ProxyCare; Oscar Health; AccentCare Announce Data Breaches
Data incidents have recently been announced by ProxyCare in Florida, Oscar Health in New York, and AccentCare in Texas. ProxyCare, Florida ProxyCare LLC, a Sunrise, Florida-based provider of personalized pharmacy services, has started mailing notification letters to individuals impacted by an August 2025 cybersecurity incident. The company learned on August 22, 2025, that certain computer systems within its network environment had been affected by a cybersecurity incident. Third-party cybersecurity professionals were engaged to determine the nature and scope of the incident, and whether, and to what extent, patient information had been compromised. The investigation confirmed that patient data had been exposed, and following a comprehensive manual document review, ProxyCare determined on January 29, 2026, that files accessed or acquired by an unauthorized third party in the incident included names, dates of birth, Social Security numbers, and driver’s license numbers. Notification letters were mailed to the affected individuals on March 23, 2026, and individuals whose Social...
Maine House Unanimously Passes Bill to Strengthen Cybersecurity at Maine Hospitals
The Maine House of Representatives has voted unanimously to advance a bill that seeks to strengthen cybersecurity at Maine hospitals to prevent cyberattacks and ensure continuity of care following cyber intrusions. The bill faces further votes in the House and Senate in the coming days. The bill was proposed by Rep. Julie McCabe (D-Lewiston), a member of the Health and Human Services Committee, following two cyberattacks last year that impacted five Maine hospitals – Covenant Health’s St. Mary’s Hospital in Lewiston, St. Joseph’s Hospital in Bangor, and Central Maine Medical Center’s hospitals in Lewiston, Bridgton, and Rumford. The Covenant Health ransomware attack alone affected 478,188 individuals, and along with the cyberattack on Central Maine Medical Center, around one-third of state residents were affected. Those cyberattacks had a negative impact on patient care, crippling basic communication services, exposing serious breakdowns in hospitals’ protocols, and causing major disruption to patient care that lasted for weeks, including disruptions to preventative care and...
HIPAA Compliance for HR Managers and Directors in Small Medical Practices
Article Contents Protect all forms of dental PHI. Include all systems and treatment areas in the risk analysis. Use Business Associate Agreements where required. Maintain dental-specific privacy and marketing policies. Train staff for every role they perform. Keep the compliance program current. Prepare for common dental enforcement issues. Dental Office Manager Running HIPAA Compliance Program Dental practices handle sensitive patient information every day, from medical histories to x-rays to billing details, and all of this is regulated by HIPAA, which sets specific requirements for how that information gets protected. While Dental Services Organizations and other larger dental organizations may have dedicated staff to manage this, smaller dental practices usually do not, which means the responsibility typically lands on whoever manages the office day to day. Building that program starts with understanding what counts as patient information in a dental office, since it covers more than the basic chart. From there, looking at where that information lives, how it is protected,...
Trump Administration Proposes 12.5% Cut to HHS Budget for FY 2027
The HHS’ Office for Civil Rights (OCR) has long been seeking an increase to its budget to support its HIPAA enforcement activities; however, that is looking unlikely as the Trump Administration is seeking to cut funding for the Department of Health and Human Services (HHS) in 2027. The Trump Administration has proposed $111.1 billion in discretionary funding for fiscal year 2027, a $15.8 billion (12.5%) cut in funding compared to FY 2026. One of the main casualties is the National Institutes of Health (NIH), which faces a $5 billion cut to its budget, plus $5 billion in cuts through consolidations and eliminations of programs across several sub agencies, including the Health Resources and Services Administration (HRSA), Substance Abuse and Mental Health Services Administration (SAMHSA), Centers for Disease Control and Prevention (CDC), and the Office of the Assistant Secretary for Health (OASH). The Trump Administration is seeking to establish the Administration for a Healthy America (AHA), which, in part, will involve the elimination of programs that the Trump Administration says...
Critical Flaws Identified in Progress Software ShareFile Service
Two critical vulnerabilities have been identified in Progress Software’s ShareFile service. The flaws could potentially be chained by an unauthenticated remote attacker to make configuration changes and achieve remote code execution. While there have been no known cases of the vulnerabilities being exploited in the wild to date, vulnerabilities in file sharing software are actively targeted by threat actors, so attempted exploitation is likely. In 2023, a zero-day vulnerability in Progress Software’s MOVEit file transfer software was mass exploited by the Clop ransomware group, which claimed hundreds of victims worldwide. To a lesser extent, vulnerabilities in Fortra’s GoAnywhere, Accellion FTA, and Cleo MFT were also mass exploited. Users are therefore encouraged to apply the security updates promptly to prevent exploitation. The vulnerabilities affect ShareFile Storage Zones Controller v5 version deployments for customer-managed zones and include an authentication bypass flaw tracked as CVE-2026-2699 and a remote code execution flaw tracked as CVE-2026-2701. According to Progress...



