Arizona Orthopedics Practice Announces Data Breach
Data breaches have recently been reported by Integrated Orthopedics of Arizona, Glen Falls Hospital in New York, and South Coast Pediatrics in California.
Integrated Orthopedics of Arizona
Integrated Orthopedics of Arizona (IOA) in Phoenix, Arizona, has recently notified 2,916 patients about a breach of its email tenant. Unauthorized activity was identified on or around April 7, 2025. Assisted by third-party cybersecurity experts, IOA confirmed unauthorized access to the email system, and some emails had been copied.
The email system was reviewed to determine the individuals affected and the types of data involved, and that process was completed on June 19, 2025. The affected individuals had either visited IOA for healthcare services or their information was provided by other healthcare providers. The breached information included some or all of the following: name, address, date of birth, medical record number, patient ID/ account number, Medicare number, Medicaid number, health insurance information, diagnosis information, treatment information including date(s) and location, doctor’s name, lab or test results, and for a small subset of individuals, driver’s license number and/or Social Security number.
IOA has offered the affected individuals 24 months of complimentary credit monitoring and identity theft protection services, and has taken steps to improve email security.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Glens Falls Hospital, New York
Glens Falls Hospital in New York has recently confirmed that patient data was compromised in an Oracle Health/Cerner cybersecurity incident in January this year. The data was stored on legacy servers that were awaiting migration to Oracle Cloud, when hackers gained access. The hackers may have breached the servers as early as January 22, 2025, and accessed medical records stored on those servers. The compromised information included patients’ names, Social Security numbers, medical record numbers, physicians’ names, diagnoses, medications, test results, medical images, and treatment information.
Glen Falls Hospital said it was not using Oracle Health or Cerner as its electronic health vendor at the time, having terminated that relationship on November 2, 2024, yet it was still affected by the incident. Glen Falls Hospitals was provided with a list of the affected individuals on June 6, 2025, and has been working with Oracle Health to notify those individuals and provide them with 24 months of complimentary credit monitoring and identity theft protection services. There is currently no entry relating to the breach on the HHS’ Office for Civil Rights breach portal, so it is unclear how many individuals have been affected.
South Coast Pediatrics, California
South Coast Pediatrics, a pediatric medical group with locations in Bristol, Spurgeon, and Anaheim in California, has notified 7,000 individuals about a June 2025 cyberattack that involved unauthorized access to computers containing patient information. The attack was identified on June 12, 2025, and steps were immediately taken to contain the threat, assess the impact, and restore its systems.
The forensic investigation confirmed that patient data was present on the affected computers, including name, address, date of birth, medical record number, diagnosis, and treatment codes/descriptions. Steps have been taken to enhance network security and prevent similar incidents in the future. The affected patients have been advised to remain vigilant against instances of identity theft and fraud.
