Study of Healthcare Websites Shows Widespread and Risky Use of Tracking and Analytics Tools
A recent analysis of healthcare websites has revealed that the majority use marketing and analytics tools that could potentially disclose sensitive data to third parties. The study was jointly conducted by Piwik PRO, a privacy-first web analytics platform provider, and Verified Data, an automated audit platform that helps organizations verify analytics accuracy, data quality, and privacy compliance. Healthcare organizations have faced increased scrutiny of their use of website tracking and analytics tools in recent years, after studies revealed these tools were being routinely used on healthcare websites, in some cases on authenticated pages, and were disclosing sensitive data to third parties. These tools collect and transmit information to third parties about website use, which may include protected health information – personally identifiable health information that HIPAA requires regulated entities to protect. Major HIPAA breaches have been reported to the HHS’ Office for Civil Rights (OCR) related to these tools, including by Advocate Aurora Health, Kaiser Permanente, Novant...
Aitkin County Health and Human Services Data Breach Affects 81,000 Individuals
Aitkin County Health and Human Services in Minnesota has identified a breach of its email environment. Data breaches have also been confirmed by Decatur Diagnostic Laboratory in Alabama and Gem State Dermatology in Idaho. Aitkin County Health and Human Services, Minnesota Aitkin County Health and Human Services in Minnesota has identified a breach of its email environment. On April 8, 2026, an email account was found to be sending phishing emails. Immediate action was taken to secure its email system, and an investigation was launched to determine the scope of the breach. Assisted by third-party digital forensics experts, Aitkin County HHS determined that there had been unauthorized access to three employee email accounts between April 7, 2026, and April 8, 2026. The investigation confirmed that the contents of one of the accounts had been downloaded. The accounts were reviewed and found to contain the protected health information of 83,114 individuals, including names, addresses, dates of birth, Social Security numbers, dates of service, locations of service, individual case...
Accenture Confirms Intrusion After Hacker Claims 35GB Data Breach
Accenture, one of the world’s largest consulting firms, has confirmed it has experienced a security breach, shortly after a hacker claimed to have breached its systems and exfiltrated 35GB of data from the company. Accenture has confirmed that it identified the source of the intrusion and remediated the incident, and that it had no impact on its financial position or operations. Accenture provides professional services to help businesses and governments solve complex problems and assist them with the implementation of new technologies, cloud migrations, along with managed services to help them run day-to-day business processes. Its client list includes many Fortune 500 companies. On July 6, 2026, a cybercriminal hacker with the handle “888” added a post titled “Accenture Data Breach” to a cybercrime forum claiming to have stolen 35 GB of data including source code, RSA keys, SSH keys, Azure Personal Access Tokens (PATs), Azure Storage access keys, configuration files, and other data. The hacker was offering the data for sale, requesting payment in the Monero digital currency. The...
Drug and Alcohol Treatment Services Settles Data Breach Litigation
Drug and Alcohol Treatment Services, Inc., a Scranton, Pennsylvania-based provider of drug and alcohol addiction services, has agreed to settle class action litigation stemming from an October 2024 ransomware attack. The attack resulted in the theft of the personal and protected health information of employees and patients. The HHS’ Office for Civil Rights was informed that 22,215 patients were affected. Data exposed or stolen in the incident included names, dates of birth, Social Security numbers, health insurance information, medical billing/claims information, patient account numbers, prescription/medication information, and diagnosis/treatment information. Eight class action lawsuits were filed in response to the data breach, which were consolidated into a single complaint – Leo Woytach, et al v. Drug and Alcohol Treatment Services, Inc. – in the Court of Common Pleas of Lackawanna County, Pennsylvania. The consolidated lawsuit asserted claims for negligence, negligence per se, breach of contract, breach of implied contract, breach of fiduciary duty, breach of confidence,...
ERMI; McLeod Physician Associates; Centers for Dialysis Care Announce Data Breaches
Data breaches have been announced by the Georgia-based medical equipment company ERMI, McLeod Physician Associates in South Carolina, and the Centers for Dialysis Care in Ohio. More than 101,000 individuals have been affected by these three incidents. ERMI LLC, Georgia ERMI LLC, A Georgia manufacturer of medical equipment for orthopedic patients, has experienced a significant data breach involving unauthorized access to systems containing the electronic protected health information of 74,074 patients. Unauthorized access to its systems was identified on or around August 14, 2025. Assisted by third-party cybersecurity experts, ERMI determined that certain systems had been accessed by an unauthorized third party between February 15, 2025, and August 14, 2025, during which time files containing patient information may have been viewed or acquired. An extensive manual review of the affected data was completed on or around April 17, 2026, and confirmed that the exposed data included names in combination with one or more of the following: Social Security number, driver’s license number,...



