25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Data Breaches Announced By Decisely Insurance Services & Apex Global Solutions

Posted By on Jun 25, 2025

Data breaches have been announced by Decisely Insurance Services, Apex Global Solutions, Upper Dublin Family Dentistry, and Arkansas Urology Associates. Ransomware groups have claimed attacks on West Texas Oral and Facial Surgery and Freedman HealthCare.

Decisely Insurance Services, Georgia

Decisely Insurance Services has notified 65,405 individuals about a December breach involving its cloud storage platform. The Roswell, GA-based benefits brokerage and HR services firm identified suspicious activity within its cloud storage platform on December 17, 2024. Steps were taken to secure the platform and prevent further unauthorized access, and cybersecurity experts were engaged to investigate and determine the nature and scope of the unauthorized activity.

The investigation confirmed there was unauthorized access and data acquisition on December 16, 2024. Decisely spent the following months reviewing the platform to identify the owners of the data and the individuals affected, and has been working with those clients to obtain contact information to allow notification letters to be mailed.

Data compromised in the incident included names, dates of birth, phone numbers, passport numbers, digital signatures, and Social Security numbers. Individual notifications were mailed on June 13, 2025, and individuals whose Social Security numbers were compromised have been offered credit monitoring and identity theft recovery services as a precaution, although at the time of issuing notification letters, no evidence had been found to suggest any misuse of the stolen data. Decisely said it has implemented additional measures to enhance the security of its network environment.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Update: Since publication, the number of affected individuals has increased considerably. The data breach report submitted to the HHS’ Office for Civil Rights on June 13, 2025, has been amended to show that 537,603 individuals were affected – more than 8 times as many as initially reported.

Apex Global Solutions, New York

The New York-based managed services provider, Apex Global Solutions (AGS), LLC, has recently announced a June 2024 security breach that potentially saw sensitive data obtained by unauthorized individuals. AGS identified suspicious network activity on July 14, 2024, and, assisted by third-party digital forensics experts, investigated the security incident and determined that hackers had access to its network and potentially exfiltrated data between June 18, 2024, and July 2, 2024.

A review was conducted to identify all individuals whose data had been exposed and to obtain up-to-date contact information for those individuals. The investigation and file review were completed on March 17, 2025, when it was confirmed that the exposed data included first and last names together with one or more of the following: address, date of birth, driver’s license number, Social Security number, diagnosis/condition, health insurance information, claims information, patient ID, treatment information, provider name, and financial account information. Steps have been taken to enhance security, and the 14,741 affected individuals have been offered complimentary credit monitoring and identity theft protection services.

Upper Dublin Family Dentistry, Pennsylvania

Upper Dublin Family Dentistry in Pennsylvania has recently reported a ransomware attack and data breach to the HHS’ Office for Civil Rights that potentially involved unauthorized access to the protected health information of 5,000 individuals.  The attack was detected on May 13, 2025, when files on its network were encrypted.

Third-party cybersecurity and digital forensics experts were engaged to investigate the incident, contain the threat, and restore its systems, which have now been recovered without paying a ransom. Patient data may have been viewed or acquired by the ransomware group, including names, dates of birth, home addresses, phone numbers, and dental medical records. Upper Dublin Family Dentistry is unaware of any misuse of that data and said steps have been taken to improve system security and strengthen its web server infrastructure.

Arkansas Urology Associates, Arkansas

Arkansas Urology Associates has recently announced a breach of their email environment. Unusual activity was identified within the email system on or around April 29, 2025. Assisted by third-party cybersecurity experts, Arkansas Urology confirmed there had been unauthorized access to certain email accounts between March 25, 2025, and April 29, 2025. The email accounts were reviewed, and on June 9, 2025, it was confirmed that sensitive patient data had been exposed.

The exposed information included names, Social Security numbers, dates of birth, dates of service, addresses, driver’s license numbers, prescription information, diagnosis information, insurance information, and medical information. Notification letters have been sent to the 642 affected individuals, and steps have been taken to improve email security to prevent similar incidents in the future.

Ransomware Groups Claim Attacks on West Texas Oral and Facial Surgery & Freedman HealthCare

Two healthcare providers have recently been added to ransomware groups’ data leak sites. The Inc Ransom group has claimed responsibility for an attack on West Texas Oral and Facial Surgery, and the World Leaks (formerly Hunters International) data leak site includes a listing for Freedman HealthCare in Massachusetts.

The World Leaks site claims that 52.4 GB of data was stolen in the attack on Freedman HealthCare, but the stolen data does not appear to contain patient information. Last week, Freedman HealthCare CEO John Freedman confirmed the attack but stressed that the stolen dataset did not include any protected health information. The breach was limited to one file server, all malicious files were identified and removed, and systems have now been secured. World Leaks has used ransomware in past attacks, but has transitioned to data theft and extortion, and generally does not encrypt files. West Texas Oral and Facial Surgery has not publicly confirmed a cyberattack or data breach at the time of writing.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist