$3.5 Million Mindpath Health Data Breach Settlement Gets First Nod
A California Superior Court judge has given preliminary approval to a settlement to resolve litigation against Community Psychiatry Management, LLC, operating as Mindpath Health, to resolve a class action lawsuit stemming from two email data breaches in 2022 that affected 193,947 individuals. Mindpath Health is a California-based mental health service provider serving patients in seven U.S. states. In March 2022 and again in June 2022, unauthorized individuals gained access to Microsoft Office 365 business accounts that contained the protected health information of Mindpath Health patients and other individuals. The breach was discovered in June during a routine audit of its email environment, which identified suspicious account activity. The investigation confirmed that two email accounts had been subject to unauthorized access in March and June 2022, exposing names, addresses, Social Security numbers, dates of birth, medical diagnoses, prescriptions, treatment information, and health insurance information. Notification letters were sent to the affected individuals on January 10,...
Health Plan Members’ PHI Exposed in Cyberattack on Fieldtex Products
Data breaches have been announced by Fieldtex Products in New York State and the Utah ear, nose & throat specialists, Cache Valley Ear ENT. Fieldtex Products, New York Fieldtex Products, a medical supply fulfillment organization based in Rochester, New York, has announced a data security incident involving unauthorized access to its computer systems. The intrusion was identified on August 19, 2025, and action was immediately taken to secure its network and prevent further unauthorized access. A third-party digital forensics team was engaged to investigate the incident, which confirmed that a limited amount of protected health information had been exposed and may have been accessed or stolen in the attack. The exposed data related to the over-the-counter healthcare-related products provided by Fieldtex to members of its health plan clients. In order to provide those products, health plans provided Fieldtex with protected health information such as patient names, addresses, dates of birth, insurance member identification numbers, plan names, effective terms, and gender. The...
HIPAA Compliance for Urgent Care Clinics
Due to the emotions that can manifest during emergency events, HIPAA compliance and urgent care do not go hand-in-hand, providing a challenge for urgent care clinics. It can also be the case that shortcuts are taken with compliance during emergency events in order to administer urgent care as quickly as possible. These factors can lead to multiple HIPAA violations, and staff dealing with emergencies need standard HIPAA training and also additional HIPAA training for emergency situations. There has been an increasing amount of research done into the role of emotions in clinical decision-making and patient safety in urgent care settings. The conclusions tend to be that more needs to be done via training initiatives “to promote awareness of emotional influences and consider strategies for managing these influences”. While HIPAA compliance does not have the same importance as optimizing patient safety, it too can be influenced by emotions. This is especially true in the context of HIPAA compliance and urgent care due to the serious nature of injuries treated in urgent care environments...
Main Line Fertility Center Settles Tracking Technology Lawsuit
Main Line Fertility Center in Pennsylvania will pay cash payments to individuals whose sensitive data may have been disclosed to third parties via website tracking technologies. Like many healthcare providers, Main Line Fertility Center deployed third-party tracking tools and analytics code on its public website, including Meta Pixel. While these tools can provide valuable data to website owners, their use is problematic in healthcare due to the potential for sensitive data to be transferred to the providers of those tools. Depending on how and where these tools are deployed, they can potentially transfer personally identifiable and health information to those third parties. In the case of Main Line Fertility Center, it was alleged to have used these tools without patients’ knowledge or consent, resulting in individually identifiable information being transferred to third parties, such as Meta. Anonymous plaintiff Jane Doe filed a lawsuit – Jane Doe v. Main Line Fertility, Ltd. – in the Court of Common Pleas of Philadelphia County, Pennsylvania, alleging the use of these...
Data Breaches Announced by Ennoble Care & Circa Health; Dermatology Associates of Concord
Data breaches have recently been announced by Ennoble Care & Circa Health in New Jersey and Dermatology Associates of Concord in Massachusetts. Ennoble Care/Circa Health, New Jersey Ennoble Care & Circa Health, LLC, a Hackensack, NJ-based provider of primary care, palliative care, and hospice services to individuals in Georgia, Kansas, Maryland, New York, New Jersey, Oklahoma, Pennsylvania, Virginia, and Washington, D.C., has announced an email account breach that was identified on April 17, 2025. Ennoble Care said the investigation into the incident is ongoing; however, it has been determined that patient information has been exposed and may have been obtained by an unauthorized individual. The types of information involved include names, addresses, dates of birth, hospice status, status dates, and orders status (CTI, SN, MSW, CH, HHA, etc.). No evidence was found to indicate that its cloud-based electronic health record was compromised. While no evidence has been found to indicate misuse of the exposed data, the affected individuals have been advised to remain vigilant...



