Connecticut Medicaid Portal Breach Affects 22,500 Hartford HealthCare Patients
The personal and protected health information of approximately 22,500 Hartford HealthCare patients has been exposed in a security incident. Data breaches have also been announced by the New York City cosmetic surgery practice of Ira L. Savetsky, MD, and the mobility and rehabilitation product provider ERMI, LLC.
Hartford HealthCare
The Connecticut Department of Social Services and Gainwell Technologies, a vendor that provides fiscal agent and account administration services for the Connecticut Medicaid program (HUSKY), have identified unauthorized access to certain payment accounts on the HUSKY provider portal website.
Suspicious activity was identified on March 25, 2026, and the forensic investigation confirmed unauthorized access to a small number of Hartford HealthCare’s payment accounts on the website. The accounts were accessed on March 4, 2026, using the compromised credentials of Hartford Healthcare employees. Immediate action was taken to prevent further unauthorized access, and assisted by third-party cybersecurity experts, the incident was determined to have been contained and further unauthorized access blocked; however, the threat actor had downloaded files containing the data of approximately 22,500 individuals.
The review of those files revealed they contained information such as full names, ID numbers associated with Hartford HealthCare accounts or Medicaid claims, dates of medical services, information about services received and how they were billed, payment information including amounts paid, and information about applicable non-Medicaid health insurance, including policy and group number. Social Security numbers were not stored in the system, and were not obtained in the attack.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
This appears to have been a financially motivated attack, and the primary purpose does not appear to have been patient data theft; however, patient information was compromised and, as a precaution, the affected individuals have been offered complimentary credit monitoring and identity theft protection services. DSS and Gainwell Technologies began sending notification letters to the affected Hartford HealthCare patients on May 22, 2026.
Ira L. Savetsky, MD
The New York City cosmetic surgery practice of Ira L. Savetsky, MD, has experienced a breach of its email environment. The security incident was detected in January 2026, and the forensic investigation confirmed that a single employee’s email account had been accessed by an unauthorized third party. The first instance of unauthorized access occurred in November 2024, and access to the account remained possible until January 2026. Over that 14-month period, information in the account may have been viewed or copied. The account was reviewed and found to contain patient information such as scheduling information and correspondents related to patient care, along with first and last names, birth dates, telephone numbers, driver’s license numbers, medical records, health information, health insurance information, and photographs.
Notification letters started to be mailed to the affected individuals on May 21, 2026. Complimentary credit monitoring and identity theft protection services do not appear to have been offered. The incident has been reported to regulators, but it is not yet shown on the HHS’ Office for Civil Rights website, so it is currently unclear how many individuals have been affected.
ERMI LLC
ERMI LLC, an Atlanta, GA-based provider of mobility and rehabilitation products, has identified a cybersecurity incident that exposed sensitive data. Unauthorized access to certain employee email accounts was identified on or around August 14, 2025. The accounts were secured, and an investigation was launched to determine the nature and scope of the unauthorized activity.
The forensic investigation confirmed unauthorized access to a limited number of employee email accounts between February 15, 2025, and August 14, 2025. The review of the accounts was completed on or around April 17, 2026. Individual notification letters are being sent to the affected individuals, which detail the exact types of data exposed in the incident. As a precaution against data misuse, the affected individuals have been offered complimentary single-bureau credit monitoring, credit score, and credit report services. The number of affected individuals has yet to be publicly disclosed.
