Mower County in Minnesota Confirms HIPAA-Data Compromised in June Ransomware Attack
Data breaches have recently been announced by Mower County in Minnesota, Seasons Living in Oregon, Dr. Doug’s Pediatric Dentistry in Utah, and Provail in Washington State.
Mower County, Minnesota
Officials in Mower County, Minnesota, have confirmed that HIPAA-protected data was acquired by hackers in a June 2025 ransomware attack. The ransomware attack was identified on June 18, 2025, and an investigation is underway to determine the types of data involved and the individuals affected. The stolen data related to individuals who have previously received services from the County Health and Human Services Department.
Individual notification letters will be mailed to the affected individuals when the investigation is concluded, and County officials have confirmed that complimentary credit monitoring and identity theft protection services will be provided. In the meantime, anyone who has previously received services from the Health and Human Services Department has been advised to be vigilant against identity theft and fraud by reviewing their account statements, explanation of benefits statements, and free credit reports. The breach has been reported to the HHS’ Office for Civil Rights using a placeholder figure of at least 501 affected individuals.
Seasons Living
Seasons Living, an assisted living facility in Lake Oswego, Oregon, has disclosed a security incident involving the theft of sensitive data. The security breach was identified on March 4, 2025, and the forensic investigation confirmed that an unauthorized third party accessed its network and acquired files containing information related to its vendors, applicants, tenants, owners, and current and former employees.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
In a press release about the incident, Seasons Living CEO Eric Jacobsen said the incident has been fully contained, unauthorized access to its network has been blocked, and additional security measures have been implemented to prevent similar incidents in the future. He also confirmed that complimentary credit monitoring services are being provided to all affected individuals.
The press release does not mention the types of data involved; however, a hacker has taken credit for the attack and claims to have stolen information such as names, addresses, birthdates, Social Security and driver’s license numbers, health insurance information, medical records, and financial information. The data breach is not currently listed on the HHS’ Office for Civil Rights website, so it is unclear how many individuals have been affected.
Dr. Doug’s Pediatric Dentistry
Dr. Doug’s Pediatric Dentistry in Logan, Utah, has recently announced a data security incident that was detected in September 2024. Unusual activity was identified in an employee’s email account. The password was reset, and an investigation was launched, which confirmed that the breach was confined to a single email account and no other systems were affected.
The account was reviewed to determine whether any patient information was present, and contact information was verified to allow notification letters to be mailed. Those processes were concluded in June 2025. The information potentially compromised in the incident includes names, dates of birth, diagnosis or dental treatment information, and Medicaid numbers/health insurance information. A very limited number of patients also had their Social Security numbers and/or driver’s license numbers exposed. The incident has been reported to regulators, although it is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals were affected.
Provail
Provail, a nonprofit provider of disability services in Washington State, has recently disclosed a cybersecurity incident that was detected on or around June 8, 2025. Suspicious network activity was identified, and the forensic investigation confirmed that an unauthorized actor had access to its network between June 7, 2025, and June 9, 2025, and viewed or acquired files containing sensitive client data.
The investigation and file review are ongoing; however, it has been confirmed that the data compromised in the incident included names in combination with one or more of the following: diagnosis/condition information, lab results, medications, other treatment information, addresses, dates of birth, driver’s license numbers, Social Security numbers, other identifying information, claims information, credit card numbers, bank account numbers, and other financial information.
Individual notification letters will be mailed to the affected individuals when the investigation and file review are concluded. The OCR breach portal includes a placeholder figure of at least 501 affected individuals.
