Columbia Medical Practice; Jupiter Medical Center Announce Data Breaches
Columbia Medical Practice has experienced a ransomware attack in which patient data was stolen, and Jupiter Medical Center has notified patients that their personal and health information was stolen in a January 2025 security incident.
Columbia Medical Practice
Columbia Medical Practice in Columbia, Maryland, has recently confirmed that patient data was compromised in a November 2025 ransomware attack. The investigation confirmed that an unnamed threat actor accessed its network on November 5, 2025, and used malware to encrypt files. Prior to file encryption, files were exfiltrated, some of which contained patient information. Columbia Medical Practice said it was able to recover the encrypted files, and it is reviewing the affected files to determine the individuals affected and the exact types of data involved. The Qilin ransomware group claimed responsibility for the attack.
The electronic medical record system was not accessed; however, files on the compromised parts of its network contained names, addresses, phone numbers, birth dates, passport numbers, Social Security numbers, driver’s license numbers, other government identifiers, financial account information (but not information such as security codes that would permit access), health insurance information, patient account numbers, and health information, which may include diagnoses, diagnosis codes, treatment/condition information, prescription information, history information, dates of service, locations of service, assigned physician names and health services payment information. The types of information involved vary from individual to individual.
Columbia Medical Practice said it is evaluating additional technical measures, reviewing its cyber auditing practices, and reviewing and updating its policies and procedures to reduce the risk of similar incidents in the future. Notification letters will be mailed to the affected individuals when the file review is concluded. The HHS’ Office for Civil Rights breach portal indicates up to 3,000 individuals have been affected.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Jupiter Medical Center
Jupiter Medical Center in Jupiter, Florida, has started notifying patients about unauthorized access to electronic medical records. Notification letters have only recently been sent, although the data breach occurred in January 2025. The breach involved its medical record vendor, Cerner (Now Oracle Health).
Jupiter was one of many healthcare providers affected by the breach. While Oracle Health has not confirmed publicly exactly how many of its clients were affected, in a recent lawsuit, Oracle Health’s attorneys said up to 80 hospitals may have been affected. Jupiter Medical Center said law enforcement requested delaying announcing the data breach and issuing notifications as it would potentially interfere with the law enforcement investigation.
The breach affected a limited number of patients and involved information typically found in medical records, as well as Social Security numbers. The affected individuals have been offered two years of complimentary credit monitoring services.
