Rockhill Women’s Care & Harbor Regional Center Announce Data Breaches
Data breaches have recently been announced by the OB/GYN practice Rockhill Women’s Care and Harbor Regional Center, a California provider of services to individuals with developmental disabilities.
Rockhill Women’s Care
Rockhill Women’s Care, an OB/GYN practice with locations in Overland Park in Kansas and Lees Summit in Missouri, has experienced a significant data breach, involving unauthorized access to the electronic protected health information of up to 70,129 patients.
While it is unclear from the notification letters exactly when its network was first compromised, the intrusion was detected on February 26, 2025. Third-party cybersecurity experts were engaged to investigate the intrusion, and law enforcement was notified. The investigation confirmed that patient information had been exposed and may have been exfiltrated. The data mining exercise to determine the exact types of data involved and the individuals affected was completed on August 13, 2025.
The types of data involved vary from individual to individual and include names in combination with one or more of the following: address, date of birth, Social Security number, medical treatment information, and/or health insurance information. After verifying the results and contact information, individual notification letters started to be mailed to the affected individuals on or around September 30, 2025. At the time of issuing notification letters, Rockhill Women’s Care was unaware of any misuse of the exposed data. Rockhill Women’s Care said patient privacy is taken very seriously, and steps have been taken to enhance its security measures to prevent similar incidents from occurring in the future.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Harbor Regional Center
Harbor Regional Center, a nonprofit organization that works with the California Department of Developmental Services to provide services to more than 20,000 adults and children with developmental disabilities in the South Bay, Harbor, Long Beach, and the southeast areas of Los Angeles County, has recently announced a security incident involving unauthorized access to an employee’s email account.
The email account breach was identified on September 2, 2025, and an investigation was launched to determine the nature and scope of the activity. On September 29, 2025, it was determined that a limited amount of protected health information was exposed and may have been obtained by an unauthorized third party.
The types of data involved vary from individual to individual and may include names in combination with one or more of the following: address, date of birth, Social Security number, medical record number, patient ID or account number, Medicare/Medicaid number, health insurance information, medical diagnosis and treatment information, medical history, prescription information, medical lab or test result, treatment location, treatment date, and provider name.
Harbor Regional Center has not identified any misuse of the exposed information; however, as a precaution against identity theft and fraud, the affected individuals have been offered complimentary credit monitoring and identity theft protection services. Harbor Regional Center said it has implemented additional security measures and is reviewing its data policies and procedures. The data breach is not currently shown on the HHS’ Office for Civil Rights website, so it is currently unclear how many individuals have been affected.
