon, 02 Feb 2026 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>BAYADA Home Health Care, Inc.: 9,526 exposed</title><link>https://myhealthconsent.org/breaches/bayada-home-health-care-inc-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/bayada-home-health-care-inc-2026/</guid><description>BAYADA Home Health Care disclosed in January 2026 that its third-party vendor Doctor Alliance suffered a November 2025 network intrusion exposing names, dates of birth, diagnoses, prescription information, and (for some) Social Security numbers for 9,526 BAYADA home-health patients. Doctor Alliance was BAYADA&apos;s vendor for facilitating physician signatures on home-health certifications. 12 months Experian monitoring offered. Here is what to do.</description><pubDate>Fri, 30 Jan 2026 00:00:00 GMT</pubDate><category>vendor-breach</category><category>ocr-open</category></item><item><title>High Point Treatment Center, Inc.: 25,832 exposed</title><link>https://myhealthconsent.org/breaches/high-point-treatment-center-inc-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/high-point-treatment-center-inc-2026/</guid><description>High Point Treatment Center, a Massachusetts substance-use-disorder and behavioral-health nonprofit operating since 1996, disclosed a 2025 Abyss ransomware attack that exfiltrated approximately 1.8 TB of patient and employee records. Updated to HHS OCR in January 2026 at 25,832 affected. 24 months Cyberscout monitoring offered. Here is what to do.</description><pubDate>Fri, 30 Jan 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Abyss</category></item><item><title>Health and Hospital Corporation of Marion County: 792 exposed</title><link>https://myhealthconsent.org/breaches/marion-county-public-health-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/marion-county-public-health-2026/</guid><description>The Health and Hospital Corporation of Marion County (HHC), the municipal authority operating the Marion County Public Health Department in Indianapolis, disclosed a January 2026 insider-snooping incident. An MCPHD lab employee accessed records of 792 clients beyond their job duties — names, email addresses, dates of birth, and lab results. No SSN or financial data. Here is what to do.</description><pubDate>Fri, 30 Jan 2026 00:00:00 GMT</pubDate><category>insider-threat</category><category>ocr-open</category></item><item><title>Cashflow Solutions, LLC: 1,007 exposed</title><link>https://myhealthconsent.org/breaches/cashflow-solutions-lympha-press-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/cashflow-solutions-lympha-press-2026/</guid><description>Cashflow Solutions, LLC (d/b/a Lympha Press), a Chadds Ford, Pennsylvania durable medical equipment supplier providing pneumatic compression therapy systems for lymphedema, lipedema, and venous insufficiency patients, filed an HHS OCR breach on January 28, 2026 affecting 1,007 individuals via unauthorized access at email. No entity notice or AG filing has surfaced. Here is what to do.</description><pubDate>Wed, 28 Jan 2026 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Clinic Service Corporation: 82,331 exposed</title><link>https://myhealthconsent.org/breaches/clinic-service-corporation-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/clinic-service-corporation-2026/</guid><description>Clinic Service Corporation, a Denver-based medical billing and revenue cycle management business associate serving Colorado practices since 1974, disclosed in January 2026 an August 2025 network intrusion exposing names, addresses, dates of birth, payment card information, diagnoses, and treatment data for 82,331 patients across many CSC client practices. 12 months Cyberscout credit monitoring offered. Here is what to do.</description><pubDate>Wed, 28 Jan 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Wound Technology Network, Inc.: 139,830 exposed</title><link>https://myhealthconsent.org/breaches/wound-technology-network-inc-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/wound-technology-network-inc-2026/</guid><description>Woundtech, the Orlando-based mobile wound-care provider, disclosed in March 2026 a December 2025 network intrusion by the FulcrumSec data-theft extortion group. The actor claimed 3.8 TB exfiltrated including 4.6 million clinical notes, 85,000 referral documents, and 93,000 wound photographs. 139,830 patients exposed. No credit monitoring offered. Here is what to do.</description><pubDate>Wed, 28 Jan 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category><category>FulcrumSec</category></item><item><title>Central States Dermatology Services, LLC: 4,626 exposed</title><link>https://myhealthconsent.org/breaches/central-states-dermatology-docs-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/central-states-dermatology-docs-2026/</guid><description>Central States Dermatology Services, LLC (d/b/a DOCS Dermatology Group), an Ohio-based dermatology platform with 85+ locations and 190+ providers across 10 states, disclosed a November 2025 network intrusion. The Illinois HHS OCR filing covers 4,626 patients. Names, Social Security numbers, dates of birth, treatment, prescriptions, Medicare/Medicaid IDs, and billing data exposed. No credit monitoring vendor named in public notice. Here is what to do.</description><pubDate>Mon, 26 Jan 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Coastal Skin Surgery &amp; Dermatology: 6,173 exposed</title><link>https://myhealthconsent.org/breaches/coastal-skin-surgery-dermatology-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/coastal-skin-surgery-dermatology-2026/</guid><description>Coastal Skin Surgery &amp; Dermatology, a Florida Panhandle dermatology and Mohs surgery group, disclosed in 2026 that its third-party vendor TriZetto Provider Solutions / Cognizant suffered a November 2024 intrusion exposing 6,173 Coastal patients. Part of the ~3.43M aggregate TriZetto breach. Kroll-administered credit monitoring offered. Here is what to do.</description><pubDate>Mon, 26 Jan 2026 00:00:00 GMT</pubDate><category>vendor-breach</category><category>class-action-filed</category></item><item><title>Pecan Tree Dental, PLLC: 13,300 exposed</title><link>https://myhealthconsent.org/breaches/pecan-tree-dental-pllc-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/pecan-tree-dental-pllc-2026/</guid><description>Pecan Tree Dental, PLLC, a Grand Prairie, Texas general dentistry practice, was attacked January 2026 by the Sinobi ransomware group, which claimed 250 GB of patient data exfiltrated and leaked it publicly. 13,300 patients affected. Reported to HHS OCR Jan 26, 2026. Here is what to do.</description><pubDate>Mon, 26 Jan 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Sinobi</category></item><item><title>Jefferson-Blount-St. Clair Mental Health Authority: 30,434 exposed</title><link>https://myhealthconsent.org/breaches/jefferson-blount-st-clair-mental-health-authority-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/jefferson-blount-st-clair-mental-health-authority-2026/</guid><description>Jefferson-Blount-St. Clair Mental Health Authority, the regional behavioral-health authority serving three Alabama counties (&gt;800,000 population), disclosed in January 2026 a November 2025 Medusa ransomware attack exposing names, Social Security numbers, diagnoses, prescriptions, and Medicare/Medicaid IDs for 30,434 patients and employees. 15 years of records (2011-2025). 168.6 GB exfiltrated. No credit monitoring offered. Here is what to do.</description><pubDate>Fri, 23 Jan 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Medusa</category></item><item><title>Precipio, Inc.: 4,952 exposed</title><link>https://myhealthconsent.org/breaches/precipio-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/precipio-2026/</guid><description>Precipio, Inc. (NASDAQ: PRPO), a New Haven, Connecticut publicly-traded hematopathology company specializing in blood cancer diagnostics, was attacked by INC RANSOM in November 2025. 150 GB exfiltrated. Initial December disclosure claimed no SSN exposure; April 2026 Texas AG filing reveals 4,952 TX residents had SSNs, driver&apos;s licenses, and financial accounts in scope. Here is what to do.</description><pubDate>Fri, 23 Jan 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>INC RANSOM</category></item><item><title>Waterford Surgical Center: 9,000 exposed</title><link>https://myhealthconsent.org/breaches/waterford-surgical-center-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/waterford-surgical-center-2026/</guid><description>Waterford Surgical Center, a Michigan ambulatory surgical center, was attacked by the SafePay ransomware group in September 2025. Names, Social Security numbers, dates of birth, medical/treatment information, health insurance, billing, and credentialing data for 9,000 patients exposed. No credit monitoring offered. Here is what to do.</description><pubDate>Thu, 22 Jan 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>SafePay</category></item><item><title>AdventHealth Daytona Beach: 821 exposed</title><link>https://myhealthconsent.org/breaches/adventhealth-daytona-beach-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/adventhealth-daytona-beach-2026/</guid><description>AdventHealth Daytona Beach, a Florida acute-care hospital undergoing a $220M expansion, lost outpatient laboratory order paperwork in November 2025 when construction workers installing a pneumatic tube system discarded paperwork from a relocating lab department. 821 patients exposed. Names, diagnoses, and insurance policy numbers in scope — no SSN. No credit monitoring offered. Here is what to do.</description><pubDate>Tue, 20 Jan 2026 00:00:00 GMT</pubDate><category>physical-theft</category><category>ocr-open</category></item><item><title>Middlesex Sheriff&apos;s Office: 501 exposed</title><link>https://myhealthconsent.org/breaches/middlesex-sheriffs-office-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/middlesex-sheriffs-office-2026/</guid><description>The Middlesex Sheriff&apos;s Office in Massachusetts disclosed in January 2026 a January 2025 network intrusion affecting inmate medical records — a 12-month notification lag. 501 individuals (placeholder; final count likely higher). Names, addresses, DOBs, diagnoses, and &apos;other general health information&apos; exposed for people who received correctional healthcare. No SSN; no credit monitoring offered. Here is what to do.</description><pubDate>Tue, 20 Jan 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>FullBeauty Brands, Inc. Associate Benefits Plan: 4,725 exposed</title><link>https://myhealthconsent.org/breaches/fullbeauty-brands-associate-benefits-plan-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/fullbeauty-brands-associate-benefits-plan-2026/</guid><description>FullBeauty Brands, Inc., the New York plus-size apparel retailer (Woman Within, Roaman&apos;s, Catherines, ELOQUII, Avenue, KingSize, BrylaneHome, CUUP), suffered an October-November 2025 Everest ransomware attack that exfiltrated 161 GB of internal data. The HHS OCR filing covers the company&apos;s self-insured Associate Benefits Plan: 4,725 employees and dependents whose names, Social Security numbers, and health insurance information were exposed. 12 months Experian IdentityWorks offered. Here is what to do.</description><pubDate>Fri, 16 Jan 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Everest</category></item><item><title>Minnesota Department of Human Services: 303,965 exposed</title><link>https://myhealthconsent.org/breaches/minnesota-department-of-human-services-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/minnesota-department-of-human-services-2026/</guid><description>Minnesota DHS disclosed in January 2026 that a healthcare provider with legitimate MnCHOICES access viewed records of 303,965 Minnesotans seeking long-term care services outside their authorization scope. Last 4 of SSN, Medicaid ID, address, and demographic data exposed. No credit monitoring offered. Here is what was taken and what to do.</description><pubDate>Fri, 16 Jan 2026 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Supportive Home Health: 1,415 exposed</title><link>https://myhealthconsent.org/breaches/supportive-home-health-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/supportive-home-health-2026/</guid><description>Superior Care Plus LLC (d/b/a Supportive Home Health LLC), affiliated with Patriot Outpatient LLC and operating publicly as Patriot At Home, a veteran-owned Ohio home health agency, disclosed a November 2025 employee email compromise exposing names, health insurance, treatment information, admission/discharge dates, and a limited subset&apos;s Social Security and Medicare numbers for 1,415 elderly home health patients. Here is what to do.</description><pubDate>Fri, 16 Jan 2026 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>360 Dental PC: 11,273 exposed</title><link>https://myhealthconsent.org/breaches/360-dental-pc-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/360-dental-pc-2026/</guid><description>360 Dental PC, a Northeast Philadelphia dental practice, disclosed in January 2026 a November 2025 ransomware attack that encrypted internal server files and exposed names, dates of birth, dental clinical records, and (for some) Social Security numbers for 11,273 patients. No complimentary credit monitoring offered. Here is what to do.</description><pubDate>Thu, 15 Jan 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category></item><item><title>Continental Casualty Company: 6,086 exposed</title><link>https://myhealthconsent.org/breaches/continental-casualty-cna-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/continental-casualty-cna-2026/</guid><description>Continental Casualty Company (CNA), the insurance subsidiary of CNA Financial Corp., disclosed an October 2024 intrusion of external systems (discovered January 2025) affecting 6,086 individuals in Illinois. Distinct from the 2021 Phoenix CryptoLocker ransomware. 12 months Epiq identity-monitoring offered. Here is what to do.</description><pubDate>Thu, 15 Jan 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Southern Immediate Care, LLC: 7,447 exposed</title><link>https://myhealthconsent.org/breaches/southern-immediate-care-llc-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/southern-immediate-care-llc-2026/</guid><description>Southern Immediate Care, an Alabama urgent-care chain with nine walk-in clinics, disclosed in January 2026 an April 2025 employee email compromise exposing names, Social Security numbers, dates of birth, government IDs, medical information, and financial information for 7,447 patients. Free credit monitoring offered. Here is what to do.</description><pubDate>Thu, 15 Jan 2026 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>Tulane University Medical Group: 6,556 exposed</title><link>https://myhealthconsent.org/breaches/tulane-university-medical-group-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/tulane-university-medical-group-2026/</guid><description>Tulane University Medical Group (TUMG), the faculty practice plan of Tulane University School of Medicine in New Orleans, was hit by the Cl0p ransomware group in November 2025. Names, dates of birth, diagnoses, treatment records, prescriptions, MRNs, health insurance, dates of service, and in a subset SSNs and driver&apos;s licenses for 6,556 patients exposed. Credit monitoring offered for SSN-affected subset. Here is what to do.</description><pubDate>Thu, 15 Jan 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Cl0p</category></item><item><title>Circle Park Behavioral Health Services: 7,020 exposed</title><link>https://myhealthconsent.org/breaches/circle-park-behavioral-health-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/circle-park-behavioral-health-2026/</guid><description>Florence County Commission on Alcohol &amp; Drug Abuse (d/b/a Circle Park Behavioral Health Services), a South Carolina substance use disorder treatment authority, disclosed in January 2026 a March 2025 employee email compromise exposing names, Social Security numbers, driver&apos;s licenses, and SUD treatment history for 7,020 patients. Records are protected by 42 CFR Part 2. 12 months IDX offered. Here is what to do.</description><pubDate>Wed, 14 Jan 2026 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>TMG Health, Inc.: 2,076 exposed</title><link>https://myhealthconsent.org/breaches/tmg-health-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/tmg-health-2026/</guid><description>TMG Health, Inc., a Cognizant-owned business process outsourcing (BPO) provider serving Medicare Advantage, Part D, and Managed Medicaid plans, disclosed a November 2024 network intrusion with 10-month dwell time. The 2,076-individual OCR filing covers one downstream health plan client&apos;s slice of the broader incident. Names, member IDs, Social Security numbers, and health information exposed. Credit monitoring offered. Here is what to do.</description><pubDate>Tue, 13 Jan 2026 00:00:00 GMT</pubDate><category>vendor-breach</category><category>class-action-filed</category></item><item><title>Avosina Healthcare Solutions: 44,425 exposed</title><link>https://myhealthconsent.org/breaches/avosina-healthcare-solutions-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/avosina-healthcare-solutions-2026/</guid><description>Avosina Healthcare Solutions, a Virginia-based medical billing business associate serving 160+ providers across 30+ DC metro practices, disclosed in January 2026 a July 2025 Qilin ransomware attack. 44,425 individuals affected. 24 months IDX credit monitoring + $1M identity theft insurance offered. Here is what to do.</description><pubDate>Sat, 10 Jan 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Qilin</category></item><item><title>Central Ozarks Medical Center: 11,818 exposed</title><link>https://myhealthconsent.org/breaches/central-ozarks-medical-center-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/central-ozarks-medical-center-2026/</guid><description>Central Ozarks Medical Center, a Missouri Federally Qualified Health Center serving the Lake of the Ozarks region across five counties, disclosed in January 2026 a November 2025 network intrusion exposing names, Social Security numbers, financial account information, and medical records for 11,818 patients. 12 months IDX monitoring offered. Here is what to do.</description><pubDate>Fri, 09 Jan 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>The Center for Neuropsychology and Learning, PC: 3,722 exposed</title><link>https://myhealthconsent.org/breaches/cnld-neuropsychology-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/cnld-neuropsychology-2026/</guid><description>The Center for Neuropsychology, Learning &amp; Development (CNLD), an Ann Arbor, Michigan practice serving children, teens, and adults for ADHD, autism, and learning disability testing, was attacked by the Qilin ransomware group in October 2025. The group claims 150 GB exfiltrated. Names, contact information, dates of birth, medical and therapy records, insurance, and billing data for 3,722 patients exposed. Pediatric mental-health records are particularly sensitive. Here is what to do.</description><pubDate>Fri, 09 Jan 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Qilin</category></item><item><title>Home, Hope and Healing, Inc.: 500 exposed</title><link>https://myhealthconsent.org/breaches/home-hope-and-healing-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/home-hope-and-healing-2026/</guid><description>Home, Hope and Healing, Inc., a family-owned Maine home health agency serving medically fragile pediatric and elderly populations across 14 of 16 Maine counties, filed an HHS OCR breach in January 2026. Names, Social Security numbers, medical records, and health insurance for 500+ patients exposed. Federman &amp; Sherwood investigating. Limited public detail. Here is what to do.</description><pubDate>Fri, 09 Jan 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Iowa Health and Human Services: 3,340 exposed</title><link>https://myhealthconsent.org/breaches/iowa-hhs-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/iowa-hhs-2026/</guid><description>The Iowa Department of Health and Human Services filed an HHS OCR breach on January 6, 2026 affecting 3,340 individuals. As of mid-May 2026, no entity notice, Iowa AG filing, or press coverage has surfaced for this specific incident — a notable transparency gap for a state agency breach affecting vulnerable Medicaid populations. Here is what to do.</description><pubDate>Tue, 06 Jan 2026 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Mid Michigan Medical Billing Service, Inc.: 28,185 exposed</title><link>https://myhealthconsent.org/breaches/mid-michigan-medical-billing-service-inc-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/mid-michigan-medical-billing-service-inc-2026/</guid><description>Mid Michigan Medical Billing Service, a Flint, Michigan revenue-cycle-management business associate serving multiple Michigan medical practices, disclosed in January 2026 a March 2025 Qilin ransomware attack exposing names, dates of birth, driver&apos;s licenses, Medicare/Medicaid IDs, diagnoses, prescriptions, and (for some) Social Security numbers for 28,185 patients across its downstream client roster. ~38 GB claimed exfiltrated. Here is what to do.</description><pubDate>Mon, 05 Jan 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Qilin</category></item><item><title>Texas Health and Human Services Commission: 68,066 exposed</title><link>https://myhealthconsent.org/breaches/texas-health-and-human-services-commission-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/texas-health-and-human-services-commission-2026/</guid><description>The Texas Health and Human Services Commission disclosed a 2026 OCR filing tied to its rolling insider-misuse breach in which nine HHSC employees and a Maximus contractor accessed protected health information of Medicaid and SNAP recipients between 2021 and 2025. 68,066 individuals affected in this OCR tranche (cumulative HHSC total ~94,000+). Two years of credit monitoring offered. Here is what to do.</description><pubDate>Mon, 05 Jan 2026 00:00:00 GMT</pubDate><category>insider-threat</category><category>ocr-open</category></item><item><title>Andover Eye Associates: 1,638 exposed</title><link>https://myhealthconsent.org/breaches/andover-eye-associates-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/andover-eye-associates-2025/</guid><description>Andover Eye Associates (Andover, MA) reported a 2025 email-account compromise to the HHS Office for Civil Rights affecting 1,638 individuals. Unauthorized access on May 28, 2025; discovered June 10, 2025; state AG and individual notifications mailed December 31, 2025 — January 2, 2026. Exposed data included name, Social Security number, address, and medical information.</description><pubDate>Wed, 31 Dec 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Pines of Sarasota Healthcare, LLC: 1,258 exposed</title><link>https://myhealthconsent.org/breaches/pines-of-sarasota-healthcare-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/pines-of-sarasota-healthcare-llc-2025/</guid><description>Pines of Sarasota Healthcare, LLC (FL) filed a HIPAA breach notification with the HHS Office for Civil Rights on December 31, 2025, reporting 1,258 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on th...</description><pubDate>Wed, 31 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Standards Home Health, Inc.: 6,847 exposed</title><link>https://myhealthconsent.org/breaches/standards-home-health-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/standards-home-health-inc-2025/</guid><description>Standards Home Health, Inc. (TX) filed a HIPAA breach notification with the HHS Office for Civil Rights on December 31, 2025, reporting 6,847 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Wed, 31 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Steel Encounters, Inc.: 959 exposed</title><link>https://myhealthconsent.org/breaches/steel-encounters-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/steel-encounters-inc-2025/</guid><description>Steel Encounters, Inc. (UT) filed a HIPAA breach notification with the HHS Office for Civil Rights on December 31, 2025, reporting 959 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this p...</description><pubDate>Wed, 31 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Advantage Capital Holdings LLC: 26,343 exposed</title><link>https://myhealthconsent.org/breaches/advantage-capital-holdings-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/advantage-capital-holdings-llc-2025/</guid><description>Advantage Capital Holdings LLC filed a HIPAA breach notification with the HHS Office for Civil Rights on December 30, 2025, reporting 26,343 individuals affected by a Hacking/IT Incident at a Network Server. The OCR portal classifies the covered entity as a Health Plan in Utah. Federman &amp; Sherwood announced a class-action investigation on May 13, 2026.</description><pubDate>Tue, 30 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Associated Radiologists of the Finger Lakes, P.C.: 501 exposed</title><link>https://myhealthconsent.org/breaches/associated-radiologists-of-the-finger-lakes-p-c-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/associated-radiologists-of-the-finger-lakes-p-c-2025/</guid><description>Associated Radiologists of the Finger Lakes, P.C. (NY) filed a HIPAA breach notification with the HHS Office for Civil Rights on December 29, 2025, reporting 501 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet p...</description><pubDate>Mon, 29 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Docs Medical Group, Inc. dba Pulse Urgent Care: 4,035 exposed</title><link>https://myhealthconsent.org/breaches/docs-medical-group-inc-dba-pulse-urgent-care-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/docs-medical-group-inc-dba-pulse-urgent-care-2025/</guid><description>Docs Medical Group, Inc. dba Pulse Urgent Care (Redding, CA) filed a HIPAA breach notification with the HHS Office for Civil Rights on December 28, 2025, reporting 4,035 affected individuals. The Medusa ransomware group claimed the March 24, 2025 intrusion. Notification letters went out on December 29, 2025 with 12 months of TransUnion credit monitoring.</description><pubDate>Sun, 28 Dec 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Medusa ransomware group</category></item><item><title>BlueCross BlueShield of Tennessee, Inc.: 780 exposed</title><link>https://myhealthconsent.org/breaches/bluecross-blueshield-of-tennessee-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/bluecross-blueshield-of-tennessee-inc-2025/</guid><description>BlueCross BlueShield of Tennessee (BCBST) filed a HIPAA breach notification with HHS OCR on December 26, 2025, reporting 780 affected individuals after one plan member accidentally received virtual ID cards belonging to other members on the same employer plan. Names, member IDs, addresses, and group numbers were exposed; complimentary identity monitoring is being offered.</description><pubDate>Fri, 26 Dec 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>CareOregon: 5,473 exposed</title><link>https://myhealthconsent.org/breaches/careoregon-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/careoregon-2025/</guid><description>CareOregon and Health Share of Oregon notified 5,473 Oregon Health Plan members after discovering on October 27, 2025 that one or more individuals viewed member information without permission. Exposed data included names, dates of birth, Medicaid/Medicare ID numbers, health plan information, and primary care provider office. The plan warned of possible insurance-fraud misuse.</description><pubDate>Fri, 26 Dec 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Glendale Obstetrics &amp; Gynecology PCA: 501 exposed</title><link>https://myhealthconsent.org/breaches/glendale-obstetrics-gynecology-pca-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/glendale-obstetrics-gynecology-pca-2025/</guid><description>Glendale Obstetrics &amp; Gynecology PCA (AZ) filed a HIPAA breach notification with the HHS Office for Civil Rights on December 24, 2025, reporting 501 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly discl...</description><pubDate>Wed, 24 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>AllerVie Health: 80,521 exposed</title><link>https://myhealthconsent.org/breaches/allervie-health-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/allervie-health-2025/</guid><description>AllerVie Health, the national allergy and immunology network, confirmed an Anubis ransomware intrusion from October 24 through November 3, 2025 exposing 80,521 patients&apos; names, SSNs, treatment/diagnosis records, prescription information, and Medicaid/Medicare numbers. A federal class action reached a notice of settlement June 4, 2026. Here is what to do.</description><pubDate>Tue, 23 Dec 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category></item><item><title>HAP (Health Alliance Plan): 1,059 exposed</title><link>https://myhealthconsent.org/breaches/hap-health-alliance-plan-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/hap-health-alliance-plan-2025/</guid><description>HAP (Health Alliance Plan) (MI) filed a HIPAA breach notification with the HHS Office for Civil Rights on December 22, 2025, reporting 1,059 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Mon, 22 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Medical Center, LLP: 32,090 exposed</title><link>https://myhealthconsent.org/breaches/medical-center-llp-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/medical-center-llp-2025/</guid><description>Medical Center, LLP d/b/a Dublin Medical Center, a primary-care family-medicine practice in Dublin, Georgia, detected suspicious network activity on October 17, 2025 and filed a hacking/IT incident with HHS OCR on December 19, 2025 affecting 32,090 patients. Unauthorized access began October 7, 2025. Names, Social Security numbers, driver&apos;s license numbers, full medical records, radiology imaging, lab reports, medical consent forms, and health insurance information exfiltrated. Class-action filed in Laurens County Superior Court. Here is what to do.</description><pubDate>Fri, 19 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>Mitchell County Department of Social Services: 501 exposed</title><link>https://myhealthconsent.org/breaches/mitchell-county-department-of-social-services-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/mitchell-county-department-of-social-services-2025/</guid><description>Mitchell County Department of Social Services (NC) filed a HIPAA breach notification with the HHS Office for Civil Rights on December 19, 2025, reporting 501 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publi...</description><pubDate>Fri, 19 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Reproductive Medicine Associates of Michigan: 501 exposed</title><link>https://myhealthconsent.org/breaches/reproductive-medicine-associates-of-michigan-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/reproductive-medicine-associates-of-michigan-2025/</guid><description>Reproductive Medicine Associates of Michigan (MI) filed a HIPAA breach notification with the HHS Office for Civil Rights on December 19, 2025, reporting 501 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet public...</description><pubDate>Fri, 19 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>North East Medical Services: 91,513 exposed</title><link>https://myhealthconsent.org/breaches/north-east-medical-services-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/north-east-medical-services-2025/</guid><description>North East Medical Services (NEMS), the San Francisco Bay Area FQHC that primarily serves Asian-American immigrant communities, disclosed a network intrusion at its third-party hosted managed service provider UnitedLayer. 91,513 individuals affected. Names, Social Security numbers, and medical information potentially exposed. Multiple plaintiffs&apos; firms investigating. Here is what to do.</description><pubDate>Thu, 18 Dec 2025 00:00:00 GMT</pubDate><category>vendor-breach</category><category>ocr-open</category><category>RansomHouse (claimed; not confirmed by UnitedLayer)</category></item><item><title>Excellent Home Care Services, LLC: 16,278 exposed</title><link>https://myhealthconsent.org/breaches/excellent-home-care-services-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/excellent-home-care-services-llc-2025/</guid><description>Excellent Home Care Services, LLC, a Brooklyn-based home health agency serving Bronx, Kings, Nassau, New York, and Queens counties, reported a December 17, 2025 breach to HHS OCR affecting 16,278 individuals. An unauthorized actor accessed an employee email account on November 25, 2025, exposing names, Social Security numbers, Medicare/Medicaid numbers, and plan-of-care medical information for a predominantly elderly home-care population.</description><pubDate>Wed, 17 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Pit River Health Service Inc.: 1,800 exposed</title><link>https://myhealthconsent.org/breaches/pit-river-health-service-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/pit-river-health-service-2026/</guid><description>Pit River Health Service, a tribal health nonprofit serving the Pit River Tribe and the American Indian population of Shasta, Modoc, and Lassen counties in northeastern California, suffered a December 2025 cyberattack that took its EHR and Dentrix dental systems offline. 1,800 patients exposed. IHS records carved out as unaffected. No credit monitoring publicly named. Here is what to do.</description><pubDate>Wed, 17 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>FPMCM LLC: 2,072 exposed</title><link>https://myhealthconsent.org/breaches/fpmcm-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/fpmcm-llc-2025/</guid><description>FPMCM LLC (TN) filed a HIPAA breach notification with the HHS Office for Civil Rights on December 15, 2025, reporting 2,072 affected individuals in a Unauthorized Access/Disclosure event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Mon, 15 Dec 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Baltimore Medical System, Inc.: 501 exposed</title><link>https://myhealthconsent.org/breaches/baltimore-medical-system-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/baltimore-medical-system-inc-2025/</guid><description>Baltimore Medical System, Inc. — Maryland&apos;s largest Federally Qualified Health Center — was hit by the Brain Cipher ransomware group, which exfiltrated server backups and listed BMS on its dark web leak site on September 16, 2025. Unauthorized access occurred July 2–20, 2025. BMS filed with HHS OCR on December 12, 2025 and began mailing notification letters in April 2026. Exposed data includes SSNs, dates of birth, government IDs, Medicare/Medicaid numbers, diagnoses, lab results, medications, and financial account information.</description><pubDate>Fri, 12 Dec 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Brain Cipher</category></item><item><title>Brevard Skin and Cancer Center: 54,570 exposed</title><link>https://myhealthconsent.org/breaches/brevard-skin-and-cancer-center-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/brevard-skin-and-cancer-center-2025/</guid><description>Brevard Skin and Cancer Center, a five-location dermatology and Mohs surgery practice on Florida&apos;s Space Coast, filed a Hacking/IT Incident report with HHS OCR on December 12, 2025 affecting 54,570 individuals. An unauthorized actor accessed the network around September 28, 2025; the PEAR extortion group later claimed theft of 1.8 TB of data including names, Social Security numbers, dates of birth, dermatology and skin cancer diagnoses, and clinical information. Multiple class action investigations are underway.</description><pubDate>Fri, 12 Dec 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category></item><item><title>Heywood Healthcare Inc. including Henry Heywood Memorial Hospital, Athol Memorial Hospital, and Heywood Medical Group, Inc. (“Heywood”): 500 exposed</title><link>https://myhealthconsent.org/breaches/heywood-healthcare-inc-including-henry-heywood-memorial-hospital-athol-memorial-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/heywood-healthcare-inc-including-henry-heywood-memorial-hospital-athol-memorial-2025/</guid><description>Heywood Healthcare Inc. including Henry Heywood Memorial Hospital, Athol Memorial Hospital, and Heywood Medical Group, Inc. (“Heywood”) (MA) filed a HIPAA breach notification with the HHS Office for Civil Rights on December 12, 2025, reporting 500 affected individuals in a Hacking/IT Incident event at Network Server...</description><pubDate>Fri, 12 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>OCAT, LLC dba Evoke Wellness at Hilliard: 1,629 exposed</title><link>https://myhealthconsent.org/breaches/ocat-llc-dba-evoke-wellness-at-hilliard-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/ocat-llc-dba-evoke-wellness-at-hilliard-2025/</guid><description>OCAT, LLC dba Evoke Wellness at Hilliard (OH) filed a HIPAA breach notification with the HHS Office for Civil Rights on December 12, 2025, reporting 1,629 affected individuals in a Unauthorized Access/Disclosure event at Electronic Medical Record. The HHS OCR portal entry is the primary public record; further detail...</description><pubDate>Fri, 12 Dec 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Centric Health: 6,855 exposed</title><link>https://myhealthconsent.org/breaches/centric-health-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/centric-health-2025/</guid><description>Centric Health, a multi-specialty healthcare provider in Bakersfield, California, filed a HIPAA breach notification with the HHS Office for Civil Rights on December 10, 2025, reporting 6,855 individuals affected in a Hacking/IT Incident involving an Electronic Medical Record and Network Server. A business associate was involved.</description><pubDate>Wed, 10 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Advanced Healthcare Professionals: 1,800 exposed</title><link>https://myhealthconsent.org/breaches/advanced-healthcare-professionals-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/advanced-healthcare-professionals-2025/</guid><description>Advanced Healthcare Professionals, a Houston-based personal care attendant services provider, reported a data breach to the Texas Attorney General on December 9, 2025 affecting approximately 1,800 Texans, then filed a HIPAA breach notification with HHS OCR on December 31, 2025 listing 800 individuals in a Hacking/IT Incident at a Network Server. Exposed data included Social Security numbers, driver&apos;s license numbers, dates of birth, and medical and insurance information.</description><pubDate>Tue, 09 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Ochsner LSU Health – Regional Urology: 4,519 exposed</title><link>https://myhealthconsent.org/breaches/ochsner-lsu-health-regional-urology-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/ochsner-lsu-health-regional-urology-2025/</guid><description>Ochsner LSU Health – Regional Urology (LA) filed a HIPAA breach notification with the HHS Office for Civil Rights on December 09, 2025, reporting 4,519 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly di...</description><pubDate>Tue, 09 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Southern Oregon Neurosurgical and Spine Associates, PC: 1,000 exposed</title><link>https://myhealthconsent.org/breaches/southern-oregon-neurosurgical-and-spine-associates-pc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/southern-oregon-neurosurgical-and-spine-associates-pc-2025/</guid><description>Southern Oregon Neurosurgical and Spine Associates, PC (OR) filed a HIPAA breach notification with the HHS Office for Civil Rights on December 09, 2025, reporting 1,000 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet pub...</description><pubDate>Tue, 09 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>TriCity Family Services: 2,511 exposed</title><link>https://myhealthconsent.org/breaches/tricity-family-services-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/tricity-family-services-2025/</guid><description>TriCity Family Services (IL) filed a HIPAA breach notification with the HHS Office for Civil Rights on December 08, 2025, reporting 2,511 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on thi...</description><pubDate>Mon, 08 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Vida Y Salud-Health Systems, Inc.: 35,236 exposed</title><link>https://myhealthconsent.org/breaches/vida-y-salud-health-systems-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/vida-y-salud-health-systems-inc-2025/</guid><description>Vida Y Salud-Health Systems, Inc., a nonprofit Federally Qualified Health Center in Crystal City, Texas serving predominantly Spanish-speaking communities across Zavala, Dimmit, La Salle, and Uvalde counties, disclosed an October 2025 network intrusion. Names, Social Security numbers, driver&apos;s license numbers, medical and health-insurance information, and financial account details exposed for 35,236 individuals. Multiple plaintiffs&apos; firms investigating. Here is what to do.</description><pubDate>Mon, 08 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Columbia Medical Practice: 94,131 exposed</title><link>https://myhealthconsent.org/breaches/columbia-medical-practice-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/columbia-medical-practice-2025/</guid><description>Columbia Medical Practice, a multi-specialty physician group in Columbia, Maryland, disclosed a November 2025 Qilin ransomware attack that exposed names, Social Security numbers, and protected health information. The breach was filed with HHS OCR on December 5, 2025 for 94,131 affected individuals. Here is what was exposed, what the practice is offering, and what to do.</description><pubDate>Fri, 05 Dec 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Qilin</category></item><item><title>NCH Corporation Employee Benefits Plan: 3,098 exposed</title><link>https://myhealthconsent.org/breaches/nch-corporation-employee-benefits-plan-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/nch-corporation-employee-benefits-plan-2025/</guid><description>NCH Corporation Employee Benefits Plan (TX) filed a HIPAA breach notification with the HHS Office for Civil Rights on December 05, 2025, reporting 3,098 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly d...</description><pubDate>Fri, 05 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Greater St. Louis Oral &amp; Maxillofacial Surgery PC: 501 exposed</title><link>https://myhealthconsent.org/breaches/greater-st-louis-oral-maxillofacial-surgery-pc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/greater-st-louis-oral-maxillofacial-surgery-pc-2025/</guid><description>Greater St. Louis Oral &amp; Maxillofacial Surgery PC (MO) filed a HIPAA breach notification with the HHS Office for Civil Rights on December 04, 2025, reporting 501 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly d...</description><pubDate>Thu, 04 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Fieldtex Products, Inc.: 5,901 exposed</title><link>https://myhealthconsent.org/breaches/fieldtex-products-inc-2-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/fieldtex-products-inc-2-2025/</guid><description>Fieldtex Products, Inc. (NY) filed a HIPAA breach notification with the HHS Office for Civil Rights on December 03, 2025, reporting 5,901 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on thi...</description><pubDate>Wed, 03 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>MedStar Health, Inc.: 64,332 exposed</title><link>https://myhealthconsent.org/breaches/medstar-health-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/medstar-health-inc-2025/</guid><description>MedStar Health reported a September 2025 Rhysida ransomware attack to HHS OCR on December 3, 2025, affecting 64,332 patients. Rhysida published 3.7 TB of stolen data after MedStar did not pay. A federal class action is active. Here is what to do.</description><pubDate>Wed, 03 Dec 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category><category>Rhysida</category></item><item><title>Madison Healthcare Services: 500 exposed</title><link>https://myhealthconsent.org/breaches/madison-healthcare-services-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/madison-healthcare-services-2025/</guid><description>Madison Healthcare Services (MN) filed a HIPAA breach notification with the HHS Office for Civil Rights on December 02, 2025, reporting 500 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on t...</description><pubDate>Tue, 02 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>West Texas Health, PLLC: 73,720 exposed</title><link>https://myhealthconsent.org/breaches/west-texas-health-pllc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/west-texas-health-pllc-2025/</guid><description>West Texas Health, PLLC — an Abilene, Texas multispecialty physician group and member of Privia Medical Group acting as a HIPAA business associate to Privia Medical Group West Texas, LLC — reported 73,720 individuals affected by a network-server intrusion between September 12 and October 3, 2025. State AG filings confirmed in 14 states. A class-action investigation is active. Here is what to do.</description><pubDate>Tue, 02 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>FedEx Corporation Group Health Plan: 1,066 exposed</title><link>https://myhealthconsent.org/breaches/fedex-corporation-group-health-plan-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/fedex-corporation-group-health-plan-2025/</guid><description>FedEx Corporation Group Health Plan (TN) filed a HIPAA breach notification with the HHS Office for Civil Rights on December 01, 2025, reporting 1,066 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disc...</description><pubDate>Mon, 01 Dec 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Cerenade: 987 exposed</title><link>https://myhealthconsent.org/breaches/cerenade-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/cerenade-2025/</guid><description>Cerenade, a California-based cloud case management software vendor, was breached by the Akira ransomware group on October 2-3, 2025. The HHS OCR portal lists 987 affected individuals in a Hacking/IT Incident at Network Server. Cerenade disclosed to the California Attorney General on January 2, 2026 and is offering one year of IDX identity-theft protection.</description><pubDate>Sun, 30 Nov 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Akira ransomware group</category></item><item><title>Sports Medicine &amp; Orthopaedics: 4,000 exposed</title><link>https://myhealthconsent.org/breaches/sports-medicine-orthopaedics-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/sports-medicine-orthopaedics-2025/</guid><description>Sports Medicine &amp; Orthopaedics (RI) filed a HIPAA breach notification with the HHS Office for Civil Rights on November 30, 2025, reporting 4,000 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed...</description><pubDate>Sun, 30 Nov 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Richmond Behavioral Health Authority: 113,232 exposed</title><link>https://myhealthconsent.org/breaches/richmond-behavioral-health-authority-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/richmond-behavioral-health-authority-2025/</guid><description>Richmond Behavioral Health Authority (RBHA) disclosed a Qilin ransomware attack on September 29, 2025 that exposed names, Social Security numbers, passport numbers, financial account data, and health information of 113,232 individuals. RBHA offered no credit monitoring. Multiple class actions filed in the Eastern District of Virginia. Here is what to do.</description><pubDate>Fri, 28 Nov 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category><category>Qilin</category></item><item><title>Spindletop Center: 88,863 exposed</title><link>https://myhealthconsent.org/breaches/spindletop-center-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/spindletop-center-2025/</guid><description>Spindletop Center, the local mental health authority for Southeast Texas (Beaumont / Orange / Silsbee / Port Arthur), filed a HIPAA breach with HHS OCR on November 28, 2025 reporting 88,863 affected individuals. The Rhysida ransomware group claimed the intrusion and listed the center on its dark-web leak site, demanding 15 BTC. Exposed data spans Social Security numbers, driver&apos;s license / government IDs, dates of birth, addresses, diagnosis information, and case numbers — categories of particular sensitivity for a center providing behavioral health, intellectual / developmental disability, and substance-use disorder treatment subject to 42 CFR Part 2.</description><pubDate>Fri, 28 Nov 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Rhysida</category></item><item><title>Center for Urologic Care of Berks County, PC: 543 exposed</title><link>https://myhealthconsent.org/breaches/center-for-urologic-care-of-berks-co-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/center-for-urologic-care-of-berks-co-2025/</guid><description>Center for Urologic Care of Berks County (Wyomissing, PA) disclosed a hacking incident affecting 543 patients. An unauthorized third party accessed the practice&apos;s network between September 24 and October 13, 2025. Exposed data includes names, Social Security numbers, dates of birth, addresses, government IDs, doctor names, diagnoses, prescribed medications, test results, and medical images. Filed with HHS OCR on November 26, 2025.</description><pubDate>Wed, 26 Nov 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Henry Ford Health: 1,984 exposed</title><link>https://myhealthconsent.org/breaches/henry-ford-health-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/henry-ford-health-2025/</guid><description>Henry Ford Health (MI) filed a HIPAA breach notification with the HHS Office for Civil Rights on November 26, 2025, reporting 1,984 affected individuals in a Unauthorized Access/Disclosure event at Desktop Computer. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed...</description><pubDate>Wed, 26 Nov 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Keystone Alliance, Inc.: 1,021 exposed</title><link>https://myhealthconsent.org/breaches/keystone-alliance-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/keystone-alliance-inc-2025/</guid><description>Keystone Alliance, Inc. (IL) filed a HIPAA breach notification with the HHS Office for Civil Rights on November 26, 2025, reporting 1,021 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Wed, 26 Nov 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Persante Health Care: 111,815 exposed</title><link>https://myhealthconsent.org/breaches/persante-health-care-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/persante-health-care-2025/</guid><description>Persante Health Care, a New Jersey-based sleep and balance center management business associate, reported 111,815 individuals affected by an INC Ransom intrusion in January 2025. Notification letters went out November 26, 2025. Kroll identity monitoring (24 months) is offered. Here is what to do.</description><pubDate>Wed, 26 Nov 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>INC Ransom</category></item><item><title>Tanner Medical Center: 1,000 exposed</title><link>https://myhealthconsent.org/breaches/tanner-medical-center-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/tanner-medical-center-2025/</guid><description>Tanner Medical Center (GA) filed a HIPAA breach notification with the HHS Office for Civil Rights on November 25, 2025, reporting 1,000 affected individuals in a Unauthorized Access/Disclosure event at Electronic Medical Record. The HHS OCR portal entry is the primary public record; further details are not yet publi...</description><pubDate>Tue, 25 Nov 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Davies, McFarland &amp; Carroll LLC: 54,712 exposed</title><link>https://myhealthconsent.org/breaches/davies-mcfarland-carroll-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/davies-mcfarland-carroll-llc-2025/</guid><description>Davies, McFarland &amp; Carroll LLC, a Pittsburgh, PA medical-malpractice defense firm acting as a HIPAA business associate, reported 54,712 individuals affected by a May 2025 network intrusion. The Lynx ransomware group claimed the attack on June 4, 2025. Notification letters went out November 24, 2025; multiple plaintiffs&apos; firms have opened class-action investigations.</description><pubDate>Mon, 24 Nov 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category><category>Lynx</category></item><item><title>Greater Meridian Health Clinic, Inc.: 4,651 exposed</title><link>https://myhealthconsent.org/breaches/greater-meridian-health-clinic-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/greater-meridian-health-clinic-inc-2025/</guid><description>Greater Meridian Health Clinic, Inc. (MS) filed a HIPAA breach notification with the HHS Office for Civil Rights on November 24, 2025, reporting 4,651 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly dis...</description><pubDate>Mon, 24 Nov 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>AgeRight Clinical Services: 4,859 exposed</title><link>https://myhealthconsent.org/breaches/ageright-clinical-services-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/ageright-clinical-services-2025/</guid><description>AgeRight Clinical Services, the on-site senior-care clinical arm of Marquis Companies (Portland, OR), discovered a 32-day network intrusion on August 17, 2025. Names, Social Security numbers, dates of birth, government IDs, diagnoses, treatment details, insurance and financial information were exposed for 4,859 nursing-facility patients. Oregon AG notice and individual letters mailed November 21, 2025; HHS OCR filed December 5, 2025. Shamis &amp; Gentile P.A. opened a class-action investigation.</description><pubDate>Fri, 21 Nov 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Cache Valley Ear, Nose &amp; Throat: 26,469 exposed</title><link>https://myhealthconsent.org/breaches/cache-valley-ear-nose-throat-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/cache-valley-ear-nose-throat-2025/</guid><description>Cache Valley Ear, Nose &amp; Throat, a North Logan, Utah ENT practice, identified unusual activity in its email environment on February 4, 2025. The Medusa ransomware group later listed the practice on its data-leak site, claiming 210.10 GB of exfiltrated data. The forensic review concluded November 4, 2025, and individual notification letters began on November 21, 2025, more than nine months after detection. HHS OCR filing reports 26,469 affected individuals.</description><pubDate>Fri, 21 Nov 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category></item><item><title>Delta Dental of Virginia: 126,953 exposed</title><link>https://myhealthconsent.org/breaches/delta-dental-of-virginia-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/delta-dental-of-virginia-2025/</guid><description>Delta Dental of Virginia disclosed a March-April 2025 email compromise affecting 126,953 individuals. Names, Social Security numbers, government-issued IDs, and protected health information were potentially accessed. Notification letters mailed November 21, 2025. Five class-action lawsuits followed in December 2025. Here is what to do.</description><pubDate>Fri, 21 Nov 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>class-action-filed</category></item><item><title>Millcreek Pediatrics: 14,095 exposed</title><link>https://myhealthconsent.org/breaches/millcreek-pediatrics-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/millcreek-pediatrics-2025/</guid><description>Millcreek Pediatrics (DE) filed a HIPAA breach notification with the HHS Office for Civil Rights on November 21, 2025, reporting 14,095 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this...</description><pubDate>Fri, 21 Nov 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>NS Support, LLC: 92,845 exposed</title><link>https://myhealthconsent.org/breaches/ns-support-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/ns-support-llc-2025/</guid><description>NS Support, LLC, a Boise, Idaho neurosurgical practice doing business as Neuroscience Associates, detected unauthorized network access on May 29, 2025. A months-long file review concluded on November 7, 2025 that names and transcribed physician-appointment notes for 92,845 patients had been exfiltrated. The entity reported the incident to HHS OCR and began mailing notification letters on November 21, 2025.</description><pubDate>Fri, 21 Nov 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Nura PLLC: 5,207 exposed</title><link>https://myhealthconsent.org/breaches/nura-pllc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/nura-pllc-2025/</guid><description>Nura PLLC (MN) filed a HIPAA breach notification with the HHS Office for Civil Rights on November 21, 2025, reporting 5,207 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 21 Nov 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>VITAS Hospice Services, LLC: 319,177 exposed</title><link>https://myhealthconsent.org/breaches/vitas-hospice-services-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/vitas-hospice-services-llc-2025/</guid><description>VITAS Hospice Services, the largest US for-profit hospice chain and a subsidiary of Chemed Corp (NYSE: CHE), disclosed that an attacker used a compromised vendor account to access its systems from September 21 through October 27, 2025. Names, Social Security numbers, driver&apos;s license numbers, diagnoses, medications, lab results, and next-of-kin contact details for 319,177 current and former patients were exposed.</description><pubDate>Fri, 21 Nov 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>Dr. Michael Kaplan DO PC DBA Long Island Weight Loss Institute: 3,426 exposed</title><link>https://myhealthconsent.org/breaches/dr-michael-kaplan-do-pc-dba-long-island-weight-loss-institute-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/dr-michael-kaplan-do-pc-dba-long-island-weight-loss-institute-2025/</guid><description>Dr. Michael Kaplan DO PC DBA Long Island Weight Loss Institute (NY) filed a HIPAA breach notification with the HHS Office for Civil Rights on November 20, 2025, reporting 3,426 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further detail...</description><pubDate>Thu, 20 Nov 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Fieldtex Products, Inc.: 238,615 exposed</title><link>https://myhealthconsent.org/breaches/fieldtex-products-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/fieldtex-products-inc-2025/</guid><description>Fieldtex Products, a Rochester NY medical-supply fulfillment business associate, was hit by the Akira ransomware group in August 2025. Four HHS OCR reports cover 274,363 individuals across downstream health plans including Medicare and AmeriHealth members. Here is what to do.</description><pubDate>Thu, 20 Nov 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category><category>Akira</category></item><item><title>Wyandot Behavioral Health Network: 27,174 exposed</title><link>https://myhealthconsent.org/breaches/wyandot-behavioral-health-network-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/wyandot-behavioral-health-network-2025/</guid><description>Wyandot Behavioral Health Network (d/b/a Wyandot Center), the Kansas City, KS community mental health center serving Wyandot Center, PACES youth services, RSI crisis, and Kim Wilson Housing, disclosed in November 2025 a September 2025 network intrusion exposing names, Social Security numbers, diagnoses, prescriptions, and medical histories for 27,174 patients. Records include behavioral-health and SUD treatment protected under 42 CFR Part 2. Complimentary credit monitoring offered. Here is what to do.</description><pubDate>Thu, 20 Nov 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Anchorage Neighborhood Health Center: 70,555 exposed</title><link>https://myhealthconsent.org/breaches/anchorage-neighborhood-health-center-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/anchorage-neighborhood-health-center-2025/</guid><description>Anchorage Neighborhood Health Center (ANHC), the federally qualified health center serving Anchorage, Alaska, filed a HIPAA breach notification with HHS OCR on November 19, 2025 reporting 70,555 affected individuals from a Hacking/IT Incident on a network server. Unauthorized network access occurred August 24-25, 2025. Exposed data includes Social Security numbers, dates of birth, state ID numbers, medical treatment information, and health insurance information. Up to 24 months of Experian credit monitoring offered. Class action Hunt v. ANHC pending in the District of Alaska.</description><pubDate>Wed, 19 Nov 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>County of Catawba: 500 exposed</title><link>https://myhealthconsent.org/breaches/county-of-catawba-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/county-of-catawba-2025/</guid><description>County of Catawba (NC) — the county government that includes Catawba County Public Health — filed a HIPAA breach notification with the HHS Office for Civil Rights on November 19, 2025, reporting 500 affected individuals in a Hacking/IT Incident at a Network Server. The Qilin ransomware group claimed the county on its dark-web leak site on October 14, 2025 and posted a 432 GB data trove. The filed count is a placeholder; the population at risk is the county&apos;s public-health and social-services caseload.</description><pubDate>Wed, 19 Nov 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Qilin</category></item><item><title>NAHGA Claim Services: 21,834 exposed</title><link>https://myhealthconsent.org/breaches/nahga-claim-services-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/nahga-claim-services-2025/</guid><description>NAHGA Claim Services, a Bridgton, Maine third-party administrator for secondary accident and health coverage for schools, sports leagues and youth organizations, disclosed an April 2025 intrusion that exposed names, Social Security numbers, dates of birth, driver&apos;s license and passport numbers, medical/treatment information, health-insurance details and financial account data. HHS OCR portal entry reports 21,834 individuals; broader state filings report 181,160. Notifications mailed November 14, 2025; class action Arnett v. NAHGA Inc., 2:25-cv-00632 (D. Me.) filed.</description><pubDate>Wed, 19 Nov 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>Personic Management Company LLC: 10,929 exposed</title><link>https://myhealthconsent.org/breaches/personic-management-company-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/personic-management-company-llc-2025/</guid><description>Personic Management Company LLC (VA) filed a HIPAA breach notification with the HHS Office for Civil Rights on November 19, 2025, reporting 10,929 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclos...</description><pubDate>Wed, 19 Nov 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Dermatology Associates of Concord: 501 exposed</title><link>https://myhealthconsent.org/breaches/dermatology-associates-of-concord-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/dermatology-associates-of-concord-2025/</guid><description>Dermatology Associates of Concord (DAC), a greater-Boston dermatology practice, identified suspicious activity on September 19, 2025, traced to unauthorized access between September 18-19, 2025. The ANUBIS ransomware group claimed the attack and posted samples to its dark-web leak site on November 6, 2025. DAC filed with HHS OCR and the Massachusetts AG on November 18, 2025, and issued a public substitute notice on February 18, 2026. Exposed data may include Social Security numbers, financial and payment-card data, driver&apos;s license and passport numbers, and medical and health-insurance information. Maxey Law Firm is investigating class-action claims.</description><pubDate>Tue, 18 Nov 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>ANUBIS ransomware group</category></item><item><title>Marrs Ear, Nose &amp; Throat, PA: 6,376 exposed</title><link>https://myhealthconsent.org/breaches/marrs-ear-nose-throat-pa-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/marrs-ear-nose-throat-pa-2025/</guid><description>Marrs Ear, Nose &amp; Throat, PA (FL) filed a HIPAA breach notification with the HHS Office for Civil Rights on November 18, 2025, reporting 6,376 affected individuals in a Unauthorized Access/Disclosure event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed...</description><pubDate>Tue, 18 Nov 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Cary Pediatric Center, PA: Affected count pending exposed</title><link>https://myhealthconsent.org/breaches/cary-pediatric-center-pa-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/cary-pediatric-center-pa-2025/</guid><description>Cary Pediatric Center, PA — a Wake County, NC pediatric practice with offices in Cary, Apex, and Fuquay-Varina — reported a Hacking/IT Incident at Network Server to HHS OCR in late 2025. The entity says exposure was limited to recorded patient phone calls (name, date of birth, and PHI) and that electronic medical records were not impacted. The Qilin ransomware group later posted the practice to its data-leak site on January 17, 2026. 12 months of credit monitoring is being offered. Here is what parents and guardians should do.</description><pubDate>Mon, 17 Nov 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Qilin</category></item><item><title>St. John’s Riverside Hospital: 2,238 exposed</title><link>https://myhealthconsent.org/breaches/st-john-s-riverside-hospital-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/st-john-s-riverside-hospital-2025/</guid><description>St. John’s Riverside Hospital (NY) filed a HIPAA breach notification with the HHS Office for Civil Rights on November 14, 2025, reporting 2,238 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this p...</description><pubDate>Fri, 14 Nov 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Morton Drug Company: 40,051 exposed</title><link>https://myhealthconsent.org/breaches/morton-drug-company-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/morton-drug-company-2025/</guid><description>Morton Drug Company, an independent long-term care pharmacy in Wisconsin (operating as Morton LTC), filed a HIPAA breach notification with HHS OCR on November 10, 2025, reporting 40,051 affected individuals after an August 20, 2025 network intrusion. The Akira ransomware group later claimed responsibility on its leak site, asserting it exfiltrated roughly 22 GB of data. Exposed information included names, addresses, prescription details, and Social Security numbers for some individuals.</description><pubDate>Mon, 10 Nov 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Akira</category></item><item><title>Steven J. Pearlman MD PC: 10,182 exposed</title><link>https://myhealthconsent.org/breaches/steven-j-pearlman-md-pc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/steven-j-pearlman-md-pc-2025/</guid><description>Steven J. Pearlman MD PC (NY) filed a HIPAA breach notification with the HHS Office for Civil Rights on November 09, 2025, reporting 10,182 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on t...</description><pubDate>Sun, 09 Nov 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Healthcare Therapy Services, Inc.: 15,027 exposed</title><link>https://myhealthconsent.org/breaches/healthcare-therapy-services-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/healthcare-therapy-services-inc-2025/</guid><description>Healthcare Therapy Services, Inc. (IN) filed a HIPAA breach notification with the HHS Office for Civil Rights on November 08, 2025, reporting 15,027 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on t...</description><pubDate>Sat, 08 Nov 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Loving and Living Center, PC: 17,800 exposed</title><link>https://myhealthconsent.org/breaches/loving-and-living-center-pc-dba-awakenings-center-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/loving-and-living-center-pc-dba-awakenings-center-2025/</guid><description>Loving and Living Center, PC dba Awakenings Center, a Raleigh and Greensboro, North Carolina psychotherapy practice specializing in couples counseling, sex therapy, and individual mental health treatment, filed a HIPAA breach with HHS OCR on November 7, 2025 reporting 17,800 affected. Unauthorized access to electronic records exposed name, age, date of birth, gender, relationship status, employment status, city, and zip code. Multiple class-action investigations underway. Here is what to do.</description><pubDate>Fri, 07 Nov 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Marshfield Clinic Health System: 35,952 exposed</title><link>https://myhealthconsent.org/breaches/marshfield-clinic-health-system-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/marshfield-clinic-health-system-2025/</guid><description>Marshfield Clinic Health System disclosed a HIPAA breach to HHS OCR on November 7, 2025 affecting 35,952 current and former patients. Unauthorized access to employee email accounts on August 26–27, 2025 exposed names, contact details, dates of birth, insurance and medical record numbers, diagnosis and treatment information, lab results, and medications. Plaintiff firms are investigating class-action claims.</description><pubDate>Fri, 07 Nov 2025 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>Archer Health: 4,285 exposed</title><link>https://myhealthconsent.org/breaches/archer-health-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/archer-health-2025/</guid><description>Archer Health (CA) filed a HIPAA breach notification with the HHS Office for Civil Rights on November 06, 2025, reporting 4,285 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Thu, 06 Nov 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>KillSec (also reported as KillSecurity / KillSec3)</category></item><item><title>Northwoods Surgery Center: 5,385 exposed</title><link>https://myhealthconsent.org/breaches/northwoods-surgery-center-2026/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/northwoods-surgery-center-2026/</guid><description>Northwoods Surgery Center, a Virginia, Minnesota ambulatory surgery center joint venture between Fairview Range and Dr. Bridget Sundell, disclosed in November 2025 a July-September 2025 network intrusion exposing names, addresses, dates of birth, health insurance, medical record numbers, treating physician, dates of service, medications, diagnoses, and billing information for 5,385 patients. Complimentary credit monitoring offered. Here is what to do.</description><pubDate>Thu, 06 Nov 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>The Chase Group Employee Benefit Plan: 817 exposed</title><link>https://myhealthconsent.org/breaches/the-chase-group-employee-benefit-plan-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/the-chase-group-employee-benefit-plan-2025/</guid><description>The Chase Group Employee Benefit Plan (NM) filed a HIPAA breach notification with the HHS Office for Civil Rights on November 06, 2025, reporting 817 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disc...</description><pubDate>Thu, 06 Nov 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Denton MHMR Center: 108,967 exposed</title><link>https://myhealthconsent.org/breaches/denton-mhmr-center-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/denton-mhmr-center-2025/</guid><description>Denton County MHMR Center confirmed that an unauthorized third party accessed its network on December 24-25, 2024 and exposed names, Social Security numbers, financial information, and detailed mental-health treatment records for 108,967 current and former patients. The local mental-health authority posted a substitute notice in February 2025, completed its forensic review in October 2025, and filed with HHS OCR on November 5, 2025.</description><pubDate>Wed, 05 Nov 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Tampa Bay Treatment Associates: 3,682 exposed</title><link>https://myhealthconsent.org/breaches/tampa-bay-treatment-associates-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/tampa-bay-treatment-associates-2025/</guid><description>Tampa Bay Treatment Associates (FL) filed a HIPAA breach notification with the HHS Office for Civil Rights on November 05, 2025, reporting 3,682 affected individuals in a Theft event at Electronic Medical Record. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on...</description><pubDate>Wed, 05 Nov 2025 00:00:00 GMT</pubDate><category>physical-theft</category><category>ocr-open</category></item><item><title>Beverly Hills Oncology Medical Group: 57,655 exposed</title><link>https://myhealthconsent.org/breaches/beverly-hills-oncology-medical-group-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/beverly-hills-oncology-medical-group-2025/</guid><description>Beverly Hills Oncology Medical Group (CA) disclosed a network intrusion that ran February 7 to 11, 2025 and was not reported until October 31, 2025 — roughly eight months after detection. The HHS OCR portal lists 57,655 affected individuals. Names, Social Security numbers, government IDs, financial and insurance data, and oncology treatment records were potentially exfiltrated. Two class-action lawsuits were filed in Los Angeles Superior Court on November 7, 2025.</description><pubDate>Fri, 31 Oct 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category><category>Inc Ransom</category></item><item><title>Expert MRI: 209,560 exposed</title><link>https://myhealthconsent.org/breaches/expert-mri-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/expert-mri-2025/</guid><description>Expert MRI, a California diagnostic imaging provider with 15 locations, disclosed a PEAR ransomware attack that exposed protected health information for 209,560 patients. Unauthorized access ran June 2 to August 24, 2025; the group posted 617 GB of stolen data to its dark-web leak site on September 6, 2025.</description><pubDate>Fri, 31 Oct 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category><category>PEAR</category></item><item><title>Judson Center: 976 exposed</title><link>https://myhealthconsent.org/breaches/judson-center-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/judson-center-2025/</guid><description>Judson Center (MI) filed a HIPAA breach notification with the HHS Office for Civil Rights on October 31, 2025, reporting 976 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 31 Oct 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Tri Century Eye Care PC: 200,000 exposed</title><link>https://myhealthconsent.org/breaches/tri-century-eye-care-pc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/tri-century-eye-care-pc-2025/</guid><description>Tri-Century Eye Care PC, a Bucks County, Pennsylvania ophthalmology practice, suffered a Pear ransomware attack in September 2025 exposing 200,000 patients and employees. Data was leaked publicly. A class action is filed in Bucks County court with interim lead counsel appointed. Here is what to do.</description><pubDate>Fri, 31 Oct 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category><category>Pear</category></item><item><title>Hale Makua Health Services: 500 exposed</title><link>https://myhealthconsent.org/breaches/hale-makua-health-services-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/hale-makua-health-services-2025/</guid><description>Hale Makua Health Services (HI) filed a HIPAA breach notification with the HHS Office for Civil Rights on October 29, 2025, reporting 500 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on thi...</description><pubDate>Wed, 29 Oct 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Better Vision Eyecare, LLC: 501 exposed</title><link>https://myhealthconsent.org/breaches/better-vision-eyecare-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/better-vision-eyecare-llc-2025/</guid><description>Better Vision Eyecare, LLC (AZ) filed a HIPAA breach notification with the HHS Office for Civil Rights on October 28, 2025, reporting 501 affected individuals in a Unauthorized Access/Disclosure event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on t...</description><pubDate>Tue, 28 Oct 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Northwest Radiologists, Inc./Mount Baker Imaging: 362,713 exposed</title><link>https://myhealthconsent.org/breaches/northwest-radiologists-inc-mount-baker-imaging-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/northwest-radiologists-inc-mount-baker-imaging-2025/</guid><description>Northwest Radiologists and Mount Baker Imaging suffered a January 2025 ransomware attack exposing 362,713 patients&apos; SSNs, driver&apos;s licenses, banking data, and clinical records. A $3.3M class-action settlement was preliminarily approved April 21, 2026 — claim deadline is August 19, 2026. Here is what to do.</description><pubDate>Tue, 28 Oct 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>Health Management Systems of America: 4,213 exposed</title><link>https://myhealthconsent.org/breaches/health-management-systems-of-america-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/health-management-systems-of-america-2025/</guid><description>Health Management Systems of America (MI) filed a HIPAA breach notification with the HHS Office for Civil Rights on October 27, 2025, reporting 4,213 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on...</description><pubDate>Mon, 27 Oct 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>REACH, Inc: 1,195 exposed</title><link>https://myhealthconsent.org/breaches/reach-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/reach-inc-2025/</guid><description>REACH, Inc (AK) filed a HIPAA breach notification with the HHS Office for Civil Rights on October 27, 2025, reporting 1,195 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Mon, 27 Oct 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>VirMedice, LLC: 1,000 exposed</title><link>https://myhealthconsent.org/breaches/virmedice-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/virmedice-llc-2025/</guid><description>VirMedice, LLC (AZ) filed a HIPAA breach notification with the HHS Office for Civil Rights on October 25, 2025, reporting 1,000 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Sat, 25 Oct 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Fairbanks Urology: 1,446 exposed</title><link>https://myhealthconsent.org/breaches/fairbanks-urology-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/fairbanks-urology-2025/</guid><description>Fairbanks Urology (AK) filed a HIPAA breach notification with the HHS Office for Civil Rights on October 24, 2025, reporting 1,446 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 24 Oct 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Physicians to Children &amp; Adolescents: 9,536 exposed</title><link>https://myhealthconsent.org/breaches/physicians-to-children-adolescents-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/physicians-to-children-adolescents-2025/</guid><description>Physicians to Children &amp; Adolescents (KY) filed a HIPAA breach notification with the HHS Office for Civil Rights on October 24, 2025, reporting 9,536 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disc...</description><pubDate>Fri, 24 Oct 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Southwest Urology: 1,310 exposed</title><link>https://myhealthconsent.org/breaches/southwest-urology-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/southwest-urology-2025/</guid><description>Southwest Urology (OH) filed a HIPAA breach notification with the HHS Office for Civil Rights on October 24, 2025, reporting 1,310 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 24 Oct 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Legacy Health, LLC: 6,547 exposed</title><link>https://myhealthconsent.org/breaches/legacy-health-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/legacy-health-llc-2025/</guid><description>Legacy Health, LLC (TX) filed a HIPAA breach notification with the HHS Office for Civil Rights on October 23, 2025, reporting 6,547 affected individuals in a Unauthorized Access/Disclosure event at Electronic Medical Record. The HHS OCR portal entry is the primary public record; further details are not yet publicly...</description><pubDate>Thu, 23 Oct 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Michael R. Schwartz, MD Inc.: 9,809 exposed</title><link>https://myhealthconsent.org/breaches/michael-r-schwartz-md-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/michael-r-schwartz-md-inc-2025/</guid><description>Michael R. Schwartz, MD Inc. (CA) filed a HIPAA breach notification with the HHS Office for Civil Rights on October 23, 2025, reporting 9,809 affected individuals in a Hacking/IT Incident event at Desktop Computer. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed...</description><pubDate>Thu, 23 Oct 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Express Canna Cards, LLC: 5,000 exposed</title><link>https://myhealthconsent.org/breaches/express-canna-cards-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/express-canna-cards-llc-2025/</guid><description>Express Canna Cards, LLC (FL) filed a HIPAA breach notification with the HHS Office for Civil Rights on October 20, 2025, reporting 5,000 affected individuals in a Unauthorized Access/Disclosure event at Electronic Medical Record. The HHS OCR portal entry is the primary public record; further details are not yet pub...</description><pubDate>Mon, 20 Oct 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Heartland Health Center, Inc.: 43,728 exposed</title><link>https://myhealthconsent.org/breaches/heartland-health-center-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/heartland-health-center-2025/</guid><description>Heartland Health Center, a Nebraska Federally Qualified Health Center (FQHC) with clinics in Grand Island, Ravenna, and Hastings, disclosed a February 2025 MEDUSA ransomware attack affecting 43,728 patients. Names, Social Security numbers, driver&apos;s license numbers, financial information, and medical information exposed. Multiple plaintiffs&apos; firms investigating class actions. Here is what to do.</description><pubDate>Fri, 17 Oct 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category></item><item><title>Modernizing Medicine, Inc.: 198,795 exposed</title><link>https://myhealthconsent.org/breaches/modernizing-medicine-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/modernizing-medicine-inc-2025/</guid><description>Modernizing Medicine, Inc. (ModMed) — a Boca Raton specialty-EHR business associate — disclosed a July 9-10, 2025 intrusion of servers tied to its podiatry vertical, exposing names, SSNs, and clinical detail for 198,795 individuals downstream of its provider customers. Notifications mailed October 17, 2025; some data offered for sale on a dark-web forum. Here is what to do.</description><pubDate>Fri, 17 Oct 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>North Atlantic States Carpenters Health Benefits Fund: 501 exposed</title><link>https://myhealthconsent.org/breaches/north-atlantic-states-carpenters-health-benefits-fund-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/north-atlantic-states-carpenters-health-benefits-fund-2025/</guid><description>North Atlantic States Carpenters Health Benefits Fund (MA) filed a HIPAA breach notification with the HHS Office for Civil Rights on October 17, 2025, reporting 501 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not ye...</description><pubDate>Fri, 17 Oct 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>River City Eye Care, LLC: 6,588 exposed</title><link>https://myhealthconsent.org/breaches/river-city-eye-care-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/river-city-eye-care-llc-2025/</guid><description>River City Eye Care, LLC (OR) filed a HIPAA breach notification with the HHS Office for Civil Rights on October 16, 2025, reporting 6,588 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on thi...</description><pubDate>Thu, 16 Oct 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Coalesce, LLC dba BenefitElect: 501 exposed</title><link>https://myhealthconsent.org/breaches/coalesce-llc-dba-benefitelect-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/coalesce-llc-dba-benefitelect-2025/</guid><description>BenefitElect, an Arizona-based benefits-administration vendor (HIPAA business associate), filed a HIPAA breach notification with HHS OCR on October 15, 2025 after an unauthorized actor exploited a CrushFTP vulnerability (CVE-2025-31161) to access and exfiltrate files containing names, Social Security numbers, dates of birth, addresses, and financial account information.</description><pubDate>Wed, 15 Oct 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>KillSec (also known as Kill Security / Kill ransomware group)</category></item><item><title>Visiting Nurse Association of Texas, LLC: 28,515 exposed</title><link>https://myhealthconsent.org/breaches/visiting-nurse-association-of-texas-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/visiting-nurse-association-of-texas-llc-2025/</guid><description>Visiting Nurse Association of Texas, LLC (VNA Texas) — the Dallas-based home health, hospice, palliative care, and Meals on Wheels nonprofit — filed a Hacking/IT Incident report with HHS OCR on October 10, 2025 covering 28,515 individuals after an unauthorized third party accessed employee email accounts in July 2025. The substitute notice and Texas AG filing followed on January 30, 2026, confirming exposure of Social Security numbers, driver&apos;s license numbers, dates of birth, medical information, and health insurance information. Plaintiff firms are investigating. Here is what affected patients and families should do.</description><pubDate>Fri, 10 Oct 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Bay Medical LLC: 1,483 exposed</title><link>https://myhealthconsent.org/breaches/bay-medical-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/bay-medical-llc-2025/</guid><description>Bay Medical LLC (MD) filed a HIPAA breach notification with the HHS Office for Civil Rights on October 09, 2025, reporting 1,483 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Thu, 09 Oct 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Conduent Business Services LLC: 42,616 exposed</title><link>https://myhealthconsent.org/breaches/conduent-business-services-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/conduent-business-services-llc-2025/</guid><description>Conduent Business Services LLC, a New Jersey-based business associate and BPO contractor for Blue Cross plans, Humana, and state agencies, filed a HIPAA breach notification with HHS OCR on October 8, 2025 for 42,616 individuals. The figure is a placeholder. Reporting and state filings now place the actual scope at 10.5 million confirmed and an internal estimate of 25 million or more, after the SafePay ransomware group claimed 8.5 TB of stolen data from an intrusion that ran October 21, 2024 to January 13, 2025.</description><pubDate>Wed, 08 Oct 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category><category>SafePay ransomware group</category></item><item><title>Wellpoint, Inc.: 579 exposed</title><link>https://myhealthconsent.org/breaches/wellpoint-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/wellpoint-inc-2025/</guid><description>Wellpoint, Inc. (IN) filed a HIPAA breach notification with the HHS Office for Civil Rights on October 07, 2025, reporting 579 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Tue, 07 Oct 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Cardiovascular Medicine Associates (doing business as MyCardiologist): 2,248 exposed</title><link>https://myhealthconsent.org/breaches/cardiovascular-medicine-associates-doing-business-as-mycardiologist-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/cardiovascular-medicine-associates-doing-business-as-mycardiologist-2025/</guid><description>Cardiovascular Medicine Associates (doing business as MyCardiologist) (FL) filed a HIPAA breach notification with the HHS Office for Civil Rights on October 06, 2025, reporting 2,248 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details a...</description><pubDate>Mon, 06 Oct 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>OB-GYN Associates, Ltd. dba OBGYN Associates: 62,238 exposed</title><link>https://myhealthconsent.org/breaches/ob-gyn-associates-ltd-dba-obgyn-associates-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/ob-gyn-associates-ltd-dba-obgyn-associates-2025/</guid><description>OB-GYN Associates, Ltd. (Reno, Nevada) disclosed an August 2025 INC Ransom ransomware attack that exposed names, Social Security numbers, driver&apos;s license numbers, bank account and routing numbers, and reproductive-health medical information for 62,238 patients, including minors. Filed with HHS OCR on October 6, 2025. 12 months credit monitoring offered via TransUnion. Here is what to do.</description><pubDate>Mon, 06 Oct 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>INC Ransom</category></item><item><title>Sierra Vista Hospital &amp; Clinics: 75,054 exposed</title><link>https://myhealthconsent.org/breaches/sierra-vista-hospital-clinics-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/sierra-vista-hospital-clinics-2025/</guid><description>Sierra Vista Hospital &amp; Clinics, the only hospital in Truth or Consequences, New Mexico, disclosed a January 2025 network intrusion that exposed names, Social Security numbers, dates of birth, driver&apos;s license numbers, medical records, and health insurance details for 75,054 individuals. Here is what to do.</description><pubDate>Mon, 06 Oct 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Space Coast Vascular: 18,819 exposed</title><link>https://myhealthconsent.org/breaches/space-coast-vascular-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/space-coast-vascular-2025/</guid><description>Space Coast Vascular, a Melbourne, Florida vascular and venous health diagnostic laboratory, confirmed a January 13, 2025 cyberattack on its network server. An August 7, 2025 investigation determined names, dates of birth, Social Security numbers, driver&apos;s license numbers, medical treatment information, health insurance information, and financial account information for 18,819 individuals were accessed. The breach was reported to HHS OCR on October 6, 2025. Multiple plaintiff firms are investigating.</description><pubDate>Mon, 06 Oct 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Brightstar Global Solutions Corporation: 103,879 exposed</title><link>https://myhealthconsent.org/breaches/brightstar-global-solutions-corporation-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/brightstar-global-solutions-corporation-2025/</guid><description>Brightstar Global Solutions Corporation, the Rhode Island lottery technology operator formerly part of IGT, filed an HHS OCR breach on October 3, 2025 affecting 103,879 individuals. Unauthorized access was discovered November 17, 2024 and the data review completed August 21, 2025 — an eleven-month notification gap. Exposed data per state AG notices includes names, dates of birth, government IDs, Social Security numbers, financial account information, and health data. Kroll identity monitoring offered. Multiple plaintiffs&apos; firms investigating. Here is what to do.</description><pubDate>Fri, 03 Oct 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>CareSTL Health, Inc.: 501 exposed</title><link>https://myhealthconsent.org/breaches/carestl-health-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/carestl-health-inc-2025/</guid><description>CareSTL Health, Inc., a Federally Qualified Health Center serving roughly 30,000 patients across north St. Louis, filed a HIPAA breach notification with the HHS Office for Civil Rights on October 3, 2025, reporting 501 affected individuals from a network-server hacking incident. The Cephalus ransomware group claimed responsibility, alleging exfiltration of more than 500 GB of data.</description><pubDate>Fri, 03 Oct 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Cephalus ransomware group</category></item><item><title>Harris County Hospital District d/b/a Harris Health: 5,357 exposed</title><link>https://myhealthconsent.org/breaches/harris-county-hospital-district-d-b-a-harris-health-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/harris-county-hospital-district-d-b-a-harris-health-2025/</guid><description>Harris County Hospital District d/b/a Harris Health (TX) filed a HIPAA breach notification with the HHS Office for Civil Rights on October 03, 2025, reporting 5,357 affected individuals in a Unauthorized Access/Disclosure event at Electronic Medical Record. The HHS OCR portal entry is the primary public record; furt...</description><pubDate>Fri, 03 Oct 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Southwest C.A.R.E. Center: 21,866 exposed</title><link>https://myhealthconsent.org/breaches/southwest-c-a-r-e-center-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/southwest-c-a-r-e-center-2025/</guid><description>Southwest C.A.R.E. Center, a Santa Fe nonprofit specializing in HIV, Hepatitis C, STI, and LGBTQ+ health care, filed a HIPAA breach notification with HHS OCR on October 03, 2025, reporting 21,866 affected individuals after a Hacking/IT Incident at Network Server. The Medusa ransomware group claimed responsibility and posted 143.9 GB of exfiltrated data on its dark-web leak site. A class-action lawsuit has been filed in New Mexico&apos;s First Judicial District Court in Santa Fe.</description><pubDate>Fri, 03 Oct 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category><category>Medusa</category></item><item><title>Harbor: 216,000 exposed</title><link>https://myhealthconsent.org/breaches/harbor-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/harbor-2025/</guid><description>Harbor, the Toledo-based nonprofit behavioral health and substance use disorder provider serving 30,000+ Ohioans annually, disclosed a July 25–August 1, 2025 network intrusion exposing names, Social Security numbers, driver&apos;s licenses, financial accounts, and mental health/SUD treatment records for 216,000 individuals. 42 CFR Part 2 applies. Federman &amp; Sherwood is investigating. Here is what to do.</description><pubDate>Tue, 30 Sep 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Weekend Health, LLC: 1,643 exposed</title><link>https://myhealthconsent.org/breaches/weekend-health-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/weekend-health-llc-2025/</guid><description>Weekend Health, LLC (NY) filed a HIPAA breach notification with the HHS Office for Civil Rights on September 30, 2025, reporting 1,643 affected individuals in a Unauthorized Access/Disclosure event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclose...</description><pubDate>Tue, 30 Sep 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Arizona Health Care Cost Containment System- State Medicaid Agency: 3,177 exposed</title><link>https://myhealthconsent.org/breaches/arizona-health-care-cost-containment-system-state-medicaid-agency-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/arizona-health-care-cost-containment-system-state-medicaid-agency-2025/</guid><description>The Arizona Health Care Cost Containment System (AHCCCS), Arizona&apos;s state Medicaid agency, notified 3,177 members on September 26, 2025 that a human error preparing a Constant Contact email distribution list caused enrollment letters to be sent to the wrong recipients. Names, AHCCCS ID numbers, and health plan names were disclosed. Filed with HHS OCR on October 3, 2025.</description><pubDate>Fri, 26 Sep 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Intercommunity Action Inc.: 2,680 exposed</title><link>https://myhealthconsent.org/breaches/intercommunity-action-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/intercommunity-action-inc-2025/</guid><description>Intercommunity Action Inc. (PA) filed a HIPAA breach notification with the HHS Office for Civil Rights on September 26, 2025, reporting 2,680 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on...</description><pubDate>Fri, 26 Sep 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Rockhill Women&apos;s Care: 70,129 exposed</title><link>https://myhealthconsent.org/breaches/rockhill-women-s-care-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/rockhill-women-s-care-2025/</guid><description>Rockhill Women&apos;s Care, an OB-GYN practice with offices in Lee&apos;s Summit, Missouri and Overland Park, Kansas, detected a network intrusion on February 26, 2025. The Qilin ransomware group claimed responsibility days later and leaked a 20 GB sample of reproductive-health records. Notification letters went to 70,129 patients on or around September 30, 2025.</description><pubDate>Thu, 25 Sep 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Qilin</category></item><item><title>Susan B. Allen Memorial Hospital: 11,866 exposed</title><link>https://myhealthconsent.org/breaches/susan-b-allen-memorial-hospital-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/susan-b-allen-memorial-hospital-2025/</guid><description>Susan B. Allen Memorial Hospital (KS) filed a HIPAA breach notification with the HHS Office for Civil Rights on September 25, 2025, reporting 11,866 affected individuals in a Hacking/IT Incident event at Desktop Computer, Network Server. The HHS OCR portal entry is the primary public record; further details are not...</description><pubDate>Thu, 25 Sep 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Valley Radiology: 1,166 exposed</title><link>https://myhealthconsent.org/breaches/valley-radiology-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/valley-radiology-2025/</guid><description>Valley Radiology (CA) filed a HIPAA breach notification with the HHS Office for Civil Rights on September 25, 2025, reporting 1,166 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Thu, 25 Sep 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Doctors Imaging Group: 171,862 exposed</title><link>https://myhealthconsent.org/breaches/doctors-imaging-group-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/doctors-imaging-group-2025/</guid><description>Doctors Imaging Group, a physician-owned radiology practice in Gainesville and Palatka, Florida, filed a HIPAA breach notification with HHS OCR on September 24, 2025, reporting 171,862 affected individuals. Unauthorized actors accessed its network November 5-11, 2024, copying files containing names, addresses, dates of birth, Social Security numbers, financial account numbers, medical record numbers, health insurance information, and treatment and claims information. Here is what to do.</description><pubDate>Wed, 24 Sep 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Philadelphia Corporation for Aging: 410,491 exposed</title><link>https://myhealthconsent.org/breaches/philadelphia-corporation-for-aging-pca-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/philadelphia-corporation-for-aging-pca-2025/</guid><description>Philadelphia&apos;s Area Agency on Aging reported a HIPAA breach on Sep 23, 2025 covering 410,491 individuals after a June 11–July 25, 2025 network intrusion. SSNs, addresses, medical diagnosis records, and state ID information were exposed. Notice letters mailed Nov 4, 2025 with 12 months of TransUnion Cyberscout monitoring. Multiple class-action firms investigating.</description><pubDate>Tue, 23 Sep 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>City of St. Joseph, MO Health Department: 11,538 exposed</title><link>https://myhealthconsent.org/breaches/city-of-st-joseph-mo-health-department-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/city-of-st-joseph-mo-health-department-2025/</guid><description>The City of St. Joseph (Missouri) Health Department filed a HIPAA breach notification with the HHS Office for Civil Rights on September 22, 2025, reporting 11,538 affected individuals after a June 9, 2025 network intrusion. Names, dates of birth, Social Security numbers, driver&apos;s license and passport numbers, and medical diagnosis and treatment information were potentially acquired. The City is offering complimentary credit monitoring and identity theft protection.</description><pubDate>Mon, 22 Sep 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category></item><item><title>Healthcare Interactive: 501 exposed</title><link>https://myhealthconsent.org/breaches/healthcare-interactive-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/healthcare-interactive-2025/</guid><description>Healthcare Interactive (MD) filed a HIPAA breach notification with the HHS Office for Civil Rights on September 22, 2025, reporting 501 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this...</description><pubDate>Mon, 22 Sep 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Veradigm LLC: 2,672,036 exposed</title><link>https://myhealthconsent.org/breaches/veradigm-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/veradigm-llc-2025/</guid><description>Veradigm (formerly Allscripts) is a Chicago healthcare IT vendor whose storage account was accessed via credentials stolen from a client during a Rhysida ransomware attack in December 2024. 2,672,036 patients of downstream provider customers were affected. The Goodrum class action has a $10.5M settlement in preliminary approval.</description><pubDate>Mon, 22 Sep 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category><category>Rhysida</category></item><item><title>Health &amp; Palliative Services of the Treasure Coast, Inc d/b/a Treasure Coast Hospice  (“Treasure Health ”): 13,230 exposed</title><link>https://myhealthconsent.org/breaches/health-palliative-services-of-the-treasure-coast-inc-d-b-a-treasure-coast-hospic-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/health-palliative-services-of-the-treasure-coast-inc-d-b-a-treasure-coast-hospic-2025/</guid><description>Health &amp; Palliative Services of the Treasure Coast, Inc d/b/a Treasure Coast Hospice  (“Treasure Health ”) (FL) filed a HIPAA breach notification with the HHS Office for Civil Rights on September 19, 2025, reporting 13,230 affected individuals in a Unauthorized Access/Disclosure event at Email. The HHS OCR portal en...</description><pubDate>Fri, 19 Sep 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>People Encouraging People: 13,083 exposed</title><link>https://myhealthconsent.org/breaches/people-encouraging-people-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/people-encouraging-people-2025/</guid><description>People Encouraging People (MD) filed a HIPAA breach notification with the HHS Office for Civil Rights on September 19, 2025, reporting 13,083 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on...</description><pubDate>Fri, 19 Sep 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Ennoble Care &amp; Circa Health, LLC: 36,332 exposed</title><link>https://myhealthconsent.org/breaches/ennoble-care-circa-health-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/ennoble-care-circa-health-llc-2025/</guid><description>Ennoble Care &amp; Circa Health, LLC, a Hackensack, NJ-based home-based primary care, palliative care, and hospice provider, disclosed an employee email account compromise discovered April 17, 2025 and filed with HHS OCR on September 18, 2025, reporting 36,332 affected individuals. Exposed data included names, addresses, dates of birth, and hospice and clinical-order status. Shamis &amp; Gentile is investigating, and a federal class action (Pagan v. Ennoble Care LLC) has been filed in the District of New Jersey. Here is what to do.</description><pubDate>Thu, 18 Sep 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>Sun Valley Surgery Center: 27,001 exposed</title><link>https://myhealthconsent.org/breaches/sun-valley-surgery-center-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/sun-valley-surgery-center-2025/</guid><description>Sun Valley Surgery Center, the North Las Vegas pediatric dental surgery facility, identified anomalous activity in its information systems on September 3, 2025 and filed a HIPAA breach notification with the HHS Office for Civil Rights on September 18, 2025. A forensic investigation confirmed an unauthorized third party accessed parts of the network where 27,001 individuals&apos; Social Security numbers, government IDs, and medical information were stored. Plaintiff firms have opened class-action investigations.</description><pubDate>Thu, 18 Sep 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Navesink Rehab: 1,428 exposed</title><link>https://myhealthconsent.org/breaches/navesink-rehab-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/navesink-rehab-2025/</guid><description>Navesink Rehab (NJ) filed a HIPAA breach notification with the HHS Office for Civil Rights on September 17, 2025, reporting 1,428 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Wed, 17 Sep 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Trusteed Plan Services Corporation: 7,977 exposed</title><link>https://myhealthconsent.org/breaches/trusteed-plan-services-corporation-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/trusteed-plan-services-corporation-2025/</guid><description>Trusteed Plan Services Corporation (WA) filed a HIPAA breach notification with the HHS Office for Civil Rights on September 17, 2025, reporting 7,977 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disc...</description><pubDate>Wed, 17 Sep 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Survival Flight, Inc.: 97,217 exposed</title><link>https://myhealthconsent.org/breaches/survival-flight-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/survival-flight-inc-2025/</guid><description>Survival Flight, Inc., a Chandler, Arizona–registered air and ground emergency medical transport provider, discovered a July 17, 2025 cyberattack and filed a HIPAA breach report with HHS OCR on September 15, 2025 covering 97,217 individuals. The Worldleaks ransomware group (formerly Hunters International) claimed responsibility and published roughly 2.8 TB of stolen files on its dark-web leak site. Survival Flight is offering 24 months of complimentary Cyberscout (TransUnion) credit monitoring; two plaintiff firms have publicly announced investigations.</description><pubDate>Mon, 15 Sep 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Worldleaks (formerly Hunters International)</category></item><item><title>Sandhills Medical Foundation: 169,017 exposed</title><link>https://myhealthconsent.org/breaches/sandhills-medical-foundation-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/sandhills-medical-foundation-2025/</guid><description>Sandhills Medical Foundation, a federally qualified health center serving rural counties in South Carolina, suffered an INC Ransom ransomware intrusion from May 2-8, 2025 in which Social Security numbers, driver&apos;s license numbers, passport numbers, financial information, and protected health information for 169,017 individuals were exfiltrated. Individual notifications were not mailed until April 28, 2026, and INC Ransom released the stolen data publicly on June 15, 2026. Here is what to do.</description><pubDate>Sun, 14 Sep 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category><category>INC Ransom</category></item><item><title>North Penn Comprehensive Health Services d.b.a Laurel Health Centers: 991 exposed</title><link>https://myhealthconsent.org/breaches/north-penn-comprehensive-health-services-d-b-a-laurel-health-centers-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/north-penn-comprehensive-health-services-d-b-a-laurel-health-centers-2025/</guid><description>North Penn Comprehensive Health Services d.b.a Laurel Health Centers (PA) filed a HIPAA breach notification with the HHS Office for Civil Rights on September 12, 2025, reporting 991 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details ar...</description><pubDate>Fri, 12 Sep 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Saint Anthony Hospital: 6,679 exposed</title><link>https://myhealthconsent.org/breaches/saint-anthony-hospital-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/saint-anthony-hospital-2025/</guid><description>Saint Anthony Hospital (IL) filed a HIPAA breach notification with the HHS Office for Civil Rights on September 12, 2025, reporting 6,679 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 12 Sep 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Franklin Dermatology Group, PLC: 2,457 exposed</title><link>https://myhealthconsent.org/breaches/franklin-dermatology-group-plc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/franklin-dermatology-group-plc-2025/</guid><description>Franklin Dermatology Group, PLC (TN) filed a HIPAA breach notification with the HHS Office for Civil Rights on September 11, 2025, reporting 2,457 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclos...</description><pubDate>Thu, 11 Sep 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>PGA Development, Inc.: 23,899 exposed</title><link>https://myhealthconsent.org/breaches/pga-development-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/pga-development-inc-2025/</guid><description>PGA Development, Inc., the corporate operator of Pittsburgh Gastroenterology Associates (PGA) and South Hills Endoscopy Center in Pennsylvania, filed a HIPAA breach notification with the HHS Office for Civil Rights on September 10, 2025, reporting 23,899 affected individuals in a Hacking/IT Incident at a network server. PGA detected a network disruption on August 12, 2025; the Sinobi ransomware group later claimed responsibility on August 20, 2025 and posted PGA on its dark-web leak site. PGA&apos;s notice describes exposure of names, dates of birth, phone numbers, email addresses, health insurance information, and diagnosis/condition data; the practice states Social Security numbers, financial information, and its electronic medical record system were not involved. At least five proposed class actions have been filed and are expected to be consolidated in the Allegheny County Court of Common Pleas.</description><pubDate>Wed, 10 Sep 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category></item><item><title>Huron Regional Medical Center, Inc.: 25,398 exposed</title><link>https://myhealthconsent.org/breaches/huron-regional-medical-center-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/huron-regional-medical-center-inc-2025/</guid><description>Huron Regional Medical Center, a 25-bed critical-access hospital in Huron, South Dakota, detected an intrusion on May 31, 2025, completed its file review on August 21, 2025, and began mailing notification letters on September 9, 2025 to 25,398 patients whose names, Social Security numbers, Medicare/Medicaid numbers, diagnoses, lab results, prescription information, and financial account data were exposed. The BEAST ransomware group claimed responsibility and asserted it had exfiltrated 800 GB of HRMC data. Twelve months of complimentary single-bureau credit monitoring is offered through Cyberscout.</description><pubDate>Tue, 09 Sep 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>BEAST</category></item><item><title>Coos County Family Health Services: 40,185 exposed</title><link>https://myhealthconsent.org/breaches/coos-county-family-health-services-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/coos-county-family-health-services-2025/</guid><description>Coos County Family Health Services, a federally qualified health center in Berlin, NH, was hit by the RunSomeWarez ransomware group on July 9, 2025. The incident exposed names, Social Security numbers, dates of birth, contact information, medical record numbers, and treatment information for 40,185 patients. CCFHS reported the breach to HHS OCR on September 5, 2025, mailed notification letters October 9, 2025, and has reached a $750,000 class-action settlement pending final approval.</description><pubDate>Fri, 05 Sep 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>settled</category><category>RunSomeWarez</category></item><item><title>Medical Associates of Brevard, LLC: 246,711 exposed</title><link>https://myhealthconsent.org/breaches/medical-associates-of-brevard-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/medical-associates-of-brevard-llc-2025/</guid><description>Medical Associates of Brevard, the Melbourne, FL multi-specialty physician group, confirmed a January 17, 2025 cyberattack by the BianLian ransomware group exposed names, Social Security numbers, driver&apos;s license data, medical treatment, insurance, and financial account information for 246,711 patients. A $300,000 class settlement received final approval on December 16, 2025.</description><pubDate>Fri, 05 Sep 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>settled</category><category>BianLian</category></item><item><title>Somerset County Children and Youth Services: 2,251 exposed</title><link>https://myhealthconsent.org/breaches/somerset-county-children-and-youth-services-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/somerset-county-children-and-youth-services-2025/</guid><description>Somerset County Children and Youth Services (PA) filed a HIPAA breach notification with the HHS Office for Civil Rights on September 05, 2025, reporting 2,251 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disc...</description><pubDate>Fri, 05 Sep 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Twin Cities Pain Clinic: 3,572 exposed</title><link>https://myhealthconsent.org/breaches/twin-cities-pain-clinic-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/twin-cities-pain-clinic-2025/</guid><description>Twin Cities Pain Clinic (MN) filed a HIPAA breach notification with the HHS Office for Civil Rights on September 04, 2025, reporting 3,572 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Thu, 04 Sep 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Retina Florida MSO, LLC: 152,691 exposed</title><link>https://myhealthconsent.org/breaches/retina-group-of-florida-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/retina-group-of-florida-2025/</guid><description>Retina Florida MSO, LLC d/b/a Retina Group of Florida disclosed a November 2024 hacking incident that exposed protected health information for 152,691 patients across its Florida retinal-specialty practice. The HIPAA breach was filed with HHS OCR on September 3, 2025, and multiple plaintiff firms have opened class-action investigations. Here is what to do.</description><pubDate>Wed, 03 Sep 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Teamsters Union 25 Health Services &amp; Insurance Plan: 19,231 exposed</title><link>https://myhealthconsent.org/breaches/teamsters-union-25-health-services-insurance-plan-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/teamsters-union-25-health-services-insurance-plan-2025/</guid><description>Teamsters Union 25 Health Services &amp; Insurance Plan (MA) filed a HIPAA breach notification with HHS OCR on September 3, 2025, after detecting unauthorized network activity on August 1, 2025. The Plan reports 19,231 affected individuals. Names, Social Security numbers, member IDs, health information, and health insurance information were exposed. Twelve months of TransUnion/Cyberscout credit monitoring offered. Multiple plaintiffs&apos; firms have opened class-action investigations.</description><pubDate>Wed, 03 Sep 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>La Perouse, LLC: 501 exposed</title><link>https://myhealthconsent.org/breaches/la-perouse-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/la-perouse-llc-2025/</guid><description>La Perouse, LLC (NV) filed a HIPAA breach notification with the HHS Office for Civil Rights on September 02, 2025, reporting 501 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Tue, 02 Sep 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>North Oaks Health System: 6,243 exposed</title><link>https://myhealthconsent.org/breaches/north-oaks-health-system-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/north-oaks-health-system-2025/</guid><description>North Oaks Health System (LA) filed a HIPAA breach notification with the HHS Office for Civil Rights on September 02, 2025, reporting 6,243 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Tue, 02 Sep 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Anthony L. Jordan Health Corporation: 2,974 exposed</title><link>https://myhealthconsent.org/breaches/anthony-l-jordan-health-corporation-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/anthony-l-jordan-health-corporation-2025/</guid><description>Anthony L. Jordan Health Corporation (Jordan Health), the Rochester, NY federally qualified health center, filed a HIPAA breach notification with HHS OCR on August 29, 2025 reporting 2,974 affected individuals. A phishing attack compromised the email, OneDrive, and SharePoint accounts of three employees with unauthorized access occurring at various points between April 30, 2025 and July 9, 2025. Exposed data includes names, dates of birth, medical record numbers, provider names, dates of service, and health insurance information.</description><pubDate>Fri, 29 Aug 2025 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>Carrollton Ear, Nose and Throat, PC: 3,569 exposed</title><link>https://myhealthconsent.org/breaches/carrollton-ear-nose-and-throat-pc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/carrollton-ear-nose-and-throat-pc-2025/</guid><description>Carrollton Ear, Nose and Throat, PC, a Carrollton, Georgia ENT practice, was hit by the INC Ransom extortion group, which claimed the attack on its data-leak site on August 5, 2025. The practice filed a HIPAA breach notification with HHS OCR on August 29, 2025, reporting 3,569 affected individuals in a Hacking/IT Incident at Network Server. Plaintiff-side firms have opened class-action investigations; exposed data is reported to include names, Social Security numbers, and medical or health information.</description><pubDate>Fri, 29 Aug 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>INC Ransom (also reported as incransom)</category></item><item><title>Reimagine Network: 4,799 exposed</title><link>https://myhealthconsent.org/breaches/reimagine-network-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/reimagine-network-2025/</guid><description>Reimagine Network (CA) filed a HIPAA breach notification with the HHS Office for Civil Rights on August 29, 2025, reporting 4,799 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 29 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>University of Iowa Community Home Care: 109,029 exposed</title><link>https://myhealthconsent.org/breaches/university-of-iowa-community-home-care-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/university-of-iowa-community-home-care-2025/</guid><description>UI Community HomeCare detected unauthorized access to its network on July 3, 2025 and mailed notification letters on August 29, 2025. The HHS OCR portal lists 109,029 individuals under UICHC&apos;s entry; the combined UI Health Care and UICHC notification population is approximately 211,000. SSNs, medical record numbers, and insurance data were potentially exposed. Here is what to do.</description><pubDate>Fri, 29 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>University of Iowa Health Care: 101,875 exposed</title><link>https://myhealthconsent.org/breaches/university-of-iowa-health-care-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/university-of-iowa-health-care-2025/</guid><description>University of Iowa Health Care (UIHC), the academic medical center in Iowa City, filed a HIPAA breach notification with HHS OCR on August 29, 2025 reporting 101,875 affected individuals. The filing is the UIHC half of a single July 3, 2025 network intrusion at affiliate UI Community HomeCare; a parallel OCR entry for UI Community Home Care covers an additional 109,029 individuals, for a combined population the entity describes as approximately 211,000. At least eight class actions have been filed.</description><pubDate>Fri, 29 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>Greater Pittsburgh Orthopaedic Associates: 35,000 exposed</title><link>https://myhealthconsent.org/breaches/greater-pittsburgh-orthopaedics-associates-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/greater-pittsburgh-orthopaedics-associates-2025/</guid><description>Greater Pittsburgh Orthopaedic Associates (GPOA), a Pittsburgh-area orthopedic practice, filed a HIPAA breach notification with HHS OCR on August 27, 2025 reporting 35,000 affected individuals; later reporting and the entity&apos;s substitute notice put the final count at 56,954. Suspicious network activity was detected on August 10, 2025 and the RansomHouse ransomware group claimed responsibility. Individual notification letters mailed on or around February 5, 2026 disclosed exposure of names, mailing addresses, Social Security numbers, and provider names, and GPOA is offering 24 months of single-bureau credit monitoring through Cyberscout. A consolidated class action is pending in the Allegheny County Court of Common Pleas.</description><pubDate>Wed, 27 Aug 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category><category>RansomHouse</category></item><item><title>Assisted Living Pharmacy Service, LLC: 5,590 exposed</title><link>https://myhealthconsent.org/breaches/assisted-living-pharmacy-service-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/assisted-living-pharmacy-service-llc-2025/</guid><description>Assisted Living Pharmacy Service, LLC (ALPS), a Wisconsin long-term care pharmacy, disclosed a Qilin ransomware intrusion that exposed Social Security numbers, driver&apos;s license numbers, diagnoses, medications, lab results, insurance, and payment card data for 5,590 patients served between January 2024 and June 2025. The actor was inside the network June 25-27, 2025; ALPS filed with HHS OCR on August 25, 2025.</description><pubDate>Mon, 25 Aug 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Qilin ransomware group (claimed responsibility on dark-web leak site August 12, 2025; alleged 150 GB of exfiltrated data with proof-screenshots)</category></item><item><title>College Hometown Pharmacy: 9,742 exposed</title><link>https://myhealthconsent.org/breaches/college-hometown-pharmacy-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/college-hometown-pharmacy-2025/</guid><description>College Hometown Pharmacy, operated by Albany College of Pharmacy and Health Sciences, reported to HHS OCR on August 25, 2025 that 9,742 individuals had personal and health information exposed in a network intrusion. Unauthorized access occurred between August 31 and September 14, 2024 and notification letters were mailed beginning June 16, 2025.</description><pubDate>Mon, 25 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>College Parkside Pharmacy: 5,736 exposed</title><link>https://myhealthconsent.org/breaches/college-parkside-pharmacy-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/college-parkside-pharmacy-2025/</guid><description>College Parkside Pharmacy in Albany, New York filed a HIPAA breach notification with the HHS Office for Civil Rights on August 25, 2025 reporting 5,736 affected individuals after attackers accessed its network server between August 31 and September 14, 2024. Exfiltrated data included names, Social Security numbers, driver&apos;s license numbers, health insurance and prescription records, and payment information.</description><pubDate>Mon, 25 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Pacific Imaging Management, LLC: 13,158 exposed</title><link>https://myhealthconsent.org/breaches/pacific-imaging-management-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/pacific-imaging-management-llc-2025/</guid><description>Pacific Imaging Management, LLC (CA) filed a HIPAA breach notification with the HHS Office for Civil Rights on August 25, 2025, reporting 13,158 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this...</description><pubDate>Mon, 25 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Prime Therapeutics LLC: 2,266 exposed</title><link>https://myhealthconsent.org/breaches/prime-therapeutics-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/prime-therapeutics-llc-2025/</guid><description>Prime Therapeutics LLC (MN) filed a HIPAA breach notification with the HHS Office for Civil Rights on August 25, 2025, reporting 2,266 affected individuals in a Unauthorized Access/Disclosure event at Laptop. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on thi...</description><pubDate>Mon, 25 Aug 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Beech Acres Parenting Center: 19,315 exposed</title><link>https://myhealthconsent.org/breaches/beech-acres-parenting-center-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/beech-acres-parenting-center-2025/</guid><description>Beech Acres Parenting Center, the 175-year-old Cincinnati nonprofit providing mental-health, foster-care, and parenting services, detected unauthorized network activity on November 23, 2024 and confirmed in August 2025 that 19,315 current and former clients (including children, foster youth, and parents) had names, Social Security numbers, dates of birth, driver&apos;s license numbers, bank-account and routing numbers, health-insurance information, and medical/treatment information exposed. Multiple plaintiff firms are investigating; no class complaint has been filed at this writing.</description><pubDate>Fri, 22 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Independent Health Association, Inc.: 637 exposed</title><link>https://myhealthconsent.org/breaches/independent-health-association-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/independent-health-association-inc-2025/</guid><description>Independent Health Association, Inc. (NY) filed a HIPAA breach notification with the HHS Office for Civil Rights on August 22, 2025, reporting 637 affected individuals in a Unauthorized Access/Disclosure event at Other. The HHS OCR portal entry is the primary public record; further details are not yet publicly discl...</description><pubDate>Fri, 22 Aug 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Vance County Department of Social Services: 501 exposed</title><link>https://myhealthconsent.org/breaches/vance-county-department-of-social-services-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/vance-county-department-of-social-services-2025/</guid><description>Vance County Department of Social Services (NC) filed a HIPAA breach notification with the HHS Office for Civil Rights on August 22, 2025, reporting 501 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly d...</description><pubDate>Fri, 22 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>zizzl llc: 2,416 exposed</title><link>https://myhealthconsent.org/breaches/zizzl-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/zizzl-llc-2025/</guid><description>zizzl llc (WI) filed a HIPAA breach notification with the HHS Office for Civil Rights on August 22, 2025, reporting 2,416 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 22 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>McEwen &amp; Associates: 500 exposed</title><link>https://myhealthconsent.org/breaches/mcewen-associates-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/mcewen-associates-2025/</guid><description>McEwen &amp; Associates (TX) filed a HIPAA breach notification with the HHS Office for Civil Rights on August 21, 2025, reporting 500 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Thu, 21 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Vital Imaging Medical Diagnostic Centers, LLC: 260,000 exposed</title><link>https://myhealthconsent.org/breaches/vital-imaging-medical-diagnostic-centers-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/vital-imaging-medical-diagnostic-centers-llc-2025/</guid><description>Vital Imaging Medical Diagnostic Centers, LLC — a Miami-based outpatient radiology group — reported a February 13, 2025 network intrusion to HHS OCR on August 21, 2025, disclosing that 260,000 patients had Social Security numbers, driver&apos;s license numbers, passport numbers, insurance information and diagnostic results exfiltrated. A class action lawsuit has been filed in Miami-Dade County and at least ten plaintiff firms have opened investigations.</description><pubDate>Thu, 21 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Arkansas Primary Care Clinic: 2,491 exposed</title><link>https://myhealthconsent.org/breaches/arkansas-primary-care-clinic-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/arkansas-primary-care-clinic-2025/</guid><description>Arkansas Primary Care Clinic (Little Rock, AR) discovered a network intrusion on March 25, 2025 and filed a HIPAA breach notification with the HHS Office for Civil Rights on August 20, 2025, reporting 2,491 affected individuals. Notification letters describe exposure of names, Social Security numbers, medical information, and health insurance information.</description><pubDate>Wed, 20 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Revere Health PC: 605 exposed</title><link>https://myhealthconsent.org/breaches/revere-health-pc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/revere-health-pc-2025/</guid><description>Revere Health PC (UT) filed a HIPAA breach notification with the HHS Office for Civil Rights on August 19, 2025, reporting 605 affected individuals in a Hacking/IT Incident event at Desktop Computer. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Tue, 19 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Bevel Health Medical Group: 510 exposed</title><link>https://myhealthconsent.org/breaches/bevel-health-medical-group-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/bevel-health-medical-group-2025/</guid><description>Bevel Health Medical Group (PA) filed a HIPAA breach notification with the HHS Office for Civil Rights on August 18, 2025, reporting 510 affected individuals in a Unauthorized Access/Disclosure event at Electronic Medical Record. The HHS OCR portal entry is the primary public record; further details are not yet publ...</description><pubDate>Mon, 18 Aug 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>CareTracker, Inc. (d/b/a Amazing Charts): 501 exposed</title><link>https://myhealthconsent.org/breaches/caretracker-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/caretracker-inc-2025/</guid><description>CareTracker, Inc. (d/b/a Amazing Charts) disclosed a 2025 vendor-network breach affecting at least 501 patients. Unauthorized access occurred June 15-19, 2025, was filed with HHS OCR on August 18, 2025, and notification letters went out November 12, 2025. Multiple class-action investigations underway.</description><pubDate>Mon, 18 Aug 2025 00:00:00 GMT</pubDate><category>vendor-breach</category><category>ocr-open</category></item><item><title>CEI Vision Partners, LLC: 10,841 exposed</title><link>https://myhealthconsent.org/breaches/cei-vision-partners-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/cei-vision-partners-llc-2025/</guid><description>CEI Vision Partners (CVP), a multi-state ophthalmology management services organization now part of EyeCare Partners, was breached when an unauthorized actor accessed its network between May 24 and May 27, 2024. CVP filed with HHS OCR reporting 10,841 affected individuals and began mailing notifications on August 18, 2025 — roughly 15 months after detection. A federal class action, Sharpe v. CEI Vision Partners, LLC (S.D. Ohio 1:25-cv-00591), was filed August 15, 2025.</description><pubDate>Mon, 18 Aug 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>class-action-filed</category></item><item><title>Alert Medical Alarms: 39,218 exposed</title><link>https://myhealthconsent.org/breaches/alert-medical-alarms-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/alert-medical-alarms-2025/</guid><description>Alert Medical Alarms, a Jenkintown, PA personal emergency response system (PERS) provider for elderly and homebound clients, was hit by the Qilin ransomware group on June 17, 2025. The company filed with HHS OCR on August 15, 2025 reporting 39,218 affected. Exposed data includes Social Security numbers, Medicaid numbers, bank account numbers, prescriptions, and medical conditions. Class-action investigations and complaints are now active.</description><pubDate>Fri, 15 Aug 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category><category>Qilin</category></item><item><title>CPAP Medical Supplies and Services Inc.: 90,133 exposed</title><link>https://myhealthconsent.org/breaches/cpap-medical-supplies-and-services-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/cpap-medical-supplies-and-services-inc-2025/</guid><description>CPAP Medical Supplies and Services Inc., a Jacksonville, Florida sleep-apnea equipment supplier that serves U.S. military families, active-duty service members, and veterans through TRICARE, filed a HIPAA breach notification with HHS OCR on August 15, 2025 reporting 90,133 affected individuals. Unauthorized actors had access to the network from December 13 to December 21, 2024, with discovery on June 27, 2025. Names, dates of birth, Social Security numbers, financial and banking information, medical information, and health insurance information were in scope. IDX credit monitoring offered. Multiple plaintiff firms have opened investigations.</description><pubDate>Fri, 15 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Lake City Cancer Care, LLC: 9,980 exposed</title><link>https://myhealthconsent.org/breaches/lake-city-cancer-care-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/lake-city-cancer-care-llc-2025/</guid><description>Lake City Cancer Care, LLC (FL) filed a HIPAA breach notification with the HHS Office for Civil Rights on August 15, 2025, reporting 9,980 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on th...</description><pubDate>Fri, 15 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Mower County Health and Human Services: 501 exposed</title><link>https://myhealthconsent.org/breaches/mower-county-health-and-human-services-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/mower-county-health-and-human-services-2025/</guid><description>Mower County Health and Human Services (MN) filed a HIPAA breach notification with the HHS Office for Civil Rights on August 15, 2025, reporting 501 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly discl...</description><pubDate>Fri, 15 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Welcome Dentistry-Anaheim: 1,001 exposed</title><link>https://myhealthconsent.org/breaches/welcome-dentistry-anaheim-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/welcome-dentistry-anaheim-2025/</guid><description>Welcome Dentistry-Anaheim (CA) filed a HIPAA breach notification with the HHS Office for Civil Rights on August 15, 2025, reporting 1,001 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on thi...</description><pubDate>Fri, 15 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Dr. Doug&apos;s Pediatric Dentistry: 3,590 exposed</title><link>https://myhealthconsent.org/breaches/dr-dougs-pediatric-dentistry-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/dr-dougs-pediatric-dentistry-2025/</guid><description>Dr. Doug&apos;s Pediatric Dentistry in Logan, Utah filed a HIPAA breach with HHS OCR on August 11, 2025, affecting 3,590 current and former pediatric patients. A single employee email account was compromised; an investigation that began in September 2024 and concluded in June 2025 confirmed exposure of names, dates of birth, dental treatment records, Medicaid and dental insurance information, with Social Security numbers and driver&apos;s licenses exposed for a smaller subset. Strauss Borrelli PLLC has opened a class-action investigation. Here is what to do.</description><pubDate>Thu, 14 Aug 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Welcome Dentistry-Los Angeles: 1,001 exposed</title><link>https://myhealthconsent.org/breaches/welcome-dentistry-los-angeles-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/welcome-dentistry-los-angeles-2025/</guid><description>Welcome Dentistry-Los Angeles (CA) filed a HIPAA breach notification with the HHS Office for Civil Rights on August 13, 2025, reporting 1,001 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on...</description><pubDate>Wed, 13 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Laurel Cancer Care, LLC: 1,541 exposed</title><link>https://myhealthconsent.org/breaches/laurel-cancer-care-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/laurel-cancer-care-llc-2025/</guid><description>Laurel Cancer Care, LLC (MS) filed a HIPAA breach notification with the HHS Office for Civil Rights on August 12, 2025, reporting 1,541 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Tue, 12 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>UnitedHealthcare: 3,215 exposed</title><link>https://myhealthconsent.org/breaches/unitedhealthcare-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/unitedhealthcare-2025/</guid><description>UnitedHealthcare (CT) filed a HIPAA breach notification with the HHS Office for Civil Rights on August 12, 2025, reporting 3,215 affected individuals in a Unauthorized Access/Disclosure event at Paper/Films. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this...</description><pubDate>Tue, 12 Aug 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Zelis Healthcare LLC: 4,289 exposed</title><link>https://myhealthconsent.org/breaches/zelis-healthcare-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/zelis-healthcare-llc-2025/</guid><description>Zelis Healthcare LLC (MA) filed a HIPAA breach notification with the HHS Office for Civil Rights on August 12, 2025, reporting 4,289 affected individuals in a Unauthorized Access/Disclosure event at Paper/Films. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on...</description><pubDate>Tue, 12 Aug 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Mission City Community Network, Inc.: 11,016 exposed</title><link>https://myhealthconsent.org/breaches/mission-city-community-network-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/mission-city-community-network-inc-2025/</guid><description>Mission City Community Network, Inc. (CA) filed a HIPAA breach notification with the HHS Office for Civil Rights on August 09, 2025, reporting 11,016 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disc...</description><pubDate>Sat, 09 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Aflac Incorporated: 13,924,906 exposed</title><link>https://myhealthconsent.org/breaches/aflac-incorporated-aflac-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/aflac-incorporated-aflac-2025/</guid><description>Aflac filed a HIPAA breach notification with HHS OCR on August 8, 2025 after a June 12 social-engineering intrusion. The carrier later confirmed approximately 22.65 million people were notified, with at least 13.9 million U.S. PHI records exposed including SSNs, claims, and health information.</description><pubDate>Fri, 08 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category><category>Scattered Spider (suspected; not formally confirmed by Aflac)</category></item><item><title>Center for Disability Services, Inc.: 3,343 exposed</title><link>https://myhealthconsent.org/breaches/center-for-disability-services-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/center-for-disability-services-inc-2025/</guid><description>Center for Disability Services, Inc., a long-standing Albany-based provider for New Yorkers with intellectual and developmental disabilities, disclosed on August 8, 2025 that unauthorized access to employee email accounts between June 19 and June 25, 2025 exposed names, demographic, medical and insurance information of 3,343 individuals, with a subset also exposing SSNs, driver&apos;s license numbers, and financial account information.</description><pubDate>Fri, 08 Aug 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Friesen Group: 500 exposed</title><link>https://myhealthconsent.org/breaches/friesen-group-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/friesen-group-2025/</guid><description>Friesen Group (CA) filed a HIPAA breach notification with the HHS Office for Civil Rights on August 08, 2025, reporting 500 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 08 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>PROVAIL: 501 exposed</title><link>https://myhealthconsent.org/breaches/provail-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/provail-2025/</guid><description>PROVAIL (WA) filed a HIPAA breach notification with the HHS Office for Civil Rights on August 08, 2025, reporting 501 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 08 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Oglethorpe, Inc.: 92,332 exposed</title><link>https://myhealthconsent.org/breaches/oglethorpe-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/oglethorpe-inc-2025/</guid><description>Oglethorpe, Inc., a Tampa, Florida-based behavioral health and addiction-treatment network operating Port St. Lucie Hospital, Ridgeview Behavioral Hospital, Springbrook Hospital, and The Blackberry Center, disclosed a May 15 to June 6, 2025 network intrusion that exfiltrated names, Social Security numbers, driver&apos;s license numbers, dates of birth, and medical information for 92,332 patients and employees. The OCR portal entry is dated August 5, 2025; notification letters mailed October 31, 2025; 12 months TransUnion Cyberscout credit monitoring offered. A consolidated class action in Broward County, FL has reached a $350,000 settlement with final approval set for June 22, 2026.</description><pubDate>Tue, 05 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>settled</category></item><item><title>Precision Endodontics of Raleigh: 4,022 exposed</title><link>https://myhealthconsent.org/breaches/precision-endodontics-of-raleigh-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/precision-endodontics-of-raleigh-2025/</guid><description>Precision Endodontics of Raleigh (NC) filed a HIPAA breach notification with the HHS Office for Civil Rights on August 05, 2025, reporting 4,022 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this...</description><pubDate>Tue, 05 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>South Coast Pediatrics: 7,000 exposed</title><link>https://myhealthconsent.org/breaches/south-coast-pediatrics-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/south-coast-pediatrics-2025/</guid><description>South Coast Pediatrics (CA) filed a HIPAA breach notification with the HHS Office for Civil Rights on August 05, 2025, reporting 7,000 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this p...</description><pubDate>Tue, 05 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>MDLand International Corporation: 22,586 exposed</title><link>https://myhealthconsent.org/breaches/mdland-international-corporation-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/mdland-international-corporation-2025/</guid><description>MDLand International Corporation, a New York City health information technology company that operates the iClinic EHR/RCM platform, filed a HIPAA breach notification with HHS OCR on August 04, 2025, reporting 22,586 affected individuals after a ransomware attack on its network server detected May 02, 2025. The HHS OCR portal classifies the event as a Hacking/IT Incident; HIPAA Journal and NetSec.news independently confirm the matter as a ransomware attack on the EHR vendor, with one month of patient records lost beyond recovery. Federman &amp; Sherwood has publicly opened a class-action investigation.</description><pubDate>Mon, 04 Aug 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category></item><item><title>Westminster Village Greenwood, Inc.: 14,386 exposed</title><link>https://myhealthconsent.org/breaches/westminster-village-greenwood-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/westminster-village-greenwood-inc-2025/</guid><description>Westminster Village Greenwood, Inc. (IN) filed a HIPAA breach notification with the HHS Office for Civil Rights on August 04, 2025, reporting 14,386 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly discl...</description><pubDate>Mon, 04 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>DaVita Inc.: 2,689,826 exposed</title><link>https://myhealthconsent.org/breaches/davita-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/davita-inc-2025/</guid><description>DaVita Inc. (NYSE: DVA), the largest US dialysis provider, disclosed an April 12, 2025 ransomware attack by the Interlock group that exposed protected health information of 2,689,826 patients. Names, SSNs, dialysis lab results, health insurance data, and some tax IDs were taken. ~1.5TB posted to Interlock&apos;s leak site. Three class actions filed. Experian identity restoration offered. Here is what to do.</description><pubDate>Fri, 01 Aug 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category><category>Interlock</category></item><item><title>Highlands Oncology Group PA: 111,766 exposed</title><link>https://myhealthconsent.org/breaches/highlands-oncology-group-pa-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/highlands-oncology-group-pa-2025/</guid><description>Highlands Oncology Group, a six-location cancer-care provider in Northwest Arkansas, was breached by the Medusa ransomware group. Attackers had access to the network from January 21 to June 2, 2025. Notification letters mailed August 1, 2025. The HHS OCR portal lists 111,766 affected; the Maine AG filing lists 113,575. Here is what was taken and what to do.</description><pubDate>Fri, 01 Aug 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category><category>Medusa</category></item><item><title>Langdon &amp; Company, LLP Certified Public Accountants: 46,061 exposed</title><link>https://myhealthconsent.org/breaches/langdon-company-llp-certified-public-accountants-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/langdon-company-llp-certified-public-accountants-2025/</guid><description>Langdon &amp; Company LLP, a Garner, NC CPA firm and Easterseals PORT Health business associate, confirmed a 2024 network intrusion exposed SSNs, Taxpayer IDs, financial accounts, and medical data for 46,061 individuals. A class action was filed August 28, 2025. Here is what to do.</description><pubDate>Fri, 01 Aug 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>David A. Nover, M.D., P.C.: 4,703 exposed</title><link>https://myhealthconsent.org/breaches/david-a-nover-m-d-p-c-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/david-a-nover-m-d-p-c-2025/</guid><description>David A. Nover, M.D., P.C. (PA) filed a HIPAA breach notification with the HHS Office for Civil Rights on July 31, 2025, reporting 4,703 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this...</description><pubDate>Thu, 31 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Vail Summit Orthopaedics: 5,044 exposed</title><link>https://myhealthconsent.org/breaches/vail-summit-orthopaedics-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/vail-summit-orthopaedics-2025/</guid><description>Vail Summit Orthopaedics (CO) filed a HIPAA breach notification with the HHS Office for Civil Rights on July 31, 2025, reporting 5,044 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Thu, 31 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Berkshire Health Systems, Inc.: 1,421 exposed</title><link>https://myhealthconsent.org/breaches/berkshire-health-systems-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/berkshire-health-systems-inc-2025/</guid><description>Berkshire Health Systems (MA) reported on July 30, 2025 that a Surgical Services employee at Fairview Hospital viewed patient electronic medical records without a legitimate business purpose, potentially dating back to 2014. Exposed data included full names, dates of birth, account numbers, diagnosis codes, and visit notes.</description><pubDate>Wed, 30 Jul 2025 00:00:00 GMT</pubDate><category>insider-threat</category><category>ocr-open</category><category>Insider — a former Berkshire Health Systems employee in the Surgical Services Department at Fairview Hospital (Great Barrington, MA), who accessed records without a legitimate business purpose. BHS has stated unauthorized access may date back to 2014, though its review only covered records back to October 1, 2022.</category></item><item><title>Alera Group, Inc.: 155,567 exposed</title><link>https://myhealthconsent.org/breaches/alera-group-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/alera-group-inc-2025/</guid><description>Alera Group, Inc. — a national insurance brokerage and employee-benefits firm acting as a HIPAA business associate — reported 155,567 individuals affected by a July 2024 network intrusion. Notification letters went out May 21, 2025; the HHS OCR filing landed July 29, 2025. A consolidated class action alleges a class of roughly 873,211 and reached a $2M preliminary settlement on March 30, 2026. Claim deadline is June 29, 2026. Here is what to do.</description><pubDate>Tue, 29 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>Compass Counseling Services, LLC: 5,440 exposed</title><link>https://myhealthconsent.org/breaches/compass-counseling-services-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/compass-counseling-services-llc-2025/</guid><description>Compass Counseling Services, LLC (FL) filed a HIPAA breach notification with the HHS Office for Civil Rights on July 29, 2025, reporting 5,440 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed o...</description><pubDate>Tue, 29 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Mid Florida Primary Care, PA: 16,435 exposed</title><link>https://myhealthconsent.org/breaches/mid-florida-primary-care-pa-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/mid-florida-primary-care-pa-2025/</guid><description>Mid Florida Primary Care, PA, a Leesburg and Summerfield internal medicine practice, confirmed that the BianLian ransomware group accessed its network between November 29 and December 11, 2024, exfiltrating data tied to 16,435 patients. Notification letters went out in late July 2025 and complimentary identity monitoring is offered. The HHS OCR portal entry is dated March 21, 2025.</description><pubDate>Tue, 29 Jul 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category></item><item><title>PhyNet Dermatology, LLC: 1,308 exposed</title><link>https://myhealthconsent.org/breaches/phynet-dermatology-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/phynet-dermatology-llc-2025/</guid><description>PhyNet Dermatology, LLC (TN) filed a HIPAA breach notification with the HHS Office for Civil Rights on July 29, 2025, reporting 1,308 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Tue, 29 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>The Center at Cordera: 6,057 exposed</title><link>https://myhealthconsent.org/breaches/the-center-at-cordera-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/the-center-at-cordera-2025/</guid><description>The Center at Cordera (CO) filed a HIPAA breach notification with the HHS Office for Civil Rights on July 29, 2025, reporting 6,057 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Tue, 29 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Doctors’ Memorial Hospital: 500 exposed</title><link>https://myhealthconsent.org/breaches/doctors-memorial-hospital-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/doctors-memorial-hospital-2025/</guid><description>Doctors’ Memorial Hospital (FL) filed a HIPAA breach notification with the HHS Office for Civil Rights on July 25, 2025, reporting 500 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this p...</description><pubDate>Fri, 25 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Northwest Denture Center, Inc.: 19,419 exposed</title><link>https://myhealthconsent.org/breaches/northwest-denture-center-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/northwest-denture-center-inc-2025/</guid><description>Northwest Denture Center, Inc., a Burlington, Washington denture practice, detected unauthorized access to its network on May 28, 2025. A file review completed June 27, 2025 determined that names, Social Security numbers, driver&apos;s license numbers, dates of birth, and medical information for 19,419 individuals (12,209 of them Washington residents) were exposed. The incident was reported to HHS OCR on July 25, 2025, and a putative class action was filed in Snohomish County Superior Court.</description><pubDate>Fri, 25 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>McKenzie Memorial Hospital: 58,839 exposed</title><link>https://myhealthconsent.org/breaches/mckenzie-memorial-hospital-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/mckenzie-memorial-hospital-2025/</guid><description>McKenzie Memorial Hospital (McKenzie Health System) in Sandusky, Michigan disclosed a 2025 network intrusion that exposed names, Social Security numbers, driver&apos;s license numbers, financial account information, and clinical data. Filed with HHS OCR on July 24, 2025 for 58,839 affected individuals. Here is what was exposed, what the hospital is offering, and what to do.</description><pubDate>Thu, 24 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Nova Recovery Center, LLC d/b/a Nova Recovery Center: 6,242 exposed</title><link>https://myhealthconsent.org/breaches/nova-recovery-center-llc-d-b-a-nova-recovery-center-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/nova-recovery-center-llc-d-b-a-nova-recovery-center-2025/</guid><description>Nova Recovery Center, LLC d/b/a Nova Recovery Center (TX) filed a HIPAA breach notification with the HHS Office for Civil Rights on July 24, 2025, reporting 6,242 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet...</description><pubDate>Thu, 24 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Gastroenterology Consultants of South Texas, P.A.: 44,579 exposed</title><link>https://myhealthconsent.org/breaches/gastroenterology-consultants-of-south-texas-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/gastroenterology-consultants-of-south-texas-2025/</guid><description>Gastroenterology Consultants of South Texas (dba Texas Digestive Specialists) reported a network-server breach to HHS OCR on July 22, 2025 affecting 44,579 individuals. The Interlock ransomware group claimed responsibility and leaked 263 GB of data, including names, dates of birth, medical histories, lab and pathology reports, and health insurance information. Multiple plaintiff firms have opened class-action investigations.</description><pubDate>Tue, 22 Jul 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category></item><item><title>Dr. Michael Bilikas and Associates: 23,517 exposed</title><link>https://myhealthconsent.org/breaches/dr-michael-bilikas-and-associates-d-b-a-32-pearls-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/dr-michael-bilikas-and-associates-d-b-a-32-pearls-2025/</guid><description>Dr. Michael Bilikas and Associates, doing business as 32 Pearls, a Seattle and Tacoma dental practice, disclosed a May 2025 ransomware attack that encrypted files on its systems and exposed names, addresses, dates of birth, Social Security numbers, driver&apos;s license numbers, health insurance information, and medical records for 23,517 current and former patients. 12 months of IDX identity theft protection offered. Here is what to do.</description><pubDate>Mon, 21 Jul 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category></item><item><title>Infinite Services, Inc.: 31,742 exposed</title><link>https://myhealthconsent.org/breaches/infinite-services-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/infinite-services-inc-2025/</guid><description>Infinite Services, Inc., a Brooklyn, NY-based provider of in-home physical, occupational, speech, and behavioral therapy, detected a ransomware intrusion on May 5, 2025 and filed a HIPAA breach notification with HHS OCR on July 21, 2025 reporting 31,742 affected individuals. Names, Social Security numbers, dates of birth, member ID numbers, health insurance information, medical records, financial account information, and driver&apos;s license numbers were potentially exposed. No ransom was paid.</description><pubDate>Mon, 21 Jul 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category></item><item><title>Kettering Adventist Healthcare: 1,695,382 exposed</title><link>https://myhealthconsent.org/breaches/kettering-adventist-healthcare-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/kettering-adventist-healthcare-2025/</guid><description>Kettering Adventist Healthcare (Ohio) confirmed 1,695,382 patients had data stolen in the May 2025 Interlock ransomware attack. Intruders held network access from April 9 to May 20, 2025, forced a 13-day Epic EHR outage, and exfiltrated 941 GB. Notification letters went out in February 2026; class actions are consolidated in Montgomery County.</description><pubDate>Mon, 21 Jul 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category><category>Interlock</category></item><item><title>OrthoAtlanta LLC: 626 exposed</title><link>https://myhealthconsent.org/breaches/orthoatlanta-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/orthoatlanta-llc-2025/</guid><description>OrthoAtlanta LLC (GA) filed a HIPAA breach notification with the HHS Office for Civil Rights on July 21, 2025, reporting 626 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Mon, 21 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Equilibria Mental Health Services: 3,232 exposed</title><link>https://myhealthconsent.org/breaches/equilibria-mental-health-services-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/equilibria-mental-health-services-2025/</guid><description>Equilibria Mental Health Services (PA) filed a HIPAA breach notification with the HHS Office for Civil Rights on July 20, 2025, reporting 3,232 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this p...</description><pubDate>Sun, 20 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Keys Pathology Associates, PA: 20,000 exposed</title><link>https://myhealthconsent.org/breaches/keys-pathology-associates-pa-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/keys-pathology-associates-pa-2025/</guid><description>Keys Pathology Associates, PA (Marathon, FL) filed a HIPAA breach with HHS OCR on July 19, 2025 reporting 20,000 affected after its billing vendor Genesis Billing Services was hacked on May 20, 2025. Notification letters mailed September 5, 2025. Names, Social Security numbers, driver&apos;s license numbers, dates of birth, and health information were involved. Plaintiff firms have opened investigations; no class-action complaint has been filed yet.</description><pubDate>Sat, 19 Jul 2025 00:00:00 GMT</pubDate><category>vendor-breach</category><category>ocr-open</category></item><item><title>Human Development Services of Westchester: 501 exposed</title><link>https://myhealthconsent.org/breaches/human-development-services-of-westchester-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/human-development-services-of-westchester-2025/</guid><description>Human Development Services of Westchester (NY) filed a HIPAA breach notification with the HHS Office for Civil Rights on July 18, 2025, reporting 501 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on...</description><pubDate>Fri, 18 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>The Brien Center for Mental Health and Substance Abuse Services: 5,427 exposed</title><link>https://myhealthconsent.org/breaches/the-brien-center-for-mental-health-and-substance-abuse-services-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/the-brien-center-for-mental-health-and-substance-abuse-services-2025/</guid><description>The Brien Center for Mental Health and Substance Abuse Services (MA) filed a HIPAA breach notification with the HHS Office for Civil Rights on July 18, 2025, reporting 5,427 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details a...</description><pubDate>Fri, 18 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Central District Health Department of Nebraska: 58,519 exposed</title><link>https://myhealthconsent.org/breaches/central-district-health-department-of-nebraska-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/central-district-health-department-of-nebraska-2025/</guid><description>Central District Health Department of Nebraska, the public health agency serving Hall, Hamilton, and Merrick Counties from Grand Island, confirmed a February 2025 network intrusion in which the Medusa ransomware group exfiltrated approximately 84 GB of data and posted it to a dark-web leak site. Names, dates of birth, Social Security numbers, and protected health information for 58,519 individuals were exposed.</description><pubDate>Mon, 14 Jul 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Medusa</category></item><item><title>Clinica Family Health Services: 47,593 exposed</title><link>https://myhealthconsent.org/breaches/clinica-family-health-services-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/clinica-family-health-services-2025/</guid><description>Clinica Family Health &amp; Wellness — a Colorado Federally Qualified Health Center serving more than 60,000 mostly low-income and Spanish-speaking patients across Adams, Boulder, Broomfield, and Gilpin counties — disclosed a March 14, 2025 intrusion attributed to the INC Ransom group on the Mental Health Partners network it absorbed in October 2024. The HHS OCR filing on July 14, 2025 reports 47,593 affected. SSNs, driver&apos;s license numbers, diagnosis and treatment records are all in scope. Here is what to do.</description><pubDate>Mon, 14 Jul 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>INC Ransom</category></item><item><title>Williamsburg Area Medical Assistance Corporation d/b/a Olde Towne Medical and Dental Center (OTMDC): 2,567 exposed</title><link>https://myhealthconsent.org/breaches/williamsburg-area-medical-assistance-corporation-d-b-a-olde-towne-medical-and-de-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/williamsburg-area-medical-assistance-corporation-d-b-a-olde-towne-medical-and-de-2025/</guid><description>Williamsburg Area Medical Assistance Corporation d/b/a Olde Towne Medical and Dental Center (OTMDC) (VA) filed a HIPAA breach notification with the HHS Office for Civil Rights on July 13, 2025, reporting 2,567 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the prim...</description><pubDate>Sun, 13 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Anne Arundel Dermatology: 1,905,000 exposed</title><link>https://myhealthconsent.org/breaches/anne-arundel-dermatology-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/anne-arundel-dermatology-2025/</guid><description>Anne Arundel Dermatology disclosed a hacking incident on July 11, 2025 affecting 1,905,000 patients. Attackers had access to the network for three months (Feb 14 - May 13, 2025) and exposed names, dates of birth, medical and insurance information. A $2.4M class action settlement received preliminary approval on February 26, 2026.</description><pubDate>Fri, 11 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>settled</category></item><item><title>Covenant Health: 478,188 exposed</title><link>https://myhealthconsent.org/breaches/covenant-health-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/covenant-health-2025/</guid><description>Covenant Health, a Catholic nonprofit health system serving New England, was hit by a Qilin ransomware attack in May 2025. Initial HHS OCR filing reported 7,864 affected; revised disclosures in late 2025 raised the count to 478,188 patients. Names, Social Security numbers, medical record numbers, diagnoses, treatment details, and health insurance information were exposed.</description><pubDate>Fri, 11 Jul 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Qilin ransomware group</category></item><item><title>Freedom Plaza Senior Living: 4,847 exposed</title><link>https://myhealthconsent.org/breaches/freedom-plaza-senior-living-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/freedom-plaza-senior-living-2025/</guid><description>Freedom Plaza Senior Living (FL) filed a HIPAA breach notification with the HHS Office for Civil Rights on July 11, 2025, reporting 4,847 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 11 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Freedom Square of Seminole: 3,473 exposed</title><link>https://myhealthconsent.org/breaches/freedom-square-of-seminole-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/freedom-square-of-seminole-2025/</guid><description>Freedom Square of Seminole (FL) filed a HIPAA breach notification with the HHS Office for Civil Rights on July 11, 2025, reporting 3,473 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 11 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Picis Clinical Solutions, Inc. d/b/a Medstreaming: 8,840 exposed</title><link>https://myhealthconsent.org/breaches/picis-clinical-solutions-inc-d-b-a-medstreaming-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/picis-clinical-solutions-inc-d-b-a-medstreaming-2025/</guid><description>Picis Clinical Solutions, Inc. d/b/a Medstreaming (MA) filed a HIPAA breach notification with the HHS Office for Civil Rights on July 11, 2025, reporting 8,840 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet pub...</description><pubDate>Fri, 11 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Regency Oaks: 2,008 exposed</title><link>https://myhealthconsent.org/breaches/regency-oaks-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/regency-oaks-2025/</guid><description>Regency Oaks (FL) filed a HIPAA breach notification with the HHS Office for Civil Rights on July 11, 2025, reporting 2,008 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 11 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Mountain Laurel Dermatology: 3,324 exposed</title><link>https://myhealthconsent.org/breaches/mountain-laurel-dermatology-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/mountain-laurel-dermatology-2025/</guid><description>Mountain Laurel Dermatology (NC) filed a HIPAA breach notification with the HHS Office for Civil Rights on July 10, 2025, reporting 3,324 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on thi...</description><pubDate>Thu, 10 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Naper Grove Vision Care: 501 exposed</title><link>https://myhealthconsent.org/breaches/naper-grove-vision-care-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/naper-grove-vision-care-2025/</guid><description>Naper Grove Vision Care (IL) filed a HIPAA breach notification with the HHS Office for Civil Rights on July 10, 2025, reporting 501 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Thu, 10 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Florida Lung, Asthma &amp; Sleep Specialists (FLASS): 10,000 exposed</title><link>https://myhealthconsent.org/breaches/florida-lung-asthma-sleep-specialists-flass-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/florida-lung-asthma-sleep-specialists-flass-2025/</guid><description>Florida Lung, Asthma &amp; Sleep Specialists (FLASS) (FL) filed a HIPAA breach notification with the HHS Office for Civil Rights on July 09, 2025, reporting 10,000 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet pub...</description><pubDate>Wed, 09 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>K&amp;E Advanced Dentisrty: 1,700 exposed</title><link>https://myhealthconsent.org/breaches/k-e-advanced-dentisrty-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/k-e-advanced-dentisrty-2025/</guid><description>K&amp;E Advanced Dentisrty (OH) filed a HIPAA breach notification with the HHS Office for Civil Rights on July 07, 2025, reporting 1,700 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Mon, 07 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Arbor Associates, Inc.: 17,040 exposed</title><link>https://myhealthconsent.org/breaches/arbor-associates-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/arbor-associates-inc-2025/</guid><description>Arbor Associates, Inc. — a Michigan-based business associate that runs patient survey analytics for healthcare providers — reported a hacking incident affecting 17,040 individuals. Unauthorized network access occurred April 15–17, 2025; Arbor filed with HHS OCR and began mailing notifications on July 3, 2025. Srourian Law Firm has opened a class-action investigation.</description><pubDate>Thu, 03 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Cierant Corporation: 232,506 exposed</title><link>https://myhealthconsent.org/breaches/cierant-corporation-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/cierant-corporation-2025/</guid><description>Cierant Corporation, a Danbury, Connecticut health-plan mailing vendor, disclosed on July 3, 2025 that 232,506 individuals had PHI exposed via the Cleo VLTrader exploit linked to Clop ransomware. Class actions are consolidated in D. Conn. Here is what to do.</description><pubDate>Thu, 03 Jul 2025 00:00:00 GMT</pubDate><category>vendor-breach</category><category>class-action-filed</category><category>Clop (CL0P) ransomware group — claimed responsibility for the broader Cleo VLTrader exploitation campaign; Cierant has not independently confirmed the attribution</category></item><item><title>City of Franklin: 3,233 exposed</title><link>https://myhealthconsent.org/breaches/city-of-franklin-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/city-of-franklin-2025/</guid><description>City of Franklin (WI) filed a HIPAA breach notification with the HHS Office for Civil Rights on July 03, 2025, reporting 3,233 affected individuals after an unauthorized actor accessed a city network server in August 2024 containing records dating back decades. Notification letters mailed in July 2025; identity-protection services offered via Cyberscout/TransUnion.</description><pubDate>Thu, 03 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Urology Associates of Charleston: 2,060 exposed</title><link>https://myhealthconsent.org/breaches/urology-associates-of-charleston-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/urology-associates-of-charleston-2025/</guid><description>Urology Associates of Charleston (SC) filed a HIPAA breach notification with the HHS Office for Civil Rights on July 03, 2025, reporting 2,060 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Thu, 03 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Zumpano Patricios, P.A.: 279,275 exposed</title><link>https://myhealthconsent.org/breaches/zumpano-patricios-p-a-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/zumpano-patricios-p-a-2025/</guid><description>Zumpano Patricios, P.A., a Coral Gables healthcare law firm and HIPAA business associate, detected an intrusion on May 6, 2025 and began notifying 279,275 patients of provider clients on July 3, 2025. Exposed data included names, SSNs, member IDs, health insurer info, dates of service, charges, payments, clinical coding and medical records.</description><pubDate>Thu, 03 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Complete Care Rehab LLC: 4,764 exposed</title><link>https://myhealthconsent.org/breaches/complete-care-rehab-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/complete-care-rehab-llc-2025/</guid><description>Complete Care Rehab LLC, a physical therapy practice in Eastpointe, Michigan, identified suspicious activity in its network on or around May 11, 2025. The forensic investigation confirmed patient data was exposed and potentially stolen, including names, contact details, dates of birth, diagnoses, treatment information, health insurance information, and Social Security numbers for a limited number of patients. The incident was disclosed publicly on July 2, 2025 and reported to HHS OCR on July 8, 2025, affecting 4,764 individuals.</description><pubDate>Wed, 02 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Radiology Associates of Richmond, Inc.: 1,419,091 exposed</title><link>https://myhealthconsent.org/breaches/radiology-associates-of-richmond-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/radiology-associates-of-richmond-inc-2025/</guid><description>Radiology Associates of Richmond (RAR) disclosed a HIPAA breach affecting 1,419,091 individuals. Names, Social Security numbers, and medical records were accessed April 2–6, 2024, but patients were not notified until July 2025 — 15 months later. Here is what to do.</description><pubDate>Tue, 01 Jul 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>Centers for Medicare &amp; Medicaid Services: 107,154 exposed</title><link>https://myhealthconsent.org/breaches/centers-for-medicare-medicaid-services-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/centers-for-medicare-medicaid-services-2025/</guid><description>CMS notified roughly 103,000 beneficiaries (the HHS OCR filing logs 107,154) that malicious actors used valid personal data obtained from unknown external sources to fraudulently create Medicare.gov accounts between 2023 and 2025. Once the accounts existed, attackers could access provider info, mailing address, diagnosis codes, dates of service, and plan premium details. CMS issued new Medicare Beneficiary Identifiers and new cards. Here is what to do.</description><pubDate>Mon, 30 Jun 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Clinical Practices of the University of Pennsylvania: 1,432 exposed</title><link>https://myhealthconsent.org/breaches/clinical-practices-of-the-university-of-pennsylvania-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/clinical-practices-of-the-university-of-pennsylvania-2025/</guid><description>Clinical Practices of the University of Pennsylvania, the Penn Medicine faculty practice group, filed a HIPAA breach with HHS OCR on June 30, 2025 covering 1,432 individuals. The OCR portal classifies the incident as Unauthorized Access/Disclosure involving Paper/Films. This is a paper-records incident and is unrelated to UPenn&apos;s October/November 2025 cybersecurity events.</description><pubDate>Mon, 30 Jun 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Bardmoor Cancer Center: 991 exposed</title><link>https://myhealthconsent.org/breaches/bardmoor-cancer-center-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/bardmoor-cancer-center-2025/</guid><description>Bardmoor Cancer Center (FL) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 27, 2025, reporting 991 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 27 Jun 2025 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>California Cancer Associates for Research and Excellence – High Desert: 17,250 exposed</title><link>https://myhealthconsent.org/breaches/california-cancer-associates-for-research-and-excellence-high-desert-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/california-cancer-associates-for-research-and-excellence-high-desert-2025/</guid><description>cCARE – High Desert, the Victorville-area oncology clinic in the Integrated Oncology Network, reported a December 13–16, 2024 phishing intrusion that exposed email and SharePoint files containing names, Social Security numbers, dates of birth, diagnoses, lab results, medications, treatment information, and health insurance details for 17,250 cancer patients. Filed with HHS OCR on June 27, 2025. Multiple class-action investigations underway.</description><pubDate>Fri, 27 Jun 2025 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>California Cancer Associates for Research and Excellence – San Diego: 638 exposed</title><link>https://myhealthconsent.org/breaches/california-cancer-associates-for-research-and-excellence-san-diego-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/california-cancer-associates-for-research-and-excellence-san-diego-2025/</guid><description>cCARE – San Diego, the San Diego oncology practice in the Integrated Oncology Network, reported a December 13–16, 2024 phishing intrusion that exposed ION email and SharePoint files containing names, Social Security numbers, dates of birth, diagnoses, lab results, medications, treatment information, and health insurance details for 638 cancer patients. Filed with HHS OCR on June 27, 2025. Companion to the High Desert (17,250) and Fresno (7,670) cCARE filings on the same date. Multiple class-action investigations underway.</description><pubDate>Fri, 27 Jun 2025 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>Denali Biomedical: 2,413 exposed</title><link>https://myhealthconsent.org/breaches/denali-biomedical-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/denali-biomedical-2025/</guid><description>Denali Biomedical, a Fairbanks, Alaska ambulatory surgical and oncology clinic in the Integrated Oncology Network (ION), reported a December 13–16, 2024 phishing intrusion that exposed ION email and SharePoint files containing names, Social Security numbers, dates of birth, diagnoses, lab results, medications, treatment information, and health insurance details for 2,413 patients. Filed with HHS OCR on June 27, 2025. Companion filing to roughly two dozen other ION-affiliated cancer practices. Multiple class-action investigations underway.</description><pubDate>Fri, 27 Jun 2025 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>Fairbanks Urology: 4,289 exposed</title><link>https://myhealthconsent.org/breaches/fairbanks-urology-2-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/fairbanks-urology-2-2025/</guid><description>Fairbanks Urology (AK) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 27, 2025, reporting 4,289 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 27 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Horizon Healthcare RCM: 210,901 exposed</title><link>https://myhealthconsent.org/breaches/horizon-healthcare-rcm-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/horizon-healthcare-rcm-2025/</guid><description>Horizon Healthcare RCM, a Crown Point, Indiana revenue cycle management business associate, was hit by a December 2024 ransomware attack that exfiltrated data and ultimately affected 210,901 patients of its downstream provider clients. The company reportedly paid the threat actors to delete the data.</description><pubDate>Fri, 27 Jun 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category></item><item><title>Integrated Oncology Network: 4,174 exposed</title><link>https://myhealthconsent.org/breaches/integrated-oncology-network-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/integrated-oncology-network-2025/</guid><description>Integrated Oncology Network (TN) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 27, 2025, reporting 4,174 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 27 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Lake City Cancer Care, LLC: 15,142 exposed</title><link>https://myhealthconsent.org/breaches/lake-city-cancer-care-llc-2-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/lake-city-cancer-care-llc-2-2025/</guid><description>Lake City Cancer Care, LLC (FL) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 27, 2025, reporting 15,142 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 27 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Orange County Radiation Oncology Medical Group: 1,911 exposed</title><link>https://myhealthconsent.org/breaches/orange-county-radiation-oncology-medical-group-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/orange-county-radiation-oncology-medical-group-2025/</guid><description>Orange County Radiation Oncology Medical Group (CA) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 27, 2025, reporting 1,911 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclo...</description><pubDate>Fri, 27 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>PDCM Insurance: 501 exposed</title><link>https://myhealthconsent.org/breaches/pdcm-insurance-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/pdcm-insurance-2025/</guid><description>PDCM Insurance (IA) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 27, 2025, reporting 501 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 27 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>PET Imaging of Dallas Northeast: 1,935 exposed</title><link>https://myhealthconsent.org/breaches/pet-imaging-of-dallas-northeast-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/pet-imaging-of-dallas-northeast-2025/</guid><description>PET Imaging of Dallas Northeast (TX) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 27, 2025, reporting 1,935 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 27 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>PET Imaging of Northern Colorado: 4,824 exposed</title><link>https://myhealthconsent.org/breaches/pet-imaging-of-northern-colorado-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/pet-imaging-of-northern-colorado-2025/</guid><description>PET Imaging of Northern Colorado (CO) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 27, 2025, reporting 4,824 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 27 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>PET Imaging of The Woodlands: 2,978 exposed</title><link>https://myhealthconsent.org/breaches/pet-imaging-of-the-woodlands-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/pet-imaging-of-the-woodlands-2025/</guid><description>PET Imaging of The Woodlands (TX) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 27, 2025, reporting 2,978 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 27 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>PET Imaging of Tulsa: 3,159 exposed</title><link>https://myhealthconsent.org/breaches/pet-imaging-of-tulsa-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/pet-imaging-of-tulsa-2025/</guid><description>PET Imaging of Tulsa (OK) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 27, 2025, reporting 3,159 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 27 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Radiation Oncology Network of Southern California, LLC: 12,944 exposed</title><link>https://myhealthconsent.org/breaches/radiation-oncology-network-of-southern-california-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/radiation-oncology-network-of-southern-california-llc-2025/</guid><description>Radiation Oncology Network of Southern California, LLC (CA) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 27, 2025, reporting 12,944 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet public...</description><pubDate>Fri, 27 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Southwest Urology: 7,214 exposed</title><link>https://myhealthconsent.org/breaches/southwest-urology-2-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/southwest-urology-2-2025/</guid><description>Southwest Urology (OH) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 27, 2025, reporting 7,214 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 27 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Amalgamated Meat Cutters and Retail Food Store Employees Union Local 342 Health Care Fund: 56,615 exposed</title><link>https://myhealthconsent.org/breaches/amalgamated-meat-cutters-and-retail-food-store-employees-union-local-342-health-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/amalgamated-meat-cutters-and-retail-food-store-employees-union-local-342-health-2025/</guid><description>Amalgamated Meat Cutters and Retail Food Store Employees Union Local 342 Health Care Fund (NY) filed a HIPAA breach notification with HHS OCR on June 26, 2025, after an unauthorized actor accessed its network between April 25 and April 28, 2025. A 56,615-person review concluded February 12, 2026; notification letters mailed March 9, 2026. Social Security numbers, driver&apos;s license numbers, medical records, health insurance information, financial accounts, passports, and taxpayer information were exposed. Multiple plaintiffs&apos; firms have opened class-action investigations.</description><pubDate>Thu, 26 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Jordan Drug, Inc.: 4,947 exposed</title><link>https://myhealthconsent.org/breaches/jordan-drug-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/jordan-drug-inc-2025/</guid><description>Jordan Drug, Inc. (KY) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 26, 2025, reporting 4,947 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Thu, 26 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Texas Centers for Infectious Disease Associates: 19,481 exposed</title><link>https://myhealthconsent.org/breaches/texas-center-for-infectious-disease-associates-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/texas-center-for-infectious-disease-associates-2025/</guid><description>Texas Centers for Infectious Disease Associates (TCIDA), a Dallas-Fort Worth infectious disease specialty practice, filed a HIPAA breach notification with HHS OCR on June 30, 2025, after a July 2024 network intrusion exposed names, Social Security numbers, driver&apos;s license data, and HIV/STI-relevant medical and treatment information for 19,481 patients. The BianLian ransomware-extortion group claimed 300 GB of exfiltrated data.</description><pubDate>Thu, 26 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Clement Manor: 16,046 exposed</title><link>https://myhealthconsent.org/breaches/clement-manor-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/clement-manor-2025/</guid><description>Clement Manor, a senior retirement community in Greenfield, Wisconsin, reported a Hacking/IT Incident at a Network Server to the HHS Office for Civil Rights on June 25, 2025, affecting 16,046 individuals. The network disruption was detected on or around April 14, 2025. Names, addresses, dates of birth, Social Security numbers, driver&apos;s license numbers, diagnoses, medication, health insurance, provider, and financial account information may have been exposed. Notification letters were mailed June 20, 2025. Complimentary credit monitoring is being offered.</description><pubDate>Wed, 25 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>McLaren Health Care: 743,131 exposed</title><link>https://myhealthconsent.org/breaches/mclaren-health-care-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/mclaren-health-care-2025/</guid><description>McLaren Health Care notified 743,131 people on June 20, 2025 that the INC Ransom group accessed its network from July 17 to August 3, 2024, stealing names, Social Security numbers, driver&apos;s license numbers, and medical and health insurance information. A $14M class settlement received final court approval April 21, 2026. Here is what to do.</description><pubDate>Tue, 24 Jun 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>settled</category><category>INC Ransom</category></item><item><title>Minneapolis VA Medical Center: 1,099 exposed</title><link>https://myhealthconsent.org/breaches/minneapolis-va-medical-center-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/minneapolis-va-medical-center-2025/</guid><description>Minneapolis VA Medical Center (MN) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 24, 2025, reporting 1,099 affected individuals in a Unauthorized Access/Disclosure event at Paper/Films. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclo...</description><pubDate>Tue, 24 Jun 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Mainline Health Systems Inc: 101,104 exposed</title><link>https://myhealthconsent.org/breaches/mainline-health-systems-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/mainline-health-systems-inc-2025/</guid><description>Mainline Health Systems Inc, a federally qualified health center headquartered in Monticello, Arkansas serving Ashley, Bradley, Chicot, Drew, and Lincoln counties, filed a HIPAA breach notification with HHS OCR on June 23, 2025 reporting 101,104 affected individuals after an April 10, 2024 network intrusion claimed by the Inc Ransom ransomware group. Exposed data included Social Security numbers, driver&apos;s license numbers, financial account and payment card numbers, Medicaid numbers, diagnoses, prescriptions, and clinical information. Notification letters went out 14 months after the initial compromise. A putative class action, Carter v. Mainline, is pending in the U.S. District Court for the Eastern District of Arkansas.</description><pubDate>Mon, 23 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>Esse Health: 263,601 exposed</title><link>https://myhealthconsent.org/breaches/esse-health-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/esse-health-2025/</guid><description>Esse Health, a St. Louis-area independent physician group, detected a network intrusion on April 21, 2025 that took its phone systems and patient-facing services offline. The entity ultimately notified 263,601 individuals; a consolidated class action covering an estimated 521,167 people settled for $2,525,000 with final approval set for August 3, 2026. The matching HHS OCR portal entry was filed June 20, 2025.</description><pubDate>Fri, 20 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>settled</category></item><item><title>Harbor: 2,703 exposed</title><link>https://myhealthconsent.org/breaches/harbor-2-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/harbor-2-2025/</guid><description>Harbor (OH) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 20, 2025, reporting 2,703 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 20 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Los Angeles County Developmental Services Fdn., Inc. dba Frank D. Lanterman Regional Center: 19,000 exposed</title><link>https://myhealthconsent.org/breaches/los-angeles-county-developmental-services-fdn-inc-dba-frank-d-lanterman-regional-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/los-angeles-county-developmental-services-fdn-inc-dba-frank-d-lanterman-regional-2025/</guid><description>Los Angeles County Developmental Services Fdn., Inc. dba Frank D. Lanterman Regional Center filed a HIPAA breach notification with HHS OCR on June 20, 2025 reporting 19,000 affected individuals in a Hacking/IT Incident at a Network Server. Unauthorized access to the center&apos;s email environment ran from August 2024 through December 2024 and exposed SSNs, government IDs, medical and treatment records, and health insurance information of the developmentally disabled population it serves.</description><pubDate>Fri, 20 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Retina Associates of Cleveland, Inc.: 3,604 exposed</title><link>https://myhealthconsent.org/breaches/retina-associates-of-cleveland-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/retina-associates-of-cleveland-inc-2025/</guid><description>Retina Associates of Cleveland, Inc. (OH) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 20, 2025, reporting 3,604 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on thi...</description><pubDate>Fri, 20 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Skin Care Specialty Physicians: 1,038 exposed</title><link>https://myhealthconsent.org/breaches/skin-care-specialty-physicians-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/skin-care-specialty-physicians-2025/</guid><description>Skin Care Specialty Physicians (MD) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 19, 2025, reporting 1,038 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Thu, 19 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Marquette County Medical Care Facility: 1,499 exposed</title><link>https://myhealthconsent.org/breaches/marquette-county-medical-care-facility-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/marquette-county-medical-care-facility-2025/</guid><description>Marquette County Medical Care Facility (OH) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 18, 2025, reporting 1,499 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on t...</description><pubDate>Wed, 18 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Broadwest Specialty Surgical Center: 536 exposed</title><link>https://myhealthconsent.org/breaches/broadwest-specialty-surgical-center-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/broadwest-specialty-surgical-center-2025/</guid><description>Broadwest Specialty Surgical Center, a Merrillville, Indiana ambulatory surgery center, filed a HIPAA breach notification with the HHS Office for Civil Rights on June 17, 2025, reporting 536 affected individuals in a Hacking/IT Incident at a network server. Notification letters describing the incident reportedly went out to affected patients in late June 2025; names, Social Security numbers, and medical information were among the data potentially exposed.</description><pubDate>Tue, 17 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Winkler County Hospital District: 637 exposed</title><link>https://myhealthconsent.org/breaches/winkler-county-hospital-district-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/winkler-county-hospital-district-2025/</guid><description>Winkler County Hospital District (TX) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 17, 2025, reporting 637 affected individuals in a Unauthorized Access/Disclosure event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed o...</description><pubDate>Tue, 17 Jun 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>AltaMed Health Services Corporation: 4,530 exposed</title><link>https://myhealthconsent.org/breaches/altamed-health-services-corporation-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/altamed-health-services-corporation-2025/</guid><description>AltaMed Health Services Corporation (CA) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 13, 2025, reporting 4,530 affected individuals in a Unauthorized Access/Disclosure event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclo...</description><pubDate>Fri, 13 Jun 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>class-action-filed</category></item><item><title>Central Kentucky Radiology: 166,953 exposed</title><link>https://myhealthconsent.org/breaches/central-kentucky-radiology-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/central-kentucky-radiology-2025/</guid><description>Central Kentucky Radiology (CKR) filed an HHS OCR breach report on June 13, 2025 reporting 166,953 affected individuals after an unauthorized actor accessed and copied files from its network between October 16 and October 18, 2024. Exposed data includes names, addresses, dates of birth, Social Security numbers, dates of service, service charges, and in some cases payment card information. CKR is offering 12 months of complimentary credit monitoring; multiple plaintiff firms are investigating a potential class action.</description><pubDate>Fri, 13 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Decisely Insurance Services, LLC: 537,603 exposed</title><link>https://myhealthconsent.org/breaches/decisely-insurance-services-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/decisely-insurance-services-llc-2025/</guid><description>Decisely Insurance Services, a Georgia-based employee-benefits broker and HR services firm, filed a HIPAA breach with HHS OCR on June 13, 2025 covering 537,603 individuals after an unauthorized actor accessed its cloud storage on Dec 16, 2024. Exposed data spans SSNs, DOBs, passports, financial accounts, and PHI.</description><pubDate>Fri, 13 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>Diversified Services Enterprises: 501 exposed</title><link>https://myhealthconsent.org/breaches/diversified-services-enterprises-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/diversified-services-enterprises-2025/</guid><description>Diversified Services Enterprises, a Sarasota, Florida business associate, filed a HIPAA breach notification with the HHS Office for Civil Rights on June 13, 2025, reporting 501 affected individuals in a Hacking/IT Incident at a network server. The OCR portal entry is the primary public record; the entity&apos;s substitute notice and any class-action filings have not yet surfaced publicly.</description><pubDate>Fri, 13 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Elmore County: 931 exposed</title><link>https://myhealthconsent.org/breaches/elmore-county-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/elmore-county-2025/</guid><description>Elmore County (ID) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 13, 2025, reporting 931 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 13 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Mount Rogers Community Services: 38,191 exposed</title><link>https://myhealthconsent.org/breaches/mount-rogers-community-services-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/mount-rogers-community-services-2025/</guid><description>Mount Rogers Community Services Board (Wytheville, VA), a southwest Virginia community services board providing behavioral health, intellectual and developmental disability, and substance use disorder services, disclosed on June 13, 2025 a late-April 2025 ransomware intrusion (April 27–29) affecting 38,191 patients and employees. The INC Ransom gang claimed responsibility on its leak site on June 10, 2025. Exposed data includes names, Social Security numbers, dates of birth, diagnoses, medications, and treatment information. Kroll identity monitoring offered. Here is what to do.</description><pubDate>Fri, 13 Jun 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>INC Ransom (a.k.a. INCRANSOM)</category></item><item><title>Imperial Beach Community Clinic: 10,358 exposed</title><link>https://myhealthconsent.org/breaches/imperial-beach-community-clinic-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/imperial-beach-community-clinic-2025/</guid><description>Imperial Beach Community Clinic (CA) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 12, 2025, reporting 10,358 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed o...</description><pubDate>Thu, 12 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Kelley Drye &amp; Warren LLP: 771 exposed</title><link>https://myhealthconsent.org/breaches/kelley-drye-warren-llp-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/kelley-drye-warren-llp-2025/</guid><description>Kelley Drye &amp; Warren LLP (NY) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 12, 2025, reporting 771 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Thu, 12 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Rural Health Services: 36,542 exposed</title><link>https://myhealthconsent.org/breaches/rural-health-services-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/rural-health-services-2025/</guid><description>Rural Health Services, a federally qualified health center serving Aiken County, South Carolina, suffered a Medusa ransomware intrusion between January 15 and February 13, 2025 in which names, Social Security numbers, driver&apos;s license and passport numbers, financial account information, and detailed protected health information for 36,542 individuals were potentially exfiltrated. Individual notification letters were mailed in mid-June 2025.</description><pubDate>Thu, 12 Jun 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Medusa</category></item><item><title>Clarkston Chiropractic Sports &amp; Wellness: 2,757 exposed</title><link>https://myhealthconsent.org/breaches/clarkston-chiropractic-sports-wellness-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/clarkston-chiropractic-sports-wellness-2025/</guid><description>Clarkston Chiropractic Sports &amp; Wellness (Clarkston, MI) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 11, 2025, reporting 2,757 affected individuals in a Hacking/IT Incident event at a Network Server. Two plaintiff firms have opened class-action investigations. Specific data elements and attacker attribution remain undisclosed.</description><pubDate>Wed, 11 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Repay Management Services, LLC: 606 exposed</title><link>https://myhealthconsent.org/breaches/repay-management-services-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/repay-management-services-llc-2025/</guid><description>Repay Management Services, LLC (GA) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 10, 2025, reporting 606 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on th...</description><pubDate>Tue, 10 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Blue Shield of California: 1,543 exposed</title><link>https://myhealthconsent.org/breaches/blue-shield-of-california-2-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/blue-shield-of-california-2-2025/</guid><description>Blue Shield of California filed a HIPAA breach notification with the HHS Office for Civil Rights on June 6, 2025, reporting 1,543 individuals affected by a data-merge error in the Member Health Record feature of its online member portal that, between June 27, 2024 and April 4, 2025, allowed some members to view other members&apos; clinical information.</description><pubDate>Fri, 06 Jun 2025 00:00:00 GMT</pubDate><category>misconfiguration</category><category>ocr-open</category></item><item><title>Centivo Corporation: 630 exposed</title><link>https://myhealthconsent.org/breaches/centivo-corporation-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/centivo-corporation-2025/</guid><description>Centivo Corporation, a Buffalo, New York-headquartered third-party administrator for self-funded employer health plans, filed a HIPAA breach notification with the HHS Office for Civil Rights on June 6, 2025, reporting 630 affected individuals in an Unauthorized Access/Disclosure event involving Email. The OCR portal entry is the primary public record; the entity has not posted a separate substitute notice and no class-action filings have been identified.</description><pubDate>Fri, 06 Jun 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Episource, LLC: 6,725,572 exposed</title><link>https://myhealthconsent.org/breaches/episource-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/episource-llc-2025/</guid><description>The Episource ransomware breach disclosed June 2025 exposed Social Security numbers, diagnoses, prescriptions, test results, and health-plan IDs for 6,725,572 people. Episource is an Optum-owned business associate, so your health plan, not Episource, is notifying you. Here is what was taken and what to do.</description><pubDate>Fri, 06 Jun 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category></item><item><title>NYC Health + Hospitals: 5,728 exposed</title><link>https://myhealthconsent.org/breaches/nyc-health-hospitals-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/nyc-health-hospitals-2025/</guid><description>NYC Health + Hospitals (NY) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 06, 2025, reporting 5,728 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 06 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Public Health Trust of Miami Dade County DBA Jackson Health System: 2,599 exposed</title><link>https://myhealthconsent.org/breaches/public-health-trust-of-miami-dade-county-dba-jackson-health-system-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/public-health-trust-of-miami-dade-county-dba-jackson-health-system-2025/</guid><description>Public Health Trust of Miami Dade County DBA Jackson Health System (FL) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 06, 2025, reporting 2,599 affected individuals in a Unauthorized Access/Disclosure event at Electronic Medical Record. The HHS OCR portal entry is the primary public...</description><pubDate>Fri, 06 Jun 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Sharp Community Medical Group: 26,976 exposed</title><link>https://myhealthconsent.org/breaches/sharp-community-medical-group-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/sharp-community-medical-group-2025/</guid><description>Sharp Community Medical Group filed a HIPAA breach notification with the HHS Office for Civil Rights on June 6, 2025, reporting 26,976 affected individuals. The underlying incident was the Episource ransomware attack that ran from January 27 to February 6, 2025. Here is what was exposed and what to do.</description><pubDate>Fri, 06 Jun 2025 00:00:00 GMT</pubDate><category>vendor-breach</category><category>ocr-open</category></item><item><title>Sharp HealthCare: 500 exposed</title><link>https://myhealthconsent.org/breaches/sharp-healthcare-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/sharp-healthcare-2025/</guid><description>Sharp HealthCare (CA) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 06, 2025, reporting 500 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 06 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Sensata Technologies, Inc. Health and Welfare Benefit Plan: 15,630 exposed</title><link>https://myhealthconsent.org/breaches/sensata-technologies-inc-health-and-welfare-benefit-plan-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/sensata-technologies-inc-health-and-welfare-benefit-plan-2025/</guid><description>Sensata Technologies, Inc. Health and Welfare Benefit Plan (MA) filed a HIPAA breach notification with the HHS Office for Civil Rights on June 05, 2025, reporting 15,630 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are n...</description><pubDate>Thu, 05 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Cumberland County Hospital Association: 36,659 exposed</title><link>https://myhealthconsent.org/breaches/cumberland-county-hospital-association-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/cumberland-county-hospital-association-2025/</guid><description>Cumberland County Hospital Association in Burkesville, Kentucky confirmed that an unauthorized third party had access to its network from February 21 to April 3, 2025 and exposed Social Security numbers, full clinical detail, and employee tax and banking records for 36,659 patients and staff. The hospital filed the HIPAA breach report with HHS OCR and mailed individual notification letters on June 2, 2025, offering 12 months of complimentary credit monitoring.</description><pubDate>Mon, 02 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Renkim Corporation: 105,518 exposed</title><link>https://myhealthconsent.org/breaches/renkim-corporation-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/renkim-corporation-2025/</guid><description>Renkim Corporation, a Southgate, Michigan print and mail business associate, filed a HIPAA breach with HHS OCR on June 2, 2025 reporting 105,518 affected individuals after an unauthorized actor accessed its network on March 2-3, 2025. Downstream covered entities including NYC Health + Hospitals and Ballad Health are notifying their patients. A consolidated putative class action is pending in the Eastern District of Michigan.</description><pubDate>Mon, 02 Jun 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>Horizon Blue Cross Blue Shield NJ: 781 exposed</title><link>https://myhealthconsent.org/breaches/horizon-blue-cross-blue-shield-nj-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/horizon-blue-cross-blue-shield-nj-2025/</guid><description>Horizon Blue Cross Blue Shield NJ (NJ) filed a HIPAA breach notification with the HHS Office for Civil Rights on May 30, 2025, reporting 781 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on...</description><pubDate>Fri, 30 May 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Missouri Department of Conservation: 10,260 exposed</title><link>https://myhealthconsent.org/breaches/missouri-department-of-conservation-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/missouri-department-of-conservation-2025/</guid><description>Missouri Department of Conservation (MO) filed a HIPAA breach notification with the HHS Office for Civil Rights on May 30, 2025, reporting 10,260 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclose...</description><pubDate>Fri, 30 May 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Next Step Healthcare LLC: 12,090 exposed</title><link>https://myhealthconsent.org/breaches/next-step-healthcare-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/next-step-healthcare-llc-2025/</guid><description>Next Step Healthcare LLC (MA) filed a HIPAA breach notification with the HHS Office for Civil Rights on May 30, 2025, reporting 12,090 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this p...</description><pubDate>Fri, 30 May 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Oliver Street Dermatology Management LLC: 13,717 exposed</title><link>https://myhealthconsent.org/breaches/oliver-street-dermatology-management-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/oliver-street-dermatology-management-llc-2025/</guid><description>Oliver Street Dermatology Management LLC (TX) filed a HIPAA breach notification with the HHS Office for Civil Rights on May 30, 2025, reporting 13,717 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly dis...</description><pubDate>Fri, 30 May 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Providia Home Care, LLC dba Preferred Care Home Health Services: 38,401 exposed</title><link>https://myhealthconsent.org/breaches/providia-home-care-llc-dba-preferred-care-home-health-services-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/providia-home-care-llc-dba-preferred-care-home-health-services-2025/</guid><description>Providia Home Care, LLC dba Preferred Care Home Health Services (Fort Myers/Naples, FL) discovered unauthorized access to an employee email account on January 25, 2025, filed with HHS OCR on May 30, 2025 (38,401 affected), and completed its review on December 31, 2025. Names, SSNs, driver&apos;s license numbers, financial account and credit/debit card numbers, diagnoses, prescriptions, and health insurance data were potentially exposed. Here is what to do.</description><pubDate>Fri, 30 May 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Upper Dublin Family Dentistry: 5,000 exposed</title><link>https://myhealthconsent.org/breaches/upper-dublin-family-dentistry-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/upper-dublin-family-dentistry-2025/</guid><description>Upper Dublin Family Dentistry (PA) filed a HIPAA breach notification with the HHS Office for Civil Rights on May 30, 2025, reporting 5,000 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on th...</description><pubDate>Fri, 30 May 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Gateway Community Services, Inc.: 34,498 exposed</title><link>https://myhealthconsent.org/breaches/gateway-community-services-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/gateway-community-services-inc-2025/</guid><description>Gateway Community Services, Inc., a Jacksonville, Florida behavioral health and substance-use disorder treatment provider, disclosed an April 11, 2025 network intrusion affecting 34,498 current and former patients. Names, SSNs, government IDs, medical treatment information, and health insurance details were exposed. New ransomware group Payouts King later claimed responsibility for 890 GB of exfiltrated data. Here is what to do.</description><pubDate>Thu, 29 May 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Payouts King</category></item><item><title>Northwestern Community Services Board: 21,856 exposed</title><link>https://myhealthconsent.org/breaches/northwestern-community-services-board-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/northwestern-community-services-board-2025/</guid><description>Northwestern Community Services Board (Front Royal, VA), the public community services board for Clarke, Frederick, Page, Shenandoah and Warren counties and the City of Winchester, disclosed a July 18 – August 8, 2024 BlackSuit ransomware intrusion affecting 21,856 patients and employees. BlackSuit claimed responsibility on its dark-web leak site on August 24, 2024 (approximately 34 GB exfiltrated). NWCSB completed its forensic analysis on May 12, 2025, filed with HHS OCR on May 29, 2025, and mailed individual notifications beginning July 7, 2025. Exposed data includes names, Social Security numbers, dates of birth, diagnoses, medications, and treatment information. Here is what to do.</description><pubDate>Thu, 29 May 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>BlackSuit (a.k.a. Royal successor)</category></item><item><title>Covenant Surgical Partners, Inc.: 88,609 exposed</title><link>https://myhealthconsent.org/breaches/covenant-surgical-partners-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/covenant-surgical-partners-inc-2025/</guid><description>Covenant Surgical Partners, Inc. d/b/a Covenant Physician Partners, an ambulatory surgery center management company under USPI/Tenet Healthcare, filed a HIPAA breach with HHS OCR on May 28, 2025 affecting 88,609 individuals. The OCR record lists Covenant as a Business Associate, so notification letters reach patients through their surgery center, not from Covenant directly. Multiple plaintiff firms have opened investigations; no class action has been confirmed filed as of this update.</description><pubDate>Wed, 28 May 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Mary B. Toporcer, MD, P.C.: 501 exposed</title><link>https://myhealthconsent.org/breaches/mary-b-toporcer-md-p-c-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/mary-b-toporcer-md-p-c-2025/</guid><description>Mary B. Toporcer, MD, P.C. (PA) filed a HIPAA breach notification with the HHS Office for Civil Rights on May 28, 2025, reporting 501 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Wed, 28 May 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>The Smith Institute for Urology: 2,263 exposed</title><link>https://myhealthconsent.org/breaches/the-smith-institute-for-urology-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/the-smith-institute-for-urology-2025/</guid><description>The Smith Institute for Urology (NY) filed a HIPAA breach notification with the HHS Office for Civil Rights on May 28, 2025, reporting 2,263 affected individuals in a Unauthorized Access/Disclosure event at Desktop Computer. The HHS OCR portal entry is the primary public record; further details are not yet publicly...</description><pubDate>Wed, 28 May 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Cahaba Center for Mental Health: 15,085 exposed</title><link>https://myhealthconsent.org/breaches/cahaba-center-for-mental-health-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/cahaba-center-for-mental-health-2025/</guid><description>Cahaba Center for Mental Health (AL) filed a HIPAA breach notification with the HHS Office for Civil Rights on May 27, 2025, reporting 15,085 affected individuals in a Hacking/IT Incident event involving an employee email account. Substitute notice was published March 9, 2026, and identifies the exposed data elements.</description><pubDate>Tue, 27 May 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Access2Day Health: 4,908 exposed</title><link>https://myhealthconsent.org/breaches/access2day-health-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/access2day-health-2025/</guid><description>Access2Day Health, the Louisiana-based employer-sponsored medical clinic operator, identified suspicious activity on employee email accounts on January 31, 2025. A review confirmed unauthorized access to emails containing names, Social Security numbers, dates of birth, treatment and diagnosis information, and member IDs for 4,908 individuals. The HHS OCR filing was made on May 23, 2025; complimentary credit monitoring is being offered.</description><pubDate>Fri, 23 May 2025 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>NHPP Physical Medicine and Rehabilitation: 1,353 exposed</title><link>https://myhealthconsent.org/breaches/nhpp-physical-medicine-and-rehabilitation-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/nhpp-physical-medicine-and-rehabilitation-2025/</guid><description>NHPP Physical Medicine and Rehabilitation (NY) filed a HIPAA breach notification with the HHS Office for Civil Rights on May 23, 2025, reporting 1,353 affected individuals in a Unauthorized Access/Disclosure event at Other. The HHS OCR portal entry is the primary public record; further details are not yet publicly d...</description><pubDate>Fri, 23 May 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>North Shore University Hospital Sleep Disorders Center: 13,332 exposed</title><link>https://myhealthconsent.org/breaches/north-shore-university-hospital-sleep-disorders-center-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/north-shore-university-hospital-sleep-disorders-center-2025/</guid><description>North Shore University Hospital Sleep Disorders Center (NY) filed a HIPAA breach notification with the HHS Office for Civil Rights on May 23, 2025, reporting 13,332 affected individuals in a Unauthorized Access/Disclosure event at Other. The HHS OCR portal entry is the primary public record; further details are not...</description><pubDate>Fri, 23 May 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Sports Physical Therapy, Occupational Therapy and Rehabilitation Services of the North Shore, P.L.L.C: 6,195 exposed</title><link>https://myhealthconsent.org/breaches/sports-physical-therapy-occupational-therapy-and-rehabilitation-services-of-the-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/sports-physical-therapy-occupational-therapy-and-rehabilitation-services-of-the-2025/</guid><description>Sports Physical Therapy, Occupational Therapy and Rehabilitation Services of the North Shore, P.L.L.C (NY) filed a HIPAA breach notification with the HHS Office for Civil Rights on May 23, 2025, reporting 6,195 affected individuals in a Unauthorized Access/Disclosure event at Other. The HHS OCR portal entry is the p...</description><pubDate>Fri, 23 May 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>The Cooper Health System: 57,412 exposed</title><link>https://myhealthconsent.org/breaches/the-cooper-health-system-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/the-cooper-health-system-2025/</guid><description>The Cooper Health System, the largest academic health system in South Jersey, detected unusual network activity on May 14, 2024 but did not notify the 57,412 affected individuals until May 23, 2025. Names, dates of birth, Social Security numbers, health insurance information, medical record numbers, treatment information, and medical history were exposed. Four proposed class actions have been consolidated before Judge Karen M. Williams in the District of New Jersey.</description><pubDate>Fri, 23 May 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>Community Hospital of Anaconda: 21,243 exposed</title><link>https://myhealthconsent.org/breaches/community-hospital-of-anaconda-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/community-hospital-of-anaconda-2025/</guid><description>Community Hospital of Anaconda, a 25-bed critical access hospital in southwest Montana, confirmed that the Meow ransomware group accessed its network between August 10 and August 12, 2024 and exfiltrated data covering 21,243 patients and staff including Social Security numbers, passport and military ID numbers, financial account data, and full clinical and insurance detail. The hospital filed with HHS OCR and mailed notification letters on May 19, 2025. Notably, no complimentary credit monitoring was offered.</description><pubDate>Mon, 19 May 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category></item><item><title>Compassion Health Care, Inc.: 23,282 exposed</title><link>https://myhealthconsent.org/breaches/compassion-health-care-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/compassion-health-care-inc-2025/</guid><description>Compassion Health Care, Inc., the Yanceyville and Eden, North Carolina medical practice serving Caswell and Rockingham counties, confirmed an unauthorized actor accessed its network in March 2025. Names, Social Security numbers, driver&apos;s license numbers, and clinical and insurance information for 23,282 individuals were exposed. Ransomware group SafePay claimed responsibility and asserted it stole 107 GB of data. A $600,000 class-action settlement in Caswell County Superior Court received preliminary approval on November 17, 2025, with a final fairness hearing set for May 18, 2026.</description><pubDate>Fri, 16 May 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category></item><item><title>Harbin Clinic, LLC: 176,149 exposed</title><link>https://myhealthconsent.org/breaches/harbin-clinic-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/harbin-clinic-llc-2025/</guid><description>Harbin Clinic, a multi-specialty physician group in Rome, Georgia, notified 176,149 patients after debt-collection vendor NRS was hacked in July 2024. Eight lawsuits were consolidated in federal court in August 2025. SSNs, financial account info, and medical-related data exposed. Kroll 24-month monitoring offered. Here is what to do.</description><pubDate>Fri, 16 May 2025 00:00:00 GMT</pubDate><category>vendor-breach</category><category>class-action-filed</category></item><item><title>Insulet Corporation: 841 exposed</title><link>https://myhealthconsent.org/breaches/insulet-corporation-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/insulet-corporation-2025/</guid><description>Insulet Corporation (MA) filed a HIPAA breach notification with the HHS Office for Civil Rights on May 16, 2025, reporting 841 affected individuals in a Unauthorized Access/Disclosure event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on thi...</description><pubDate>Fri, 16 May 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Mercy Surgical Dressing Group, Inc.: 4,159 exposed</title><link>https://myhealthconsent.org/breaches/mercy-surgical-dressing-group-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/mercy-surgical-dressing-group-inc-2025/</guid><description>Mercy Surgical Dressing Group, Inc. (PA) filed a HIPAA breach notification with the HHS Office for Civil Rights on May 16, 2025, reporting 4,159 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed...</description><pubDate>Fri, 16 May 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Anne Arundel County Department of Health: 500 exposed</title><link>https://myhealthconsent.org/breaches/anne-arundel-county-department-of-health-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/anne-arundel-county-department-of-health-2025/</guid><description>Anne Arundel County (Maryland) confirmed a January-February 2025 ransomware intrusion that copied files from the County&apos;s network, including patient records held by the Department of Health. The County filed an initial HIPAA report with HHS OCR on May 15, 2025 using a placeholder count of 500 individuals; the final figure remains pending file review. Exposed elements include full name, address, and medical diagnosis or condition.</description><pubDate>Thu, 15 May 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category></item><item><title>CareNexa, LLC, doing business as Molecular Testing Labs: 7,711 exposed</title><link>https://myhealthconsent.org/breaches/carenexa-llc-doing-business-as-molecular-testing-labs-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/carenexa-llc-doing-business-as-molecular-testing-labs-2025/</guid><description>CareNexa, LLC, doing business as Molecular Testing Labs (Vancouver, WA) filed a HIPAA breach notification with the HHS Office for Civil Rights on May 15, 2025, reporting 7,711 affected individuals after a ransomware attack on a third-party data hosting and security vendor exposed names, addresses, and information related to medical tests for the lab&apos;s STI, infectious-disease, and molecular diagnostics patients.</description><pubDate>Thu, 15 May 2025 00:00:00 GMT</pubDate><category>vendor-breach</category><category>ocr-open</category></item><item><title>Doctors Hospital at Renaissance, LTD: 501 exposed</title><link>https://myhealthconsent.org/breaches/doctors-hospital-at-renaissance-ltd-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/doctors-hospital-at-renaissance-ltd-2025/</guid><description>Doctors Hospital at Renaissance, LTD (TX) filed a HIPAA breach notification with the HHS Office for Civil Rights on May 15, 2025, reporting 501 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed...</description><pubDate>Thu, 15 May 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>HopeHealth, Inc.: 5,823 exposed</title><link>https://myhealthconsent.org/breaches/hopehealth-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/hopehealth-inc-2025/</guid><description>HopeHealth, Inc. (SC) filed a HIPAA breach notification with the HHS Office for Civil Rights on May 15, 2025, reporting 5,823 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Thu, 15 May 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Hunter Health Clinic: 28,431 exposed</title><link>https://myhealthconsent.org/breaches/hunter-health-clinic-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/hunter-health-clinic-2025/</guid><description>Hunter Health Clinic, the federally qualified health center serving Wichita, Kansas since 1976 and the only Urban Indian Health Program in the state, filed a HIPAA breach notification with HHS OCR on May 15, 2025 reporting 28,431 affected individuals from a Hacking/IT Incident classified as Network Server. Unauthorized access to an employee email account ran from September 27 to September 30, 2024 and was confirmed May 1, 2025. Exposed data includes Social Security numbers, dates of birth, driver&apos;s license and state ID numbers, financial account information, medical and clinical information, patient account numbers, and health insurance information. Twelve months of IDX identity-theft protection offered. Multiple plaintiff-side firms publicly investigating.</description><pubDate>Thu, 15 May 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>CVS Caremark: 2,599 exposed</title><link>https://myhealthconsent.org/breaches/cvs-caremark-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/cvs-caremark-2025/</guid><description>CVS Caremark, the Rhode Island-based pharmacy benefit manager, filed a HIPAA breach report with HHS OCR on May 13, 2025 disclosing the unauthorized access or disclosure of paper and film records containing the protected health information of 2,599 individuals. Multiple plaintiffs&apos; firms have opened class-action investigations.</description><pubDate>Tue, 13 May 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Weiser Valley Hospital District dba Weiser Memorial Hospital: 59,990 exposed</title><link>https://myhealthconsent.org/breaches/weiser-valley-hospital-district-dba-weiser-memorial-hospital-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/weiser-valley-hospital-district-dba-weiser-memorial-hospital-2025/</guid><description>Weiser Valley Hospital District (dba Weiser Memorial Hospital), a 25-bed critical-access hospital in Weiser, Idaho, confirmed that the EMBARGO ransomware group accessed its network on September 4, 2024 and exfiltrated files containing names, Social Security numbers, government IDs, diagnoses, treatment information, and Medicare/Medicaid data for 59,990 current and former patients. File review concluded April 21, 2025, individual notification letters began mailing May 12, 2025, and the HIPAA breach report was filed with HHS OCR on May 15, 2025. Affected individuals were offered complimentary single-bureau credit monitoring through Cyberscout.</description><pubDate>Mon, 12 May 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>EMBARGO</category></item><item><title>Blue Cross Blue Shield of Texas: 593 exposed</title><link>https://myhealthconsent.org/breaches/blue-cross-blue-shield-of-texas-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/blue-cross-blue-shield-of-texas-2025/</guid><description>Blue Cross Blue Shield of Texas filed a second HIPAA breach notification with the HHS Office for Civil Rights on May 9, 2025, reporting 593 affected individuals in an Unauthorized Access/Disclosure event involving paper records. The filing is distinct from the larger BCBSTX/Conduent incident under Texas Attorney General investigation.</description><pubDate>Fri, 09 May 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Washington Gastroenterology: 501 exposed</title><link>https://myhealthconsent.org/breaches/washington-gastroenterology-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/washington-gastroenterology-2025/</guid><description>Washington Gastroenterology (WA) filed a HIPAA breach notification with the HHS Office for Civil Rights on May 09, 2025, reporting 501 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this p...</description><pubDate>Fri, 09 May 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Tri-City Cardiology Consultants, P.C.: 22,753 exposed</title><link>https://myhealthconsent.org/breaches/tri-city-cardiology-consultants-p-c-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/tri-city-cardiology-consultants-p-c-2025/</guid><description>Tri-City Cardiology Consultants, P.C., a Phoenix-area cardiology practice, identified an attempted infiltration of its computer network on April 6, 2025. Names, health insurance information, and protected health information for 22,753 individuals may have been viewed or obtained. The practice filed a HIPAA breach notification with HHS OCR on May 8, 2025.</description><pubDate>Thu, 08 May 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Allied Services Division Welfare Fund: 5,727 exposed</title><link>https://myhealthconsent.org/breaches/allied-services-division-welfare-fund-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/allied-services-division-welfare-fund-2025/</guid><description>Allied Services Division Welfare Fund, an Arlington Heights, Illinois union health-and-welfare plan, disclosed in 2025 that an unauthorized actor accessed an employee email account between October 9 and November 26, 2024. The Fund filed with the HHS Office for Civil Rights reporting 5,727 affected individuals and is offering 24 months of Experian IdentityWorks credit monitoring to those whose name, Social Security number, driver&apos;s license, date of birth, medical records, health insurance, or financial-account information may have been exposed.</description><pubDate>Wed, 07 May 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>The Carpenter Health Network: 878 exposed</title><link>https://myhealthconsent.org/breaches/the-carpenter-health-network-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/the-carpenter-health-network-2025/</guid><description>The Carpenter Health Network (LA) filed a HIPAA breach notification with the HHS Office for Civil Rights on May 06, 2025, reporting 878 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this...</description><pubDate>Tue, 06 May 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Minnesota Orthodontics and Dentofacial Orthopedics, P.A.: 501 exposed</title><link>https://myhealthconsent.org/breaches/minnesota-orthodontics-and-dentofacial-orthopedics-p-a-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/minnesota-orthodontics-and-dentofacial-orthopedics-p-a-2025/</guid><description>Minnesota Orthodontics and Dentofacial Orthopedics, P.A. (MN) filed a HIPAA breach notification with the HHS Office for Civil Rights on May 05, 2025, reporting 501 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet...</description><pubDate>Mon, 05 May 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>CardioVascular Health Clinic: 501 exposed</title><link>https://myhealthconsent.org/breaches/cardiovascular-health-clinic-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/cardiovascular-health-clinic-2025/</guid><description>CardioVascular Health Clinic (Oklahoma City) reported a data breach to HHS OCR on May 3, 2025 after an unauthorized actor accessed patient data between Feb 18 and Mar 4, 2025 through a cloud services provider. Notification letters mailed May 15, 2025. Class-action investigations underway.</description><pubDate>Sat, 03 May 2025 00:00:00 GMT</pubDate><category>vendor-breach</category><category>ocr-open</category></item><item><title>Monongalia Health System, Inc.: 4,895 exposed</title><link>https://myhealthconsent.org/breaches/monongalia-health-system-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/monongalia-health-system-inc-2025/</guid><description>Monongalia Health System, Inc. (WV) filed a HIPAA breach notification with the HHS Office for Civil Rights on May 03, 2025, reporting 4,895 affected individuals in a Unauthorized Access/Disclosure event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on...</description><pubDate>Sat, 03 May 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Absolute Dental Group, LLC: 1,223,635 exposed</title><link>https://myhealthconsent.org/breaches/absolute-dental-group-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/absolute-dental-group-llc-2025/</guid><description>Absolute Dental Group, the Nevada DSO with 50+ locations, confirmed an unauthorized actor accessed its network between February 19 and March 5, 2025. Names, Social Security numbers, driver&apos;s license data, treatment records, and insurance information for 1,223,635 individuals were exposed. A $3.3M class-action settlement received preliminary approval on March 10, 2026.</description><pubDate>Fri, 02 May 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>Anesthesia Associates of Morristown, P.A.: 34,675 exposed</title><link>https://myhealthconsent.org/breaches/anesthesia-associates-of-morristown-p-a-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/anesthesia-associates-of-morristown-p-a-2025/</guid><description>Anesthesia Associates of Morristown, P.A. (Morristown, NJ) filed a HIPAA breach notification with HHS OCR on May 2, 2025 reporting 34,675 individuals affected by an Improper Disposal incident involving Paper/Films. A business associate was involved. No entity notice, NJ AG filing, or class action has surfaced as of mid-May 2026. Here is what is known and what to do.</description><pubDate>Fri, 02 May 2025 00:00:00 GMT</pubDate><category>unknown</category><category>ocr-open</category></item><item><title>DermCare Management: 501 exposed</title><link>https://myhealthconsent.org/breaches/dermcare-management-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/dermcare-management-2025/</guid><description>DermCare Management (FL) filed a HIPAA breach notification with the HHS Office for Civil Rights on May 02, 2025, reporting 501 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 02 May 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Berkeley Research Group, LLC: 500 exposed</title><link>https://myhealthconsent.org/breaches/berkeley-research-group-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/berkeley-research-group-llc-2025/</guid><description>Berkeley Research Group, LLC (CA) filed a HIPAA breach notification with the HHS Office for Civil Rights on April 30, 2025, reporting 500 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on thi...</description><pubDate>Wed, 30 Apr 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Chaos ransomware (reported); intrusion via attacker impersonating an IT worker</category></item><item><title>Canby Clinic: 549 exposed</title><link>https://myhealthconsent.org/breaches/canby-clinic-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/canby-clinic-2025/</guid><description>Canby Clinic, an Oregon naturopathic medical practice, disclosed a HIPAA breach affecting 549 individuals after an unauthorized actor accessed an employee email account between April 22 and May 7, 2025. The breach was filed with HHS OCR on April 30, 2025 and reported to the Oregon Department of Justice on May 17, 2025.</description><pubDate>Wed, 30 Apr 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Family Christian Health Center: 12,500 exposed</title><link>https://myhealthconsent.org/breaches/family-christian-health-center-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/family-christian-health-center-2025/</guid><description>Family Christian Health Center (IL) filed a HIPAA breach notification with the HHS Office for Civil Rights on April 30, 2025, reporting 12,500 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed o...</description><pubDate>Wed, 30 Apr 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Physician Wound Solutions, LLC dba Apollo Medical Supply: 3,561 exposed</title><link>https://myhealthconsent.org/breaches/physician-wound-solutions-llc-dba-apollo-medical-supply-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/physician-wound-solutions-llc-dba-apollo-medical-supply-2025/</guid><description>Physician Wound Solutions, LLC dba Apollo Medical Supply (FL) filed a HIPAA breach notification with the HHS Office for Civil Rights on April 29, 2025, reporting 3,561 affected individuals in a Unauthorized Access/Disclosure event at Network Server. The HHS OCR portal entry is the primary public record; further deta...</description><pubDate>Tue, 29 Apr 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Ascension Health: 437,329 exposed</title><link>https://myhealthconsent.org/breaches/ascension-health-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/ascension-health-2025/</guid><description>Ascension Health filed a HIPAA breach notification with HHS OCR on April 28, 2025, reporting 437,329 individuals affected after a former business partner&apos;s systems were compromised in late 2024. The intrusion is widely linked to the Clop ransomware gang&apos;s mass exploitation of the Cleo file-transfer platform. This is a separate event from Ascension&apos;s May 2024 Black Basta ransomware breach (~5.6M).</description><pubDate>Mon, 28 Apr 2025 00:00:00 GMT</pubDate><category>vendor-breach</category><category>ocr-open</category><category>Clop (suspected) — via Cleo file-transfer zero-day exploitation</category></item><item><title>Minnesota Epilepsy Group: 38,401 exposed</title><link>https://myhealthconsent.org/breaches/minnesota-epilepsy-group-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/minnesota-epilepsy-group-2025/</guid><description>Minnesota Epilepsy Group (Roseville, MN), the largest level-4 epilepsy center in the Midwest, discovered a network intrusion on February 27, 2025 and filed with HHS OCR on April 28, 2025 reporting 38,401 affected individuals. Exposed data may include names, addresses, dates of birth, medical record numbers, EEG summaries, neuropsychology reports, medication records, and health insurance information. The cloud-based EHR was not compromised. Here is what to do.</description><pubDate>Mon, 28 Apr 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Carlton County Public Health and Human Services: 3,502 exposed</title><link>https://myhealthconsent.org/breaches/carlton-county-public-health-and-human-services-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/carlton-county-public-health-and-human-services-2025/</guid><description>Carlton County Public Health and Human Services (MN) confirmed unauthorized third-party access to a single employee email account between January 23 and February 6, 2025. The county filed with HHS OCR and issued public notice on April 25, 2025, with mailed notifications following on May 2, 2025. A total of 3,502 individuals — primarily Public Health and Human Services clients and household members — had personal and protected health information potentially accessed, including Social Security numbers, driver&apos;s license numbers, financial account numbers, medical diagnoses, treatment information, medications, and insurance ID numbers.</description><pubDate>Fri, 25 Apr 2025 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>Maximus, Inc.: 4,955 exposed</title><link>https://myhealthconsent.org/breaches/maximus-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/maximus-inc-2025/</guid><description>Maximus, Inc. (VA) filed a HIPAA breach notification with the HHS Office for Civil Rights on April 25, 2025, reporting 4,955 affected individuals in a Unauthorized Access/Disclosure event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this...</description><pubDate>Fri, 25 Apr 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Pediatric Otolaryngology Head &amp; Neck Surgery Associates, P.A.: 43,446 exposed</title><link>https://myhealthconsent.org/breaches/pediatric-otolaryngology-head-neck-surgery-associates-p-a-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/pediatric-otolaryngology-head-neck-surgery-associates-p-a-2025/</guid><description>Pediatric Otolaryngology Head &amp; Neck Surgery Associates, P.A. (operating as Pediatric Ear, Nose &amp; Throat Specialists in St. Petersburg, FL) confirmed unauthorized network access between February 19 and February 24, 2025. Names, Social Security numbers, driver&apos;s license data, financial account information, and pediatric medical records for 43,446 individuals were exposed. Multiple plaintiff firms have opened class-action investigations.</description><pubDate>Fri, 25 Apr 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Brainard Surgery Center LLC: 1,820 exposed</title><link>https://myhealthconsent.org/breaches/brainard-surgery-center-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/brainard-surgery-center-llc-2025/</guid><description>Brainard Surgery Center LLC (OH) filed a HIPAA breach notification with the HHS Office for Civil Rights on April 24, 2025, reporting 1,820 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on th...</description><pubDate>Thu, 24 Apr 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Drug and Alcohol Treatment Services, Inc.: 22,215 exposed</title><link>https://myhealthconsent.org/breaches/drug-and-alcohol-treatment-services-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/drug-and-alcohol-treatment-services-inc-2025/</guid><description>Drug and Alcohol Treatment Services, Inc. (DATS), a Scranton, PA outpatient addiction-treatment provider, disclosed an October 2024 Interlock ransomware intrusion that exposed names, Social Security numbers, dates of birth, diagnoses, medications, doctor names, and treatment records of 22,215 patients. Filed with HHS OCR on April 24, 2025. Eight-plus class actions consolidated as Woytach v. DATS in Lackawanna County. Here is what to do.</description><pubDate>Thu, 24 Apr 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category><category>Interlock</category></item><item><title>Palo Verde Hospital: 594 exposed</title><link>https://myhealthconsent.org/breaches/palo-verde-hospital-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/palo-verde-hospital-2025/</guid><description>Palo Verde Hospital (CA) filed a HIPAA breach notification with the HHS Office for Civil Rights on April 24, 2025, reporting 594 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Thu, 24 Apr 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Orthopaedic Specialists of Connecticut: 22,541 exposed</title><link>https://myhealthconsent.org/breaches/orthopaedic-specialists-of-connecticut-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/orthopaedic-specialists-of-connecticut-2025/</guid><description>Orthopaedic Specialists of Connecticut (OSC), a Brookfield-based orthopedic practice, notified 22,541 patients on April 23, 2025 of a March 2, 2025 ransomware attack claimed by the INC RANSOM group. Names, dates of birth, Social Security numbers, health insurance ID numbers, and medical information were exposed. A $5M+ class action was filed in the U.S. District Court for the District of Connecticut on May 6, 2025.</description><pubDate>Wed, 23 Apr 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category><category>INC RANSOM</category></item><item><title>Icon Family Healthcare LLC: 1,800 exposed</title><link>https://myhealthconsent.org/breaches/icon-family-healthcare-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/icon-family-healthcare-llc-2025/</guid><description>Icon Family Healthcare LLC (CA) filed a HIPAA breach notification with the HHS Office for Civil Rights on April 22, 2025, reporting 1,800 affected individuals in a Unauthorized Access/Disclosure event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on t...</description><pubDate>Tue, 22 Apr 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Onsite Mammography: 357,265 exposed</title><link>https://myhealthconsent.org/breaches/onsite-mammography-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/onsite-mammography-2025/</guid><description>Onsite Mammography, the Westfield, Massachusetts mobile breast-imaging provider operating as Onsite Women&apos;s Health, notified 357,265 individuals on April 9, 2025 of an email account compromise traced to a phishing attack in early October 2024. Exposed data included Social Security numbers, dates of birth, driver&apos;s license numbers, financial account data, and detailed mammography and other health records. A $2,525,000 class action settlement received preliminary approval April 13, 2026; claims are due August 11, 2026. Here is what to do.</description><pubDate>Mon, 21 Apr 2025 00:00:00 GMT</pubDate><category>phishing</category><category>class-action-filed</category></item><item><title>90 Degree Benefits, Inc. – St. Paul: 1,268 exposed</title><link>https://myhealthconsent.org/breaches/90-degree-benefits-inc-st-paul-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/90-degree-benefits-inc-st-paul-2025/</guid><description>90 Degree Benefits, Inc. – St. Paul (WI) filed a HIPAA breach notification with the HHS Office for Civil Rights on April 18, 2025, reporting 1,268 affected individuals after an attacker accessed a single employee email account containing protected health information. State AG filings began April 8, 2025; complimentary credit monitoring was offered through Experian IdentityWorks.</description><pubDate>Fri, 18 Apr 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>The Plastic Surgery Center, P.A.: 64,813 exposed</title><link>https://myhealthconsent.org/breaches/the-plastic-surgery-center-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/the-plastic-surgery-center-2025/</guid><description>The Plastic Surgery Center, P.A., a Shrewsbury, NJ plastic surgery group with 20+ locations across New Jersey, New York, and Pennsylvania, disclosed a breach at its contracted billing vendor. Unauthorized network access on November 4, 2024 was filed with HHS OCR on January 3, 2025 (64,813 affected) and patient notifications were mailed April 18, 2025. Exposed data: SSN, driver&apos;s license, passport, taxpayer ID, financial account / payment card, biometric data, and medical / health insurance information. IDX credit monitoring offered through July 18, 2025 enrollment. Class-action investigations active.</description><pubDate>Fri, 18 Apr 2025 00:00:00 GMT</pubDate><category>vendor-breach</category><category>ocr-open</category></item><item><title>HEALTH AND WELLNESS OF TEXAS: 500 exposed</title><link>https://myhealthconsent.org/breaches/health-and-wellness-of-texas-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/health-and-wellness-of-texas-2025/</guid><description>HEALTH AND WELLNESS OF TEXAS (TX) filed a HIPAA breach notification with the HHS Office for Civil Rights on April 16, 2025, reporting 500 affected individuals in a Unauthorized Access/Disclosure event at Electronic Medical Record, Email. The HHS OCR portal entry is the primary public record; further details are not...</description><pubDate>Wed, 16 Apr 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Recovery Epicenter Foundation: 800 exposed</title><link>https://myhealthconsent.org/breaches/recovery-epicenter-foundation-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/recovery-epicenter-foundation-2025/</guid><description>Recovery Epicenter Foundation (FL) filed a HIPAA breach notification with the HHS Office for Civil Rights on April 16, 2025, reporting 800 affected individuals in a Unauthorized Access/Disclosure event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disc...</description><pubDate>Wed, 16 Apr 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Bell Ambulance, Inc.: 237,830 exposed</title><link>https://myhealthconsent.org/breaches/bell-ambulance-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/bell-ambulance-inc-2025/</guid><description>Bell Ambulance, Inc., Wisconsin&apos;s largest private ambulance service, suffered a February 2025 Medusa ransomware attack that exfiltrated roughly 219 GB of data and exposed names, Social Security numbers, driver&apos;s license numbers, financial account information, medical information, and health insurance information for 237,830 patients and employees. 12 to 24 months credit monitoring offered; $2M class settlement pending.</description><pubDate>Mon, 14 Apr 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category><category>Medusa ransomware group</category></item><item><title>The City of Long Beach, CA: 258,191 exposed</title><link>https://myhealthconsent.org/breaches/the-city-of-long-beach-ca-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/the-city-of-long-beach-ca-2025/</guid><description>A November 14, 2023 network intrusion at the City of Long Beach, California exposed personal data for 470,060 people, including protected health information for 258,191 individuals reported to HHS OCR in April 2025. A $2.35M class-action settlement, funded by city insurance carriers, pays roughly $5 per class member.</description><pubDate>Mon, 14 Apr 2025 00:00:00 GMT</pubDate><category>hacking</category><category>settled</category></item><item><title>Blue Cross and Blue Shield of Illinois: 6,903 exposed</title><link>https://myhealthconsent.org/breaches/blue-cross-and-blue-shield-of-illinois-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/blue-cross-and-blue-shield-of-illinois-2025/</guid><description>Blue Cross and Blue Shield of Illinois (HCSC) filed a HIPAA breach notification with the HHS Office for Civil Rights on April 13, 2025, reporting 6,903 affected individuals after unauthorized activity on its Blue Access for Members (BAM) member portal between November 8, 2024 and March 5, 2025. Distinct from the separate Conduent vendor incident later disclosed in October 2025.</description><pubDate>Sun, 13 Apr 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Blue Cross and Blue Shield of Oklahoma: 1,020 exposed</title><link>https://myhealthconsent.org/breaches/blue-cross-and-blue-shield-of-oklahoma-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/blue-cross-and-blue-shield-of-oklahoma-2025/</guid><description>Blue Cross and Blue Shield of Oklahoma (BCBSOK), a division of HCSC, disclosed unauthorized access to its Blue Access for Members (BAM) online portal affecting 1,020 individuals. The intrusion ran from November 8, 2024 to March 5, 2025 and was detected on February 11, 2025. BCBSOK filed with HHS OCR on April 13, 2025 and is offering 12 months of complimentary Experian IdentityWorks monitoring.</description><pubDate>Sun, 13 Apr 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Blue Cross and Blue Shield of Texas: 12,086 exposed</title><link>https://myhealthconsent.org/breaches/blue-cross-and-blue-shield-of-texas-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/blue-cross-and-blue-shield-of-texas-2025/</guid><description>Blue Cross and Blue Shield of Texas notified 12,086 members that their Blue Access for Members (BAM) portal accounts were accessed by an unauthorized third party between November 8, 2024 and March 5, 2025. BCBSTX detected the activity on February 11, 2025 and filed with HHS OCR on April 13, 2025.</description><pubDate>Sun, 13 Apr 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Health Care Service Corporation: 2,944 exposed</title><link>https://myhealthconsent.org/breaches/health-care-service-corporation-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/health-care-service-corporation-2025/</guid><description>Health Care Service Corporation (IL) filed a HIPAA breach notification with the HHS Office for Civil Rights on April 13, 2025, reporting 2,944 affected individuals in a Unauthorized Access/Disclosure event at Other. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed...</description><pubDate>Sun, 13 Apr 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Altior Healthcare, LLC: 1,002 exposed</title><link>https://myhealthconsent.org/breaches/altior-healthcare-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/altior-healthcare-llc-2025/</guid><description>Altior Healthcare, LLC (CA) reported a HIPAA breach to HHS OCR affecting 1,002 individuals after a phishing attack gave intruders intermittent access to employee email accounts between July 14, 2024 and January 8, 2025. Notification letters were mailed on April 11, 2025. Exposed data may include name, date of birth, dates of service, provider name, and medication information.</description><pubDate>Fri, 11 Apr 2025 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>Endue Software: 118,028 exposed</title><link>https://myhealthconsent.org/breaches/endue-software-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/endue-software-2025/</guid><description>Endue Software, a Maine-based infusion management platform used by rheumatology and infusion-therapy providers, confirmed that an unauthorized actor accessed its systems on February 16, 2025. Names, Social Security numbers, dates of birth, medical record numbers, diagnosis and prescription details, and (for a subset) financial account information for 118,028 individuals were exposed. A class-action settlement in Pauley v. Endue received preliminary approval on March 27, 2026.</description><pubDate>Fri, 11 Apr 2025 00:00:00 GMT</pubDate><category>hacking</category><category>settled</category></item><item><title>Parc Provence Memory Care Facility: 13,954 exposed</title><link>https://myhealthconsent.org/breaches/parc-provence-memory-care-facility-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/parc-provence-memory-care-facility-2025/</guid><description>Parc Provence Memory Care Facility (MO) filed a HIPAA breach notification with the HHS Office for Civil Rights on April 11, 2025, reporting 13,954 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclos...</description><pubDate>Fri, 11 Apr 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Summit Healthcare Medical Associates: 1,861 exposed</title><link>https://myhealthconsent.org/breaches/summit-healthcare-medical-associates-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/summit-healthcare-medical-associates-2025/</guid><description>Summit Healthcare Medical Associates (AZ) filed a HIPAA breach notification with the HHS Office for Civil Rights on April 11, 2025, reporting 1,861 affected individuals in a Unauthorized Access/Disclosure event at Electronic Medical Record. The HHS OCR portal entry is the primary public record; further details are n...</description><pubDate>Fri, 11 Apr 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>The Gatesworth Senior Living St. Louis: 31,124 exposed</title><link>https://myhealthconsent.org/breaches/the-gatesworth-senior-living-st-louis-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/the-gatesworth-senior-living-st-louis-2025/</guid><description>The Gatesworth Communities, a luxury senior-living group in St. Louis, Missouri (operating The Gatesworth, Parc Provence, and the McKnight Place communities), confirmed unauthorized access to its network between January 22 and 26, 2025 after a third-party IT vendor was breached. 31,124 individuals were affected. Names, Social Security numbers, dates of birth, government IDs, medical records, health insurance details, and financial information may have been exposed. Notifications mailed August 26, 2025. The Qilin ransomware group named The Gatesworth on its leak site.</description><pubDate>Fri, 11 Apr 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category></item><item><title>Blue Shield of California: 4,700,000 exposed</title><link>https://myhealthconsent.org/breaches/blue-shield-of-california-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/blue-shield-of-california-2025/</guid><description>Blue Shield of California disclosed on April 9, 2025 that a Google Analytics misconfiguration on its member-facing websites shared protected health information with Google Ads for nearly three years (April 2021 to January 2024). Approximately 4.7 million members affected. No SSNs or financial data exposed. Class action filed April 14, 2025. Here is what to do.</description><pubDate>Wed, 09 Apr 2025 00:00:00 GMT</pubDate><category>misconfiguration</category><category>class-action-filed</category></item><item><title>Kelly &amp; Associates Insurance Group, Inc.: 553,332 exposed</title><link>https://myhealthconsent.org/breaches/kelly-associates-insurance-group-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/kelly-associates-insurance-group-inc-2025/</guid><description>Kelly &amp; Associates Insurance Group (Kelly Benefits), a Hunt Valley, Maryland benefits administration firm, suffered a December 2024 intrusion that exfiltrated names, SSNs, DOBs, tax IDs, medical information, health-insurance details and financial account data on 553,332 people. The affected population is downstream plan members of 46 employer and carrier clients. Notification letters mailed May 2, 2025; 13+ class actions consolidated in D. Md.</description><pubDate>Wed, 09 Apr 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>Alabama Ophthalmology Associates: 131,576 exposed</title><link>https://myhealthconsent.org/breaches/alabama-ophthalmology-associates-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/alabama-ophthalmology-associates-2025/</guid><description>Alabama Ophthalmology Associates (AOA), a Birmingham, AL ophthalmology practice, was breached by an unauthorized actor between January 22 and January 30, 2025. Notifications mailed April 7, 2025 disclosed exposure of names, Social Security numbers, driver&apos;s license numbers, dates of birth, medical record numbers, treatment and medical history information, and health insurance details for 131,576 individuals. The BianLian ransomware group claimed credit. A consolidated state class action settled for $850,000 with preliminary approval on February 19, 2026.</description><pubDate>Tue, 08 Apr 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>settled</category><category>BianLian</category></item><item><title>Friendship House, Inc.: 501 exposed</title><link>https://myhealthconsent.org/breaches/friendship-house-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/friendship-house-inc-2025/</guid><description>Friendship House, Inc. (NE) filed a HIPAA breach notification with the HHS Office for Civil Rights on April 04, 2025, reporting 501 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 04 Apr 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Loretto Hospital: 501 exposed</title><link>https://myhealthconsent.org/breaches/loretto-hospital-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/loretto-hospital-2025/</guid><description>Loretto Hospital (IL) filed a HIPAA breach notification with the HHS Office for Civil Rights on April 04, 2025, reporting 501 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 04 Apr 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Newburgh Healthcare Residential Center, Inc.: 700 exposed</title><link>https://myhealthconsent.org/breaches/newburgh-healthcare-residential-center-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/newburgh-healthcare-residential-center-inc-2025/</guid><description>Newburgh Healthcare Residential Center, Inc. (IN) filed a HIPAA breach notification with the HHS Office for Civil Rights on April 04, 2025, reporting 700 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly...</description><pubDate>Fri, 04 Apr 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Dallas County MHMR dba Metrocare Services: 553 exposed</title><link>https://myhealthconsent.org/breaches/dallas-county-mhmr-dba-metrocare-services-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/dallas-county-mhmr-dba-metrocare-services-2025/</guid><description>Dallas County MHMR dba Metrocare Services (TX), a community mental health and IDD provider, filed a HIPAA breach notification with HHS OCR on April 3, 2025, reporting 553 affected individuals. An employee sent encrypted emails containing PHI outside the Metrocare network between June 4, 2023 and February 6, 2025. Exposed data included names, Medical Record Numbers, State Identification Numbers, and admission/discharge dates.</description><pubDate>Thu, 03 Apr 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Hamilton County Government: 14,081 exposed</title><link>https://myhealthconsent.org/breaches/hamilton-county-government-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/hamilton-county-government-2025/</guid><description>Hamilton County Government (TN) filed a HIPAA breach notification with the HHS Office for Civil Rights on April 03, 2025, reporting 14,081 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on th...</description><pubDate>Thu, 03 Apr 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Allegany Council on Alcoholism &amp; Substance Abuse, Inc.: 696 exposed</title><link>https://myhealthconsent.org/breaches/allegany-council-on-alcoholism-substance-abuse-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/allegany-council-on-alcoholism-substance-abuse-inc-2025/</guid><description>Allegany Council on Alcoholism &amp; Substance Abuse, Inc. (ACASA), an OASAS-certified substance use disorder treatment provider in Wellsville, NY, filed a HIPAA breach report with HHS OCR on April 2, 2025 disclosing a Hacking/IT Incident affecting an email account and 696 individuals. ACASA later issued a Notice of Data Incident with a dedicated call line. Because ACASA is a federally assisted SUD program, the exposed records are also protected by 42 CFR Part 2.</description><pubDate>Wed, 02 Apr 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Dameron Hospital: 210,706 exposed</title><link>https://myhealthconsent.org/breaches/dameron-hospital-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/dameron-hospital-2025/</guid><description>Stockton, California community hospital Dameron Hospital was hit by a RansomHouse ransomware attack on November 4-5, 2023, with roughly 480 GB exfiltrated. The hospital did not determine PHI was involved until March 21, 2025, and began notifying 210,706 individuals on April 2, 2025. A $650,000 class-action settlement was reached and a final approval hearing was held May 29, 2025.</description><pubDate>Wed, 02 Apr 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>settled</category><category>RansomHouse</category></item><item><title>Health Services LLC: 75,906 exposed</title><link>https://myhealthconsent.org/breaches/health-services-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/health-services-llc-2025/</guid><description>An entity filed with the HHS Office for Civil Rights as &apos;Health Services LLC&apos; (Ohio Healthcare Provider) reported a network-server hacking incident affecting 75,906 individuals on April 1, 2025. The legal name is generic and we have not yet been able to confirm the operating brand through HIPAA Journal, DataBreaches.net, the Ohio Attorney General, or court filings. Here is what the public record shows and what to do.</description><pubDate>Tue, 01 Apr 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Family Centers, Inc.: 12,142 exposed</title><link>https://myhealthconsent.org/breaches/family-centers-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/family-centers-inc-2025/</guid><description>Family Centers, Inc. (CT) filed a HIPAA breach notification with the HHS Office for Civil Rights on March 31, 2025, reporting 12,142 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Mon, 31 Mar 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Community Dental Care, Inc.: 134,903 exposed</title><link>https://myhealthconsent.org/breaches/community-dental-care-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/community-dental-care-inc-2025/</guid><description>Community Dental Care, Inc., the largest nonprofit Medicaid dental provider in Minnesota, confirmed that an unauthorized actor accessed its network on or about December 6, 2024. Names, Social Security numbers, driver&apos;s license and passport numbers, medical information, and health-insurance details for 134,903 individuals were exposed. Notification mailings and a HIPAA filing followed on March 28, 2025.</description><pubDate>Fri, 28 Mar 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Frederick Health: 934,326 exposed</title><link>https://myhealthconsent.org/breaches/frederick-health-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/frederick-health-2025/</guid><description>Frederick Health, a community hospital and health system in Frederick, Maryland, was hit by a January 27, 2025 ransomware attack that forced systems offline, triggered ambulance diversion, and exfiltrated a file-share server containing names, addresses, dates of birth, Social Security numbers, driver&apos;s license numbers, medical record numbers, health insurance details, and clinical information for 934,326 individuals. At least five class-action suits were filed by March.</description><pubDate>Fri, 28 Mar 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category></item><item><title>North Hudson Community Action Corporation: 501 exposed</title><link>https://myhealthconsent.org/breaches/north-hudson-community-action-corporation-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/north-hudson-community-action-corporation-2025/</guid><description>North Hudson Community Action Corporation (NJ) filed a HIPAA breach notification with the HHS Office for Civil Rights on March 28, 2025, reporting 501 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly dis...</description><pubDate>Fri, 28 Mar 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>SimonMed Imaging: 500 exposed</title><link>https://myhealthconsent.org/breaches/simonmed-imaging-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/simonmed-imaging-2025/</guid><description>SimonMed Imaging (AZ) filed a HIPAA breach notification with the HHS Office for Civil Rights on March 27, 2025, reporting 500 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Thu, 27 Mar 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Western Wayne Family Physicians: 62,000 exposed</title><link>https://myhealthconsent.org/breaches/western-wayne-family-physicians-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/western-wayne-family-physicians-2025/</guid><description>Western Wayne Family Physicians, P.L.C. filed a HIPAA breach notification with HHS OCR on March 26, 2025, reporting a hacking/IT incident on its network server that affected 62,000 individuals. The Allen Park, Michigan primary care group began mailing notification letters with an offer of complimentary credit monitoring and faces active class-action investigations by multiple plaintiffs&apos; firms.</description><pubDate>Wed, 26 Mar 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Bigfork Valley Hospital: 8,496 exposed</title><link>https://myhealthconsent.org/breaches/bigfork-valley-hospital-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/bigfork-valley-hospital-2025/</guid><description>Bigfork Valley Hospital (MN) filed a HIPAA breach notification with the HHS Office for Civil Rights on March 25, 2025, reporting 8,496 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Tue, 25 Mar 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Concord Orthopaedics: 72,815 exposed</title><link>https://myhealthconsent.org/breaches/concord-orthopaedics-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/concord-orthopaedics-2025/</guid><description>Concord Orthopaedics, a New Hampshire orthopedics and rheumatology practice, notified 72,815 patients on March 25, 2025 of a November 21, 2024 vendor-side ransomware attack on its Clearwave patient check-in software. The Everest ransomware group claimed the attack and posted data. A consolidated class action settlement received preliminary approval on February 24, 2026 with a final fairness hearing on June 23, 2026.</description><pubDate>Tue, 25 Mar 2025 00:00:00 GMT</pubDate><category>vendor-breach</category><category>class-action-filed</category><category>Everest</category></item><item><title>James J. Lynch, MD Ltd. dba Swift Institute: 13,430 exposed</title><link>https://myhealthconsent.org/breaches/james-j-lynch-md-ltd-dba-swift-institute-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/james-j-lynch-md-ltd-dba-swift-institute-2025/</guid><description>James J. Lynch, MD Ltd. dba Swift Institute (NV) filed a HIPAA breach notification with the HHS Office for Civil Rights on March 25, 2025, reporting 13,430 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicl...</description><pubDate>Tue, 25 Mar 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>AmeriHealth Caritas Louisiana: 1,552 exposed</title><link>https://myhealthconsent.org/breaches/amerihealth-caritas-louisiana-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/amerihealth-caritas-louisiana-2025/</guid><description>AmeriHealth Caritas Louisiana, the Healthy Louisiana Medicaid managed-care organization, filed a HIPAA breach notification with HHS OCR on March 21, 2025 reporting 1,552 individuals affected in an Unauthorized Access/Disclosure incident on a Network Server. Srourian Law Firm has announced a class-action investigation.</description><pubDate>Fri, 21 Mar 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Fyzical Acquisition Holdings LLC: 43,045 exposed</title><link>https://myhealthconsent.org/breaches/fyzical-acquisition-holdings-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/fyzical-acquisition-holdings-llc-2025/</guid><description>Fyzical Acquisition Holdings LLC, the Florida-based parent of the 500+ location Fyzical Therapy &amp; Balance Centers franchise, filed a HIPAA breach notification with HHS OCR on March 21, 2025 reporting 43,045 affected individuals from a hacking incident on a network server. Public reporting ties this filing to a December 2024 email environment compromise that exposed SSNs, driver&apos;s licenses, financial account info, and medical records. Multiple class-action firms are investigating. Here is what to do.</description><pubDate>Fri, 21 Mar 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>MedicareCompareUSA: 5,782 exposed</title><link>https://myhealthconsent.org/breaches/medicarecompareusa-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/medicarecompareusa-2025/</guid><description>MedicareCompareUSA (WA) filed a HIPAA breach notification with the HHS Office for Civil Rights on March 21, 2025, reporting 5,782 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Fri, 21 Mar 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>MedRevenu, LLC: 17,775 exposed</title><link>https://myhealthconsent.org/breaches/medrevenu-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/medrevenu-llc-2025/</guid><description>MedRevenu, LLC, a Montclair, California revenue cycle management and medical billing vendor, was hit by a December 12, 2024 ransomware attack claimed by the BianLian group. Forensic review concluded October 21, 2025; covered-entity notifications followed on December 5, 2025, and individual notifications began February 3, 2026. The HHS OCR portal lists 17,775 affected individuals.</description><pubDate>Fri, 21 Mar 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>BianLian</category></item><item><title>Millennium Home Health Care: 4,743 exposed</title><link>https://myhealthconsent.org/breaches/millennium-home-health-care-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/millennium-home-health-care-2025/</guid><description>Millennium Home Health Care (OK) filed a HIPAA breach notification with the HHS Office for Civil Rights on March 19, 2025, reporting 4,743 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on th...</description><pubDate>Wed, 19 Mar 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Presbyterian Health Plan: 7,100 exposed</title><link>https://myhealthconsent.org/breaches/presbyterian-health-plan-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/presbyterian-health-plan-2025/</guid><description>Presbyterian Health Plan (NM) filed a HIPAA breach notification with the HHS Office for Civil Rights on March 18, 2025, reporting 7,100 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Tue, 18 Mar 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>The Pavilion at HealthPark, LLC dba Park Royal Hospital: 9,349 exposed</title><link>https://myhealthconsent.org/breaches/the-pavilion-at-healthpark-llc-dba-park-royal-hospital-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/the-pavilion-at-healthpark-llc-dba-park-royal-hospital-2025/</guid><description>The Pavilion at HealthPark, LLC dba Park Royal Hospital (FL) filed a HIPAA breach notification with the HHS Office for Civil Rights on March 18, 2025, reporting 9,349 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publi...</description><pubDate>Tue, 18 Mar 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Lena Pope Home Inc.: 3,523 exposed</title><link>https://myhealthconsent.org/breaches/lena-pope-home-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/lena-pope-home-inc-2025/</guid><description>Lena Pope Home Inc. (TX) filed a HIPAA breach notification with the HHS Office for Civil Rights on March 17, 2025, reporting 3,523 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Mon, 17 Mar 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Baylor Scott &amp; White Texas Spine &amp; Joint Hospital: 1,640 exposed</title><link>https://myhealthconsent.org/breaches/baylor-scott-white-texas-spine-joint-hospital-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/baylor-scott-white-texas-spine-joint-hospital-2025/</guid><description>Baylor Scott &amp; White Texas Spine &amp; Joint Hospital (TX) filed a HIPAA breach notification with the HHS Office for Civil Rights on March 14, 2025, reporting 1,640 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly di...</description><pubDate>Fri, 14 Mar 2025 00:00:00 GMT</pubDate><category>phishing</category><category>ocr-open</category></item><item><title>CDHA Management, LLC and Spark DSO, LLC: 173,430 exposed</title><link>https://myhealthconsent.org/breaches/cdha-management-llc-and-spark-dso-llc-dba-chord-specialty-dental-partners-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/cdha-management-llc-and-spark-dso-llc-dba-chord-specialty-dental-partners-2025/</guid><description>CDHA Management and Spark DSO, dba Chord Specialty Dental Partners, disclosed in March 2025 that hackers accessed employee email accounts from August to September 2024, exposing SSNs, financial data, and medical records for 173,430 individuals. Seven federal class actions are pending. Here is what to do.</description><pubDate>Fri, 14 Mar 2025 00:00:00 GMT</pubDate><category>phishing</category><category>class-action-filed</category></item><item><title>Columbia Eye Clinic: 500 exposed</title><link>https://myhealthconsent.org/breaches/columbia-eye-clinic-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/columbia-eye-clinic-2025/</guid><description>Columbia Eye Clinic (Columbia &amp; Lexington, SC) reported a January 2025 network intrusion to the HHS Office for Civil Rights. Unauthorized actor accessed files between January 9-13, 2025; detected January 13; HHS OCR filing and notification letters dated March 14, 2025. Exposed data included name, contact information, date of birth, procedure codes, and pre-approval information.</description><pubDate>Fri, 14 Mar 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Klickitat Valley Health: 26,339 exposed</title><link>https://myhealthconsent.org/breaches/klickitat-valley-health-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/klickitat-valley-health-2025/</guid><description>Klickitat Valley Health, the 25-bed critical-access hospital serving Goldendale and rural eastern Klickitat County, Washington, was compromised between February 18 and February 23, 2025 by the Kraken ransomware group, which exfiltrated names, Social Security numbers, dates of birth, addresses, health insurance information, medical record numbers, patient account numbers, and care-related details. The HHS Office for Civil Rights filing on March 14, 2025 records 26,339 affected individuals.</description><pubDate>Fri, 14 Mar 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Kraken</category></item><item><title>Lake Washington Vascular Surgeons, PLLC: 21,534 exposed</title><link>https://myhealthconsent.org/breaches/lake-washington-vascular-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/lake-washington-vascular-2025/</guid><description>Lake Washington Vascular Surgeons, a Bellevue, Washington vascular surgery practice, confirmed a February 14, 2025 ransomware incident attributed to the Qilin group. The intrusion exposed personal and protected health information for 21,534 patients. The practice filed with HHS Office for Civil Rights on February 25, 2025 and mailed individual notification letters on March 14, 2025.</description><pubDate>Fri, 14 Mar 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category></item><item><title>Welts, White, &amp; Fontaine PC: 500 exposed</title><link>https://myhealthconsent.org/breaches/welts-white-fontaine-pc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/welts-white-fontaine-pc-2025/</guid><description>Welts, White, &amp; Fontaine PC (NH) filed a HIPAA breach notification with the HHS Office for Civil Rights on March 14, 2025, reporting 500 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this...</description><pubDate>Fri, 14 Mar 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Nice Healthcare Management Company, Inc: 10,000 exposed</title><link>https://myhealthconsent.org/breaches/nice-healthcare-management-company-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/nice-healthcare-management-company-inc-2025/</guid><description>Nice Healthcare Management Company, Inc (MN) filed a HIPAA breach notification with the HHS Office for Civil Rights on March 10, 2025, reporting 10,000 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly di...</description><pubDate>Mon, 10 Mar 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Fort Wayne Medical Education Program: 28,502 exposed</title><link>https://myhealthconsent.org/breaches/fort-wayne-medical-education-program-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/fort-wayne-medical-education-program-2025/</guid><description>Fort Wayne Medical Education Program (FWMEP), a graduate medical-education and residency consortium operating inside the Lutheran Downtown Medical Office Building in Fort Wayne, Indiana, filed a HIPAA breach notification with the HHS Office for Civil Rights on March 6, 2025, reporting 28,502 affected individuals in a Hacking/IT Incident at Network Server. The INC RANSOM ransomware group claimed responsibility and posted 66 GB of allegedly stolen data. Notification letters did not begin going out until October 2, 2025 — nearly ten months after discovery — and at least five class actions have followed.</description><pubDate>Thu, 06 Mar 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category><category>INC RANSOM</category></item><item><title>SCLARC: 722 exposed</title><link>https://myhealthconsent.org/breaches/sclarc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/sclarc-2025/</guid><description>SCLARC (CA) filed a HIPAA breach notification with the HHS Office for Civil Rights on March 06, 2025, reporting 722 affected individuals in a Theft event at Laptop, Other Portable Electronic Device, Paper/Films. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on...</description><pubDate>Thu, 06 Mar 2025 00:00:00 GMT</pubDate><category>physical-theft</category><category>ocr-open</category></item><item><title>Madison County, MS: 6,082 exposed</title><link>https://myhealthconsent.org/breaches/madison-county-ms-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/madison-county-ms-2025/</guid><description>Madison County, MS (MS) filed a HIPAA breach notification with the HHS Office for Civil Rights on March 05, 2025, reporting 6,082 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Wed, 05 Mar 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Hillcrest Convalescent Center, Inc.: 106,194 exposed</title><link>https://myhealthconsent.org/breaches/hillcrest-convalescent-center-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/hillcrest-convalescent-center-inc-2025/</guid><description>Hillcrest Convalescent Center, a skilled nursing facility in Durham, NC, confirmed unauthorized network access from June to July 2024 exposed SSNs, medical records, and financial data for 106,194 individuals. A class action settlement is pending final court approval (hearing August 24, 2026); claim deadline is August 26, 2026. Here is what to do.</description><pubDate>Tue, 04 Mar 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>Liberty Resources, Inc.: 103,711 exposed</title><link>https://myhealthconsent.org/breaches/liberty-resources-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/liberty-resources-inc-2025/</guid><description>Liberty Resources, Inc., a Syracuse, NY-based community behavioral health, substance-use disorder, foster care, and disability-services nonprofit, filed a HIPAA breach notification with HHS OCR on March 4, 2025, reporting 103,711 affected individuals in a Hacking/IT Incident at a network server. The Rhysida ransomware group claimed responsibility on its dark-web leak site, threatening to publish 665 GB of allegedly stolen data containing 885,433 files. Plaintiff firms opened investigations in late 2025.</description><pubDate>Tue, 04 Mar 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Rhysida</category></item><item><title>Manchester Rehabilitation and Healthcare Center: 5,415 exposed</title><link>https://myhealthconsent.org/breaches/manchester-rehabilitation-and-healthcare-center-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/manchester-rehabilitation-and-healthcare-center-2025/</guid><description>Manchester Rehabilitation and Healthcare Center (CT) filed a HIPAA breach notification with the HHS Office for Civil Rights on March 03, 2025, reporting 5,415 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publ...</description><pubDate>Mon, 03 Mar 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Community Care Alliance: 114,975 exposed</title><link>https://myhealthconsent.org/breaches/community-care-alliance-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/community-care-alliance-2025/</guid><description>Community Care Alliance, a Rhode Island behavioral-health and social-services nonprofit, filed with HHS OCR on March 1, 2025 reporting 114,975 affected individuals in a Hacking/IT Incident at a network server. The Rhysida ransomware group claimed the attack and posted a 2.5 TB SQL dump on its leak site. A $1.09M class settlement (Flacco v. CCA, PC-2024-05237) received final approval October 14, 2025; payments began distribution January 23, 2026.</description><pubDate>Sat, 01 Mar 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>settled</category><category>Rhysida</category></item><item><title>East Hawaii Rehab, Inc. DBA Lehua Physical Therapy and Rehab: 8,472 exposed</title><link>https://myhealthconsent.org/breaches/east-hawaii-rehab-inc-dba-lehua-physical-therapy-and-rehab-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/east-hawaii-rehab-inc-dba-lehua-physical-therapy-and-rehab-2025/</guid><description>East Hawaii Rehab, Inc. DBA Lehua Physical Therapy and Rehab (HI) filed a HIPAA breach notification with the HHS Office for Civil Rights on February 28, 2025, reporting 8,472 affected individuals in a Theft event at Other, Other Portable Electronic Device, Paper/Films. The HHS OCR portal entry is the primary public...</description><pubDate>Fri, 28 Feb 2025 00:00:00 GMT</pubDate><category>physical-theft</category><category>ocr-open</category></item><item><title>Gaylord Hospital, Inc: 62,232 exposed</title><link>https://myhealthconsent.org/breaches/gaylord-hospital-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/gaylord-hospital-inc-2025/</guid><description>Gaylord Specialty Healthcare (Wallingford, CT) reported a ransomware intrusion that exposed Social Security numbers, financial data, and medical records for 62,232 individuals. The SafePay group claimed responsibility and leaked 160 GB. Filed with HHS OCR on February 28, 2025; individual notifications mailed beginning September 24, 2025.</description><pubDate>Fri, 28 Feb 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>SafePay</category></item><item><title>Kronick Moskovitz Tiedemann &amp; Girard: 2,511 exposed</title><link>https://myhealthconsent.org/breaches/kronick-moskovitz-tiedemann-girard-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/kronick-moskovitz-tiedemann-girard-2025/</guid><description>Kronick Moskovitz Tiedemann &amp; Girard (CA) filed a HIPAA breach notification with the HHS Office for Civil Rights on February 28, 2025, reporting 2,511 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly dis...</description><pubDate>Fri, 28 Feb 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Southeast Series of Lockton Companies, LLC: 1,124,727 exposed</title><link>https://myhealthconsent.org/breaches/southeast-series-of-lockton-companies-llc-lockton-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/southeast-series-of-lockton-companies-llc-lockton-2025/</guid><description>Southeast Series of Lockton Companies, LLC filed a HIPAA breach report with HHS OCR on February 28, 2025, disclosing a November 20, 2024 hacking incident that exposed protected health information of 1,124,727 employer-plan members. A $9.9 million class-action settlement was reached in 2026; monitoring codes became available in May 2026. Here is what to do.</description><pubDate>Fri, 28 Feb 2025 00:00:00 GMT</pubDate><category>hacking</category><category>settled</category></item><item><title>Total Medical Imaging: 27,000 exposed</title><link>https://myhealthconsent.org/breaches/total-medical-imaging-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/total-medical-imaging-2025/</guid><description>Total Medical Imaging LLC, a North Miami Beach, Florida teleradiology services provider, filed a HIPAA breach notification with HHS OCR on February 28, 2025, reporting 27,000 affected individuals after a Hacking/IT Incident at Network Server. The HIPAA Journal and calHIPAA February 2025 monthly reports characterize the event as a hacking incident involving a business associate; the entity&apos;s individual notification letter is the primary document for affected patients.</description><pubDate>Fri, 28 Feb 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Children&apos;s Dental Center at Preston Trail, P.C. d/b/a Park Place Pediatric Dentistry (Arlington, TX): 1,690 exposed</title><link>https://myhealthconsent.org/breaches/childrens-dental-center-at-preston-trail-p-c-d-b-a-park-place-pediatric-dentistr-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/childrens-dental-center-at-preston-trail-p-c-d-b-a-park-place-pediatric-dentistr-2025/</guid><description>Park Place Pediatric Dentistry in Arlington, TX notified 1,690 patients on February 14, 2025 that an unencrypted laptop containing names, dates of birth, dates of service, medical treatment records, and treatment-related financial information was stolen from an employee&apos;s vehicle on December 11, 2024. IDX credit monitoring offered.</description><pubDate>Fri, 14 Feb 2025 00:00:00 GMT</pubDate><category>physical-theft</category><category>ocr-open</category></item><item><title>Consultants in Pain Medicine: 1,124 exposed</title><link>https://myhealthconsent.org/breaches/consultants-in-pain-medicine-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/consultants-in-pain-medicine-2025/</guid><description>Consultants in Pain Medicine (TX) filed a HIPAA breach notification with the HHS Office for Civil Rights on February 16, 2025, reporting 1,124 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed o...</description><pubDate>Fri, 14 Feb 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Cornerstones of Care: 2,771 exposed</title><link>https://myhealthconsent.org/breaches/cornerstones-of-care-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/cornerstones-of-care-2025/</guid><description>Cornerstones of Care, a Kansas City-based youth and family behavioral health nonprofit serving children in Missouri and Kansas, filed a HIPAA breach report with HHS OCR on February 14, 2025 listing 2,771 affected individuals after employee email accounts were accessed by an unauthorized party. The entity&apos;s forensic review concluded on September 10, 2025 and notification letters were mailed beginning September 30, 2025.</description><pubDate>Fri, 14 Feb 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Restorix Health, Inc.: 38,553 exposed</title><link>https://myhealthconsent.org/breaches/restorix-health-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/restorix-health-inc-2025/</guid><description>Restorix Health, Inc., a Louisiana-based wound care business associate, disclosed a HIPAA breach to HHS OCR on February 14, 2025 affecting 38,553 patients. An employee email account was accessed May 7–29, 2024; exposed data includes SSNs, driver&apos;s license numbers, medical records, and health insurance details.</description><pubDate>Fri, 14 Feb 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Somnia, Inc.: 19,069 exposed</title><link>https://myhealthconsent.org/breaches/somnia-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/somnia-inc-2025/</guid><description>Somnia, Inc. — a New York-headquartered anesthesia management business associate — filed a HIPAA breach notification with HHS OCR on February 14, 2025 reporting 19,069 affected individuals from a Hacking/IT Incident at a Network Server. Notification letters were mailed February 27, 2025. Class-action investigations are underway. Here is what is known and what to do.</description><pubDate>Fri, 14 Feb 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>Spring Management OK, LLC: 2,494 exposed</title><link>https://myhealthconsent.org/breaches/spring-management-ok-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/spring-management-ok-llc-2025/</guid><description>Spring Management OK, LLC (OK) filed a HIPAA breach notification with the HHS Office for Civil Rights on February 14, 2025, reporting 2,494 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on t...</description><pubDate>Fri, 14 Feb 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>United Backcare PS dba Pacific Rehabilitation Centers: 18,900 exposed</title><link>https://myhealthconsent.org/breaches/united-backcare-ps-dba-pacific-rehabilitation-centers-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/united-backcare-ps-dba-pacific-rehabilitation-centers-2025/</guid><description>United Backcare PS dba Pacific Rehabilitation Centers, a Washington return-to-work rehabilitation provider with clinics in Everett, Puyallup, and Moses Lake, reported a December 30, 2024 ransomware attack that encrypted servers holding patient, employee, and contractor information. The HIPAA breach filing on February 11, 2025 placed the affected population at 18,900 individuals, with Social Security numbers, banking details, passport numbers, diagnosis and treatment information, and electronic signatures among the exposed data.</description><pubDate>Tue, 11 Feb 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category></item><item><title>Columbus Division of Fire: 736 exposed</title><link>https://myhealthconsent.org/breaches/columbus-division-of-fire-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/columbus-division-of-fire-2025/</guid><description>The City of Columbus identified protected health information from a Division of Fire database among the data stolen in the July 2024 Rhysida ransomware attack on city systems. The city filed a HIPAA breach notification with HHS OCR on February 10, 2025, reporting 736 affected individuals, and began mailing letters offering two years of free Experian credit and dark-web monitoring with $1M identity-theft insurance.</description><pubDate>Mon, 10 Feb 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Rhysida ransomware group</category></item><item><title>CPS Solutions, LLC: 500 exposed</title><link>https://myhealthconsent.org/breaches/cps-solutions-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/cps-solutions-llc-2025/</guid><description>CPS Solutions, LLC — the Dublin, Ohio pharmacy operations and consulting firm that manages pharmacy departments for hospitals and health systems nationwide — disclosed on February 10, 2025 that an unauthorized actor accessed an employee Microsoft 365 email account between December 2 and December 4, 2024. The compromise exposed names, Social Security numbers, dates of birth, health insurance and Medicaid/Medicare numbers, and clinical, diagnosis, and prescription information. Hospitals known to be affected include Dayton Children&apos;s Hospital, Beacon Health&apos;s Three Rivers Health, Hillsdale Hospital, Munson Healthcare, and Summit Healthcare. CPS filed an initial OCR report using a 500-individual placeholder and a proposed class action (Pierce v. CPS Solutions, LLC) was filed in the Southern District of Ohio on April 15, 2025.</description><pubDate>Mon, 10 Feb 2025 00:00:00 GMT</pubDate><category>phishing</category><category>class-action-filed</category></item><item><title>Blue &amp; Co., LLC: 228,999 exposed</title><link>https://myhealthconsent.org/breaches/blue-co-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/blue-co-llc-2025/</guid><description>Indiana CPA and consulting firm Blue &amp; Co., LLC was breached on November 7, 2024 in a server intrusion lasting under 30 minutes. The firm acted as a business associate to hospitals, physician groups, dental practices, and pharmacies. 228,999 individuals had names, Social Security numbers, financial data, and medical records exposed. Notifications mailed by Kroll on behalf of provider clients beginning July 3, 2025.</description><pubDate>Fri, 07 Feb 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Primary Health-SMMPP, L.C.: 67,567 exposed</title><link>https://myhealthconsent.org/breaches/primary-health-smmpp-l-c-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/primary-health-smmpp-l-c-2025/</guid><description>Primary Health-SMMPP, L.C., an Arizona-based HIPAA business associate that helped distribute rapid COVID test kits to schools and organizations, detected unusual activity on a network server on December 13, 2024. Forensic review wrapped on January 7, 2025; HHS OCR was notified on February 6, 2025 for 67,567 individuals. Exposed data includes names, dates of birth, Rx numbers, prescription information, dates of service, and Social Security numbers.</description><pubDate>Thu, 06 Feb 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>St. Marys NDS LLC: 11,715 exposed</title><link>https://myhealthconsent.org/breaches/st-marys-nds-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/st-marys-nds-llc-2025/</guid><description>St. Marys NDS LLC (AZ) filed a HIPAA breach notification with the HHS Office for Civil Rights on February 06, 2025, reporting 11,715 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on this page.</description><pubDate>Thu, 06 Feb 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>U.S. HEALTHWORKS-SMMPP, L.C.: 10,673 exposed</title><link>https://myhealthconsent.org/breaches/u-s-healthworks-smmpp-l-c-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/u-s-healthworks-smmpp-l-c-2025/</guid><description>U.S. HEALTHWORKS-SMMPP, L.C. (AZ) filed a HIPAA breach notification with the HHS Office for Civil Rights on February 06, 2025, reporting 10,673 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed...</description><pubDate>Thu, 06 Feb 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>VectraRx Mail Pharmacy Services, LLC: 109,383 exposed</title><link>https://myhealthconsent.org/breaches/vectrarx-mail-pharmacy-services-llc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/vectrarx-mail-pharmacy-services-llc-2025/</guid><description>VectraRx Mail Pharmacy Services LLC, an Oro Valley, Arizona mail-order pharmacy serving workers&apos; compensation and personal-injury patients, began mailing breach notifications on February 6, 2025 after a December 13, 2024 network intrusion. 109,383 individuals had names, dates of birth, Social Security numbers, prescription numbers, prescription information, and dates of service exposed. 12 to 24 months of Identity Defense credit monitoring offered. Seven proposed class actions filed in the U.S. District Court for the District of Arizona.</description><pubDate>Thu, 06 Feb 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>Escambia Community Clinics, Inc.: 143,969 exposed</title><link>https://myhealthconsent.org/breaches/escambia-community-clinics-inc-dba-community-health-northwest-florida-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/escambia-community-clinics-inc-dba-community-health-northwest-florida-2025/</guid><description>Community Health Northwest Florida, the Pensacola-area federally qualified health center operated by Escambia Community Clinics, Inc., reported a hacking incident to HHS OCR on February 3, 2025 affecting 143,969 individuals. RansomHub claimed responsibility. Names, Social Security numbers, driver&apos;s license numbers, financial account data, and full medical records were exposed.</description><pubDate>Mon, 03 Feb 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category><category>RansomHub</category></item><item><title>ARC Community Services, Inc.: 501 exposed</title><link>https://myhealthconsent.org/breaches/arc-community-services-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/arc-community-services-inc-2025/</guid><description>ARC Community Services, a Madison, WI nonprofit providing substance use disorder treatment and behavioral health services to women and children, reported a November 2024 ransomware attack by the INC Ransom group to HHS OCR on February 2, 2025. The substitute notice and individual letters confirm names, contact details, dates of birth, medical record numbers, health information, driver&apos;s license numbers, and financial account information were exfiltrated.</description><pubDate>Sun, 02 Feb 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>INC Ransom</category></item><item><title>Primary Health Services Center, Inc.: 17,202 exposed</title><link>https://myhealthconsent.org/breaches/primary-health-services-center-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/primary-health-services-center-inc-2025/</guid><description>Primary Health Services Center, Inc. (PHSC), the federally qualified health center serving Ouachita, Morehouse, and Lincoln parishes in northeast Louisiana, filed a HIPAA breach notification with HHS OCR on or about February 2, 2025 reporting 17,202 affected individuals from a Hacking/IT Incident affecting a network server. Unauthorized network access was discovered on or about December 4, 2024; forensic data review completed June 2, 2025; mailed notifications began July 10, 2025. Exposed elements include names, Social Security numbers, driver&apos;s license or state ID numbers, medical records, health insurance information, and payment information. The INC RANSOM (Incransom) extortion group posted PHSC on its dark-web leak site in late December 2024. PHSC is offering twelve months of complimentary credit monitoring and identity-theft protection.</description><pubDate>Sun, 02 Feb 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>INC RANSOM (a.k.a. Incransom)</category></item><item><title>Mental Health Association Inc.: 12,633 exposed</title><link>https://myhealthconsent.org/breaches/mental-health-association-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/mental-health-association-inc-2025/</guid><description>Mental Health Association Inc. (MA) filed a HIPAA breach notification with the HHS Office for Civil Rights on January 31, 2025, reporting 12,633 affected individuals in a Unauthorized Access/Disclosure event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicl...</description><pubDate>Fri, 31 Jan 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>PIH Health, Inc.: 2,947,264 exposed</title><link>https://myhealthconsent.org/breaches/pih-health-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/pih-health-inc-2025/</guid><description>PIH Health, a Whittier, CA nonprofit health system, was hit by a December 1, 2024 ransomware attack that disrupted three hospitals for days and exposed Social Security numbers, driver&apos;s license numbers, financial accounts, and full medical records for 2,947,264 patients. Class action filed; OCR investigating.</description><pubDate>Fri, 31 Jan 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category></item><item><title>Community Health Center, Inc.: 1,060,936 exposed</title><link>https://myhealthconsent.org/breaches/community-health-center-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/community-health-center-inc-2025/</guid><description>Community Health Center, Inc., a Connecticut FQHC headquartered in Middletown, filed a HIPAA breach with HHS OCR on January 30, 2025 reporting 1,060,936 individuals. A criminal hacker exfiltrated patient data between mid-October 2024 and January 2, 2025. Names, DOB, SSN, diagnoses, test results, and insurance data were exposed.</description><pubDate>Thu, 30 Jan 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>Methodist Homes of Alabama and Northwest Florida: 908 exposed</title><link>https://myhealthconsent.org/breaches/methodist-homes-of-alabama-and-northwest-florida-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/methodist-homes-of-alabama-and-northwest-florida-2025/</guid><description>Methodist Homes of Alabama and Northwest Florida (AL) filed a HIPAA breach notification with the HHS Office for Civil Rights on January 30, 2025, reporting 908 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet pub...</description><pubDate>Thu, 30 Jan 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Baptist Hospitals of Southeast Texas: 501 exposed</title><link>https://myhealthconsent.org/breaches/baptist-hospitals-of-southeast-texas-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/baptist-hospitals-of-southeast-texas-2025/</guid><description>Baptist Hospitals of Southeast Texas, the Beaumont-based hospital system, detected a cyberattack on its network on January 25, 2025 that disrupted registration, billing, and procedural systems. The hospital filed a HIPAA breach notification with HHS OCR on March 28, 2025 reporting 501 affected individuals, the placeholder figure commonly used when forensic review is ongoing.</description><pubDate>Mon, 27 Jan 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Benefits Management Group, Inc.: 501 exposed</title><link>https://myhealthconsent.org/breaches/benefits-management-group-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/benefits-management-group-inc-2025/</guid><description>Benefits Management Group, Inc. (IL) filed a HIPAA breach notification with the HHS Office for Civil Rights on January 24, 2025, reporting 501 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed o...</description><pubDate>Fri, 24 Jan 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Spring River Mental Health &amp; Wellness: 3,250 exposed</title><link>https://myhealthconsent.org/breaches/spring-river-mental-health-wellness-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/spring-river-mental-health-wellness-2025/</guid><description>Spring River Mental Health &amp; Wellness (KS) filed a HIPAA breach notification with the HHS Office for Civil Rights on January 24, 2025, reporting 3,250 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly dis...</description><pubDate>Fri, 24 Jan 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Aprendamos Intervention Team, P.A.: 1,916 exposed</title><link>https://myhealthconsent.org/breaches/aprendamos-intervention-team-p-a-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/aprendamos-intervention-team-p-a-2025/</guid><description>Aprendamos Intervention Team, P.A. (Las Cruces, NM) filed a HIPAA breach notification with the HHS Office for Civil Rights on January 23, 2025, reporting 1,916 affected individuals after a departing employee transferred electronic PHI to a personal email account on their last day of employment. The pediatric early-intervention provider has offered free credit monitoring to eligible clients.</description><pubDate>Thu, 23 Jan 2025 00:00:00 GMT</pubDate><category>insider-threat</category><category>ocr-open</category><category>Former Aprendamos employee (unnamed) who transferred electronic PHI to an external personal email account on their last day of employment</category></item><item><title>Apex Custom Software: 1,500 exposed</title><link>https://myhealthconsent.org/breaches/apex-custom-software-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/apex-custom-software-2025/</guid><description>Apex Custom Software, a Texas-based healthcare software developer, was breached by the threat actor 0mid16B on January 16, 2025. The business associate filed a HIPAA breach notification with HHS OCR on January 22, 2025, reporting 1,500 affected individuals. The attackers claimed to have compromised Controlled Substance Monitoring Program databases serving multiple pharmacy and healthcare clients, including allegedly Cardinal Health.</description><pubDate>Wed, 22 Jan 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>0mid16B</category></item><item><title>Inlet Health dba Communicare: 3,771 exposed</title><link>https://myhealthconsent.org/breaches/inlet-health-dba-communicare-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/inlet-health-dba-communicare-2025/</guid><description>Inlet Health dba Communicare (KY) filed a HIPAA breach notification with the HHS Office for Civil Rights on January 22, 2025, reporting 3,771 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on...</description><pubDate>Wed, 22 Jan 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>University Diagnostic Medical Imaging, PC: 138,080 exposed</title><link>https://myhealthconsent.org/breaches/university-diagnostic-medical-imaging-pc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/university-diagnostic-medical-imaging-pc-2025/</guid><description>University Diagnostic Medical Imaging, PC (UDMI), a Bronx-based radiology practice, disclosed a Fog ransomware attack affecting 138,080 patients. Filed with HHS OCR on January 21, 2025.</description><pubDate>Tue, 21 Jan 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Fog ransomware group</category></item><item><title>Holdrege Memorial Homes, Inc.: 1,446 exposed</title><link>https://myhealthconsent.org/breaches/holdrege-memorial-homes-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/holdrege-memorial-homes-inc-2025/</guid><description>Holdrege Memorial Homes, Inc. (NE) filed a HIPAA breach notification with the HHS Office for Civil Rights on January 20, 2025, reporting 1,446 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed o...</description><pubDate>Mon, 20 Jan 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Allegheny Health Network Home Medical Equipment, LLC: 292,773 exposed</title><link>https://myhealthconsent.org/breaches/allegheny-health-network-home-medical-equipment-llc-and-allegheny-health-network-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/allegheny-health-network-home-medical-equipment-llc-and-allegheny-health-network-2025/</guid><description>AHN&apos;s home medical equipment and home infusion subsidiaries disclosed on January 17, 2025 that an October 2024 hack of IT vendor IntraSystems exposed 292,773 patients&apos; names, SSNs, financial account numbers, insurance data, diagnoses, and prescriptions. Seven class actions are consolidated in W.D. Pa.</description><pubDate>Fri, 17 Jan 2025 00:00:00 GMT</pubDate><category>vendor-breach</category><category>class-action-filed</category></item><item><title>Alpine Ear, Nose &amp; Throat, PLLC: 65,648 exposed</title><link>https://myhealthconsent.org/breaches/alpine-ears-nose-throat-p-l-l-c-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/alpine-ears-nose-throat-p-l-l-c-2025/</guid><description>Alpine Ear, Nose &amp; Throat, PLLC, a Fort Collins, Colorado ENT practice, was breached by the BianLian extortion group in November 2024. Names, Social Security numbers, dates of birth, medical records, health insurance details, financial account information, and credit-card data (including CVCs) for 65,648 patients were exposed. A class-action settlement in Pfirrman v. Alpine Ear, Nose, &amp; Throat received preliminary approval, with a final fairness hearing on August 11, 2026.</description><pubDate>Fri, 17 Jan 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>class-action-filed</category></item><item><title>Asheville Eye Associates, PLLC: 204,984 exposed</title><link>https://myhealthconsent.org/breaches/asheville-eye-associates-pllc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/asheville-eye-associates-pllc-2025/</guid><description>Asheville Eye Associates, PLLC disclosed a November 2024 network intrusion that exposed protected health information for 204,984 patients across its 10 Western North Carolina eye care centers. The DragonForce ransomware group claimed responsibility, posted roughly 540 GB to its leak site, and a consolidated class action settled in 2025.</description><pubDate>Fri, 17 Jan 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>settled</category><category>DragonForce</category></item><item><title>Behavioral Health Resources: 49,213 exposed</title><link>https://myhealthconsent.org/breaches/behavioral-health-resources-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/behavioral-health-resources-2025/</guid><description>Behavioral Health Resources (Olympia, WA) detected unauthorized access to its network on November 20, 2024, filed an initial HIPAA breach report with HHS OCR on January 17, 2025 listing 49,213 affected individuals at a Network Server, and ultimately notified 50,083 current and former behavioral health and substance use disorder patients. The matter settled for $1.1 million in Walker et al. v. Behavioral Health Resources (Thurston County Superior Court).</description><pubDate>Fri, 17 Jan 2025 00:00:00 GMT</pubDate><category>hacking</category><category>settled</category></item><item><title>Community Treatment Solutions: 950 exposed</title><link>https://myhealthconsent.org/breaches/community-treatment-solutions-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/community-treatment-solutions-2025/</guid><description>Community Treatment Solutions (NJ) filed a HIPAA breach notification with the HHS Office for Civil Rights on January 16, 2025, reporting 950 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclosed on...</description><pubDate>Thu, 16 Jan 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>ocr-open</category><category>Interlock ransomware group</category></item><item><title>Mid America Physician Services: 104,513 exposed</title><link>https://myhealthconsent.org/breaches/mid-america-physician-services-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/mid-america-physician-services-2025/</guid><description>Mid America Physician Services (MAPS) — the largest independent women&apos;s health practice in the Kansas City area, comprising Johnson County OB/GYN, Women&apos;s Care, Women&apos;s Clinic of Johnson County, and Women&apos;s Health Associates — disclosed a network intrusion that exposed names, addresses, dates of birth, Social Security numbers, financial/billing information, health insurance details, and medical treatment information for 104,513 patients. Suit filed in D. Kan. Here is what to do.</description><pubDate>Mon, 13 Jan 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>Newport Harbor Pathology Medical Group: 501 exposed</title><link>https://myhealthconsent.org/breaches/newport-harbor-pathology-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/newport-harbor-pathology-2025/</guid><description>The Newport Beach, CA pathology breach disclosed January 2025. 501+ patients had names, SSNs, diagnoses, and pathology test results exposed by an unauthorized-access attack from October to November 2024. If you got a notification letter, here is exactly what was taken and what to do.</description><pubDate>Fri, 10 Jan 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>Newport Harbor Pathology Medical Group, Inc.: 119,341 exposed</title><link>https://myhealthconsent.org/breaches/newport-harbor-pathology-medical-group-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/newport-harbor-pathology-medical-group-inc-2025/</guid><description>Newport Harbor Pathology Medical Group, Inc. (Newport Beach, CA) discovered unauthorized network access on November 11, 2024. HHS OCR lists 119,341 affected; a class-action complaint was filed April 7, 2025; notifications went to 14 state AGs. Names, SSNs, diagnoses, and pathology results were involved. No credit monitoring was offered. Here is what to do.</description><pubDate>Fri, 10 Jan 2025 00:00:00 GMT</pubDate><category>hacking</category><category>class-action-filed</category></item><item><title>Samaritan Counseling Center of the Fox Valley: 956 exposed</title><link>https://myhealthconsent.org/breaches/samaritan-counseling-center-of-the-fox-valley-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/samaritan-counseling-center-of-the-fox-valley-2025/</guid><description>Samaritan Counseling Center of the Fox Valley (WI) filed a HIPAA breach notification with the HHS Office for Civil Rights on January 10, 2025, reporting 956 affected individuals in a Hacking/IT Incident event at Email. The HHS OCR portal entry is the primary public record; further details are not yet publicly disclo...</description><pubDate>Fri, 10 Jan 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>BayMark Health Services, Inc.: 3,170 exposed</title><link>https://myhealthconsent.org/breaches/baymark-health-services-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/baymark-health-services-inc-2025/</guid><description>BayMark Health Services, North America&apos;s largest medication-assisted treatment provider, was hit by a RansomHub ransomware attack between Sept 24 and Oct 14, 2024. The intruder exfiltrated about 1.5 TB of data, including names, Social Security numbers, driver&apos;s license numbers, and addiction treatment records protected by 42 CFR Part 2. OCR filing posted Jan 8, 2025 covering 3,170 individuals; a follow-on filing reported 16,548.</description><pubDate>Wed, 08 Jan 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>class-action-filed</category><category>RansomHub</category></item><item><title>Eastern Idaho Public Health: 759 exposed</title><link>https://myhealthconsent.org/breaches/eastern-idaho-public-health-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/eastern-idaho-public-health-2025/</guid><description>Eastern Idaho Public Health (ID) filed a HIPAA breach notification with the HHS Office for Civil Rights on January 07, 2025, reporting 759 affected individuals in a Unauthorized Access/Disclosure event at Electronic Medical Record. The HHS OCR portal entry is the primary public record; further details are not yet pu...</description><pubDate>Tue, 07 Jan 2025 00:00:00 GMT</pubDate><category>unauthorized-access</category><category>ocr-open</category></item><item><title>Medusind Inc.: 701,475 exposed</title><link>https://myhealthconsent.org/breaches/medusind-inc-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/medusind-inc-2025/</guid><description>Medusind Inc., an Aventura, FL revenue cycle management and medical billing vendor serving more than 6,000 healthcare providers, filed a HIPAA breach notification with HHS OCR on January 7, 2025 reporting 701,475 individuals affected by a December 2023 network intrusion. A $5 million class-action settlement received final court approval January 26, 2026; payments issued April 10, 2026. Here is what to do.</description><pubDate>Tue, 07 Jan 2025 00:00:00 GMT</pubDate><category>hacking</category><category>settled</category></item><item><title>North Los Angeles County Regional Center: 500 exposed</title><link>https://myhealthconsent.org/breaches/north-los-angeles-county-regional-center-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/north-los-angeles-county-regional-center-2025/</guid><description>North Los Angeles County Regional Center (CA) filed a HIPAA breach notification with the HHS Office for Civil Rights on January 06, 2025, reporting 500 affected individuals in a Hacking/IT Incident event at Network Server. The HHS OCR portal entry is the primary public record; further details are not yet publicly di...</description><pubDate>Mon, 06 Jan 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Pediatric Home Respiratory Services, LLC d/b/a Pediatric Home Service: 41,792 exposed</title><link>https://myhealthconsent.org/breaches/pediatric-home-respiratory-services-llc-d-b-a-pediatric-home-service-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/pediatric-home-respiratory-services-llc-d-b-a-pediatric-home-service-2025/</guid><description>Pediatric Home Respiratory Services, LLC d/b/a Pediatric Home Service (Roseville, MN) disclosed a November 1-7, 2024 network intrusion that exposed names, addresses, dates of birth, Social Security numbers, medical information, and health insurance data for 41,792 individuals - most of them medically complex pediatric home-care patients. Filed with HHS OCR on January 6, 2025. Two-year Experian IdentityWorks Credit 3B offered. Consolidated class action (In re Pediatric Home Respiratory Services Litigation, Ramsey County District Court, No. 62-cv-25-2838) received preliminary approval January 6, 2026; final fairness hearing May 8, 2026. Cash payments up to $1,500 with documentation, or $50 flat. Here is what to do.</description><pubDate>Mon, 06 Jan 2025 00:00:00 GMT</pubDate><category>hacking</category><category>settled</category></item><item><title>Ingham County Medical Care Facility, d/b/a Dobie Road: 3,078 exposed</title><link>https://myhealthconsent.org/breaches/ingham-county-medical-care-facility-d-b-a-dobie-road-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/ingham-county-medical-care-facility-d-b-a-dobie-road-2025/</guid><description>Ingham County Medical Care Facility, d/b/a Dobie Road (MI) filed a HIPAA breach notification with the HHS Office for Civil Rights on January 05, 2025, reporting 3,078 affected individuals in a Hacking/IT Incident event at Electronic Medical Record. The HHS OCR portal entry is the primary public record; further detai...</description><pubDate>Sun, 05 Jan 2025 00:00:00 GMT</pubDate><category>hacking</category><category>ocr-open</category></item><item><title>Buffalo Surgery Center: 64,000 exposed</title><link>https://myhealthconsent.org/breaches/buffalo-surgery-center-2025/</link><guid isPermaLink="true">https://myhealthconsent.org/breaches/buffalo-surgery-center-2025/</guid><description>Buffalo Surgery Center filed with HHS OCR on January 4, 2025, reporting 64,000 affected patients from a June 23, 2024 ransomware attack on parent Excelsior Orthopaedics, LLP. The Monti ransomware group claimed responsibility and posted the stolen data on its leak site. Exposed information included Social Security numbers, driver&apos;s license numbers, medical and health insurance details, and financial data. A $2.4 million class settlement (Szucs et al. v. Excelsior Orthopaedics) received preliminary approval; final fairness hearing is July 8, 2026.</description><pubDate>Sat, 04 Jan 2025 00:00:00 GMT</pubDate><category>ransomware</category><category>settled</category></item></channel></rss>