25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Business Associate Data Breach Affects Duke Regional Hospital Patients

Posted By on Jul 23, 2025

A law firm that provides legal counsel and assistance to Durham County Hospital Corporation in North Carolina has experienced a data breach involving the personal and protected health information of 2,150 individuals.

Manning, Fulton & Skinner, P.A. (MFS), identified suspicious activity within its email system on February 6, 2025. An investigation was launched to determine the cause of the activity, and it was confirmed that certain MFS email accounts had been accessed by an unauthorized individual between September 19, 2024, and February 6, 2025.

Third-party data review specialists were engaged to review the affected accounts and completed the review on May 14, 2025. Durham County Hospital Corporation was notified about the data breach on May 29, 2025, and provided MFS with the necessary information for mailing notifications on July 14, 2025. The law firm has implemented additional email security measures and has offered the affected individuals 12 months of complimentary credit monitoring and identity theft protection services.

The Brien Center for Mental Health and Substance Abuse Services Announces May 2025 Hacking Incident

The Brien Center for Mental Health and Substance Abuse Services in Pittsfield, Massachusetts, has notified state attorneys general about a recent security incident involving unauthorized access to patient information.  The intrusion was identified on May 21, 2025, and third-party cybersecurity specialists were engaged to investigate the incident. The Brien Center learned there was unauthorized network access between May 19, 2025, and May 21, 2025, during which time files containing patient information may have been copied from the network.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The file review confirmed that the data potentially compromised in the incident included names, dates of birth, addresses, phone numbers, email addresses, client IDs, dates and times of recent visits, and clinical diagnostic information. Credit monitoring and identity restoration services have been offered to the affected individuals. The HHS’ Office for Civil Rights breach portal indicates up to 5,427 individuals have been affected.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist