Data Breaches Announced by Doctors’ Memorial & Sabine County Hospitals
Data breaches have been announced by Doctors’ Memorial Hospital in Florida, Sabine County Hospital in Texas, Compass Counseling Services in Florida, and Precision Endodontics of Raleigh in North Carolina.
Doctors’ Memorial Hospital, Florida
Doctors’ Memorial Hospital in Florida has recently confirmed that it was affected by the data breach at the debt recovery firm Nationwide Recovery Service (NRS) last year. An unauthorized third party accessed the NRS information technology network between July 5, 2024, and July 11, 2024, and copied files and folders from its systems. The review of the compromised data was completed in February 2025. Based on data breach reports submitted by the affected entities, more than 543,000 individuals were affected.
Doctors’ Memorial Hospital said it only learned about the data breach on February 7, 2024, 7 months after the attack occurred, and was informed at the time that NRS would take full responsibility for issuing notification letters to the affected individuals. NRS changed its position and refused to issue notifications. It took NRS until May 27, 2025, to provide Doctors’ Memorial Hospital with a list of the affected patients. The data has been verified, and Doctors’ Memorial Hospital is sending notification letters to the affected individuals.
The data breach has been reported to the HHS’ Office for Civil Rights as affecting 500 individuals. The total will be amended when all notifications have been issued. Doctors’ Memorial Hospital said the data compromised in the incident included names, dates of birth, financial account numbers, Social Security numbers, and medical information.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Sabine County Hospital, Texas
Sabine County Hospital (SCH) in Hemphill, Texas, has identified unauthorized access to an employee’s email account. The incident was detected on February 12, 2025, and access to the account was immediately blocked. An investigation was launched to determine the nature and scope of the incident, and the account was reviewed to determine if it contained any patient information.
The account audit was time-consuming and has only recently been completed. The review confirmed that patient information contained in internal logs and reports may have been viewed or obtained. For most of the affected patients, the information compromised in the incident was limited to name, date(s) of service, and the service(s) received. For some patients, more detailed demographic information was involved, such as address, date of birth, and gender, along with clinical information such as symptoms and diagnosis. For a small subset of the affected individuals, more detailed clinical information was involved, such as test results, treatment information, financial information, Social Security number, Medicare number, insurance information, and payment information.
While information was exposed, the primary purpose of the attack was to get a fraudulent invoice paid, which was sent from the account to the hospital. “Phishing incidents, like the one that occurred at SCH, are becoming increasingly common, and more sophisticated,” said SCH spokesperson Kaylee McDaniels. “We are very sorry this occurred and will continue to educate our staff about the dangers, and steps they should take to avoid becoming a victim.
The HHS’ Office for Civil Rights breach portal indicates up to 7,600 individuals had their data compromised in the incident.
Compass Counseling Services, Florida
Compass Counseling Services, in Orlando, Florida, has recently announced a hacking incident that was detected on November 20, 2024. The intrusion was rapidly contained, and an investigation was launched to determine the nature and scope of the unauthorized activity. Following an extensive forensic investigation, Compass discovered on February 2, 2025, that there had been unauthorized access to files containing patient information between November 19, 2024, and November 21, 2024.
The file review has recently been completed and confirmed that the compromised data included first and last names, birth dates, financial account numbers, routing numbers, Social Security numbers, digital signatures, account access credentials, driver’s license numbers and/or other governmental identification numbers, Medicare/Medicaid numbers, medical histories, patient numbers, provider names and locations, medical diagnosis information, medical treatment information, and other health insurance information. Compass said it is reviewing its practices and internal controls to enhance the security and privacy of patient information.
Precision Endodontics of Raleigh, North Carolina
Precision Endodontics of Raleigh in North Carolina has recently notified 4,022 current and former patients about a phishing-related data breach. On June 10, 2025, Precision Endodontics identified unauthorized access to its email account. An investigation was launched, which revealed the account had been used to send phishing emails to a portion of its contact list.
The compromised email account was reviewed and found to contain patients’ first and last names and email addresses; however, no misuse of that information has been identified. Precision Endodontics has implemented additional safeguards to improve data security and its web server infrastructure and will take further actions to reduce the risk of similar breaches in the future.
