25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Almost 30,000 Texas Residents Affected by Data Breach at The Texas Hearing Institute

The Texas Hearing Institute has notified the Texas Attorney General about a data breach impacting more than 29, 000 state residents. Data breaches have also been announced by Family Health Centers of Southern Indiana, the Wisconsin Department of Health Services, and Stephen W. Brown & Radiology Associates of Augusta.

Texas Hearing Institute

The Texas Hearing Institute, a pediatric hearing center in Houston, Texas, has started notifying at least 29,498 individuals about a March 2026 cyberattack that resulted in unauthorized access to its network and the exposure of patients’ personal and health data.

Unauthorized network access was identified on March 20, 2026, and immediate steps were taken to contain the incident and secure its systems. Assisted by third-party digital forensics experts, the Texas Hearing Institute determined on April 22, 2026, that there had been unauthorized access to personal information on its systems. The data review confirmed that names, Social Security numbers, financial information, and medical records were compromised in the incident.

The affected individuals have been offered 24 months of complimentary credit monitoring and identity theft protection services. While the notification letters do not provide further information about the nature of the attack, this appears to have been a ransomware incident. The interlock ransomware group added the Texas Hearing Institute to its dark web data leak site in early April, claiming to have stolen 540 gigabytes of data. As such, the affected individuals should ensure that they take advantage of the free identity theft protection services being offered. The Texas Attorney General was informed that 29,498 Texas residents were affected. It is currently unclear how many individuals were affected in total.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Family Health Centers of Southern Indiana

Family Health Centers of Southern Indiana, a network of health centers in Jeffersonville, New Albany, Corydon, and Clarksville in Indiana, announced a data security incident on June 22, 2026, that may have resulted in unauthorized access to patient data.

Unauthorized network activity was identified on or around January 16, 2026. Its incident response plan was immediately initiated, and an investigation was launched to determine the nature and scope of the activity. The investigation confirmed that an unauthorized third party had access to parts of its network containing patient data, including names, dates of birth, contact information, demographic information, Social Security numbers, medical information, and health insurance information.

Family Health Centers of Southern Indiana has implemented additional technical safeguards, enhanced security measures, and updated its procedures related to data privacy and security. Complimentary credit monitoring and identity theft protection services have been offered to individuals whose Social Security numbers were involved.

The data breach is not yet shown on the HHS’ Office for Civil Rights website; however, the Indiana Attorney General was informed that the protected health information of 7,037 Indiana residents was compromised in the incident. The Termine threat group took responsibility for the incident and added Family Health Centers of Southern Indiana to its dark web data leak site, including samples of the stolen data. The group claims to have exfiltrated around 250 gigabytes of data.

Stephen W. Brown & Radiology Associates of Augusta

Stephen W. Brown & Radiology Associates of Augusta have been affected by a data breach at their third-party billing vendor, MCBS, LLC. MCBS was provided with patient information as part of its contracted duties, and discovered on or around September 26, 2025, that an unauthorized third party had gained access to systems containing that information.

After an extensive forensic analysis, MCBS determined that its systems were accessed by an unauthorized third party between September 22 and September 26, 2025. Individuals affected by the incident may have had some or all of the following data stolen in the incident: name, address, date of birth, Social Security number, diagnosis, treatment information, mental or physical condition, medical history, health plan beneficiary number, health insurance policy number/subscriber identification number, and other health insurance information.

MCBS said it is unaware of any misuse of the affected data; however, as a precaution, the affected individuals have been offered complimentary credit monitoring and identity theft protection services for 12 months. It is currently unclear how many patients of Stephen W. Brown & Radiology Associates of Augusta have been affected, or how many individuals were affected in total.

Wisconsin Department of Health Services

The Wisconsin Department of Health Services has recently reported a HIPAA breach to the HHS’ Office for Civil Rights that involved unauthorized access to the protected health information of 8,157 individuals. The affected individuals were Medicaid recipients who received benefits from the Wisconsin Supplementary Security Income program.

Letters were mailed to those individuals that contained personal and private information regarding an increase in their benefits. Some of those letters were inadvertently sent to outdated addresses. The error was identified on April 30, 2026, and further mailings to the incorrect addresses have been prevented. Up to 8,157 individuals were affected and have now been notified that their information may have been accessed by unauthorized individuals as a result of the error. Complimentary credit monitoring services have been offered to those individuals for 12 months.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist