Ransomware Attack Announced by True Dental Care for Kids and Adults
Data breaches have recently been announced by True Dental Care for Kids and Adults in Pennsylvania, North Hudson Community Action Corporation in New Jersey, and California Correctional Health Care Services.
True Dental Care for Kids and Adults, Pennsylvania
True Dental Care for Kids and Adults LLC in Pennsylvania has started notifying 17,640 individuals about a recent ransomware attack. A hacker gained access to its network on February 3, 2025, and downloaded ransomware, which was used to encrypt files on its network. The forensic investigation of the incident identified unauthorized access to patient data prior to file encryption.
A ransom demand was issued; however, it was not paid, and files were successfully restored from backups. True Dental said it is unaware of any misuse of patient data at the time of issuing the notification. The types of information involved vary from individual to individual and include names, dates of birth, addresses, phone numbers, and patient dental/medical records. True Dental said additional safeguards are being implemented to prevent similar incidents in the future.
North Hudson Community Action Corporation, New Jersey
North Hudson Community Action Corporation, a provider of health and social services to individuals in northern New Jersey, has recently reported a security incident to the HHS’ Office for Civil Rights. Unusual activity was identified within its computer systems on January 27, 2025. Systems were immediately secured, and an investigation was launched, which confirmed unauthorized access to its network occurred between January 26 and January 27, 2025. Data theft was also confirmed.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The electronic medical record system was unaffected; however, some of the stolen files included sensitive data. The review is ongoing, so it is not yet possible to determine exactly what data was involved, but it is likely to include names, medical information, and health insurance information. Steps are being taken to update privacy and security safeguards, and notification letters will be mailed to the affected individuals when the file review is concluded. The breach has been reported to OCR as involving the data of at least 501 individuals.
California Correctional Health Care Services
The California Correctional Health Care Services (CCHCS) has recently discovered an impermissible disclosure of the protected health information of certain inmates in California’s correctional facilities. The incident dates back to August 21, 2023, when an employee sent an unencrypted email to the personal email address of an unauthorized recipient. The email contained inmates’ last names, CDCR numbers, risk levels, and medical information.
When the privacy incident was discovered, the recipient of the email was instructed to destroy the email, along with any other emails in their account that contained protected health information. The email recipient confirmed that they had not disclosed the information in the email to any other individuals, and an attestation was received that the email was deleted on August 21, 2023.
CCHCS said the employee concerned was required to undertake additional Privacy Awareness Mitigation Training and will be subject to further investigation, and the delay in issuing notifications about the historic privacy incident was due to CCHCS only learning about the incident on March 27, 2025. The affected individuals have been informed that they may submit a Health Care Grievance regarding the breach to their institutional Health Care Grievance Office.
The privacy breach has been reported to appropriate regulators, including the California Attorney General and the HHS’ Office for Civil Rights. It is currently unclear how many individuals have been affected since the incident is not yet listed on the OCR breach portal.
