Florida Law Firm Data Breach Affects 65,000 Individuals
A cyberattack at the law firm GrayRobinson has affected 65,000 individuals. Data breaches have also been announced by C2N Diagnostics in Missouri and Virta Health and Virta Medical in Colorado. GrayRobinson The Orlando, Florida-based law firm GrayRobinson, P.A., has notified the Maine Attorney General about a data breach affecting 65,113 individuals, including 52 Maine residents. Among those individuals, 54,131 people had their protected health information exposed in the incident. In its substitute data breach notice, GrayRobinson explained that unauthorized access to its network was detected on or around March 24, 2025. Immediate steps were taken to secure its network, and assisted by third-party cybersecurity specialists, the incident was investigated to determine the extent to which sensitive information had been compromised. The investigation confirmed that its network was accessed by an unauthorized third party between March 5, 2025, and March 24, 2025, and during that time, files containing personal and protected health information were exfiltrated from its network. The data...
Duke University Health System; Derick Dermatology Settle Class Action Pixel Lawsuits
Two more healthcare providers have settled lawsuits over their use of website tracking technologies: Duke University Health System and Derick Dermatology. Duke University Health System Pixel Settlement A lawsuit filed against North Carolina’s Duke University Health System over the use of tracking tools on its website has been settled. Like many healthcare providers, Duke University Health System had added tracking tools such as pixels to its website. These tools collect information about website users, which can be used to improve web services. These tools can also transmit the collected information to third parties, and when placed on healthcare websites, that information may include health information, depending on a user’s interactions on the website. A lawsuit was filed against Meta Platforms, Duke University Health System, WakeMed, and a defendant class of Facebook partner medical providers by plaintiffs Kim Naugle and Afrika Williams over the use of these tools. The claims against Meta Platforms were transferred to a separate class action lawsuit in California – In re...
Data Breaches Announced by Two Digestive Health Companies
Cyberattacks and data breaches have recently been announced by the national gastroenterology medical group Gastro Health and Spokane Digestive Disease Center in Washington. Gastro Health Gastro Health, a gastroenterology medical group with more than 200 locations in Florida, Alabama, Washington, Virginia, Ohio, Massachusetts, and Maryland, has announced an email security incident that exposed the protected health information of some of its patients. The incident was detected on February 25, 2026, when the company learned that some of its employees had responded to phishing emails, resulting in unauthorized access to their email accounts. A separate phishing incident was identified on March 2, 2026, resulting in a further email account being subject to unauthorized access. The review of the affected email accounts confirmed that they contained information such as names, dates of birth, Social Security numbers, and state or government-issued ID numbers. Protected health information in the accounts included diagnosis and treatment information, prescription information, provider/clinic...
Free HIPAA Training
Free HIPAA training can be a steppingstone to a better understanding of HIPAA rules and regulations and improved patient outcomes in healthcare environments. For these reasons, free HIPAA training can be beneficial for individuals wishing to learn more about HIPAA. The HIPAA Journal presents on this resource page comprehesive free HIPAA training that provides a thorough introduction to HIPAA. Table of Contents Why Sufficient Understanding of HIPAA is Important How Best to Support HIPAA Compliance Training HIPAA Overview HIPAA Definitions The HITECH Act The Main HIPAA Regulatory Rules HIPAA Omnibus Final Rule HIPAA Privacy Rule Basics HIPAA Security Rule Basics HIPAA Patient Rights HIPAA Disclosure Rules HIPAA Violation Consequences Preventing HIPAA Violations Being a HIPAA Compliant Employee Voluntary Foundation Courses for Individuals Free HIPAA Training FAQs HIPAA Training for Individuals Our HIPAA Certification training gives learners clear, practical guidance on what to do and why in real-world HIPAA scenarios. View Training The Gold Standard in HIPAA Training by The...
Cybersecurity Incidents Reported by Multiple Dental Practices
Data breaches have been announced by several dental practices: Bayside Dental (TX/WA), Aldrich Pediatric Dentistry (IN), Stafford Oral Surgery (VA), Garrisonville Dental (VA), and Drs. Abdelbaky, Boes, Cameron & Associates of Wake Forest and Cary Park (NC). Bayside Dental Bayside Dental, a dental practice with locations in Rowlett, Texas, and Anacortes, Washington, has experienced a cybersecurity incident. Unauthorized network access was identified on or around January 5, 2026, and the forensic investigation confirmed on March 13, 2026, that there had been unauthorized access to files containing patient data on January 5, 2026. Data potentially viewed or obtained in the incident included full names, dates of birth, Social Security numbers, medical treatment information, medical diagnostic information, prescription information, patient numbers, health insurance information, health insurance plan beneficiaries, and dates of service. Bayside Dental determined that the protected health information of up to 10,216 patients was potentially compromised in the incident. Bayside Dental...



