Data Breaches Announced by Florida Retina Center; Acadia Healthcare Company
Florida Retina Center has identified unauthorized access to systems containing the protected health information of more than 13,600 patients. Acadia Healthcare Company has experienced a breach affecting 1,800 patients.
Florida Retina Center
Bonita Springs-based Florida Retina Center has announced a cybersecurity incident that was first identified on January 30, 2026. Immediate action was taken to secure its network, and an investigation was launched to determine the nature and scope of the unauthorized activity. On May 19, 2026, Florida Retina Center confirmed unauthorized access to parts of its network containing patient data.
The file review confirmed that the data of 13,652 patients was exposed and potentially acquired in the incident. The exposed data included names, dates of birth, Social Security numbers, driver’s license numbers, and medical information. Notification letters have been mailed to the affected individuals, and 12 months of complimentary credit monitoring and identity theft protection services have been made available. At the time of issuing notification letters, no misuse of the affected data had been identified.
Acadia Healthcare Company
Franklin, Tennessee-based Acadia Healthcare Company, Inc., a provider of psychiatric and chemical dependency services, has announced a data breach affecting 1,807 individuals. Unusual activity was identified within an employee’s email account on March 25, 2026. The account was secured, and an investigation was launched, which confirmed unauthorized access to a single employee’s email account and associated SharePoint files between March 21, 2026, and March 25, 2026. There was no unauthorized access to any other email accounts, other systems, or the electronic medical record system.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The types of data involved varied from individual to individual, and for the majority of affected individuals, involved one or more of the following data elements in addition to their names: address, date of birth, treatment information, dates of treatment, type of treatment, and health insurance information. Certain individuals also had their Medicare Health Insurance Claim Number (HICN) exposed, which may include their Social Security number. Notification letters were mailed to the affected individuals on May 22, 2026, and additional safeguards have been implemented to prevent similar incidents in the future.
