25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Ohio Living; Erlanger; Heart of America Eye Care Announce Data Breaches

Data breaches have recently been announced by the senior living company Ohio Living, Erlinger Health System in Tennessee, and Heart of America Eye Care in Missouri.

Ohio Living

The Westerville, Ohio-based nonprofit senior living company Ohio Living has identified unauthorized access to its network. Suspicious activity was identified within its computer network on April 17, 2026. Its network was secured, and an investigation was launched to determine the nature and scope of the activity, with assistance provided by third-party cybersecurity experts.

The forensic investigation confirmed unauthorized network access between April 16, 2026, and April 17, 2026, and the exfiltration of files containing patient information. While the specific types of information involved for each individual have yet to be determined, Ohio Living states that the categories of data likely involved include names, addresses, birth dates, Social Security numbers, medical histories, disability information, diagnostic and treatment information, prescription information, physician information, medical record numbers, health insurance information, and financial account/payment card information.

Ohio Living is reviewing its security policies and procedures and is implementing enhanced cybersecurity safeguards to prevent similar incidents in the future. The data review is ongoing, so the total number of affected individuals has yet to be determined. The HHS’ Office for Civil Rights has been informed that the data breach affected at least 500 individuals. The total will be updated when the data review is concluded.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Erlanger Health System

Erlanger Health System, a Chattanooga, Tennessee-based health system and operator of six hospitals and multiple healthcare facilities, has announced a security incident affecting a limited number of patients. The incident was detected on May 13, 2026, and affected 4,237 Erlanger Western California patients.

The investigation revealed that patient information was inadvertently sent to a billing partner that provides services for its Erlanger Tennessee campuses. The information was disclosed between July 1, 2025, and May 27, 2026, and related to individuals who had received anesthesia care. Those patients of Erlanger Western California received anesthesia care from a different anesthesia group.

The billing partner was a business associate and was therefore aware of its responsibilities with respect to HIPAA; however, it was an impermissible disclosure warranting breach notifications. The data transmitted included names, birth dates, medical record numbers, mailing addresses, email addresses, telephone numbers, internal hospital account numbers, insurance information, guarantor names, guarantor addresses, guarantor telephone numbers, dates of service, and limited medical information associated with surgical care, including operative notes.

Heart of America Eye Care

MVP VIP Holdco, doing business as Heart of America Eye Care, an ophthalmology and optometry services provider at its locations in Overland Park, Prairie Village and Shawnee Mission, KS, and Belton, MO, has notified regulators and patients about a hacking incident that exposed patient data.

The website breach notice does not state when the hacking incident was detected; however, the forensic investigation determined that patient information was viewed or copied from its systems between April 1, 2026, and April 6, 2026. The notice states that the investigation is underway to determine the extent to which protected health information was involved. The HHS’ Office for Civil Rights has been informed that the data breach affected at least 500 individuals. The total will be updated when the data review is concluded.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist