25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Carolina Foot & Ankle Associates Notifies Patients About December 2025 Cyberattack

Posted By on Feb 26, 2026

Cyberattacks and data breaches have been announced by the healthcare providers Carolina Foot & Ankle Associates, New Age Dermatology, and Marin Cancer Care.

Carolina Foot & Ankle Associates

The North Carolina podiatry practice, Carolina Foot & Ankle Associates, is notifying patients that some of their personal and protected health information was exposed in a December 2025 cybersecurity incident. The incident was detected on December 8, 2025, when it experienced a network disruption. Third-party cybersecurity experts were engaged to investigate the incident and confirmed that an unauthorized third party had accessed its network and exfiltrated files containing patient data.

The file review has recently been completed, and confirmed that patient data had been compromised, including first and last names, phone numbers, dates of birth, medical record numbers, health insurance information, diagnostic/CPT codes, and dates of service. The types of data involved varied from individual to individual. Carolina Foot & Ankle Associates said Social Security numbers and financial information were not compromised in the incident, and there was no unauthorized access to its electronic medical record system.

When the breach was detected, immediate enhancements were made to security to prevent further data security incidents, and law enforcement was notified. As a precaution against data misuse, the affected individuals have been offered complimentary credit monitoring and identity theft protection services. The breach has been reported to the HHS’ Office for Civil Rights using a placeholder estimate of at least 501 affected individuals.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

New Age Dermatology

New Age Dermatology LLC has notified the Massachusetts Attorney General about a ransomware attack that was identified on or around December 20, 2025. According to the notice, the ransomware attack affected an internal server, which has been rendered inoperable and inaccessible.  Law enforcement has been notified, and an investigation has been launched, with assistance provided by third-party cybersecurity professionals.

At this stage of the investigation, New Age Dermatology has yet to determine the specific types of information involved or the number of individuals affected, but explained that information likely compromised in the incident includes personal and protected health information typically found in patient records, including names, dates of birth, medial and treatment information, diagnostic images, photographs, and Social Security numbers may have been compromised. New Age Dermatology has found no evidence to suggest that its electronic medical record system was compromised in the incident. At the time of writing, no ransomware group appears to have claimed responsibility for the attack.

New Age Dermatology is unaware of any data misuse, but as a precaution, the affected individuals have been offered complimentary credit monitoring and identity theft protection services for 12 months.

Marin Cancer Care

Marin Cancer Care, a provider of cancer treatment in Larkspur, California, has alerted patients to an incident involving unauthorized access to its computer network. An intrusion was detected on or around December 8, 2025, and assisted by third-party investigators, Marin Cancer Center learned that an unauthorized third party had access to its computer network between November 22, 2025, and December 6, 2025, during which time files containing patient information may have been viewed or acquired.

The investigation and file review are ongoing to determine the affected individuals and the types of information involved. Marin Cancer Care has confirmed that names, medical information, and health insurance information were likely involved. Patients have been advised to remain vigilant against incidents of identity theft and fraud by reviewing their account statements and monitoring their free credit reports for suspicious activity.

April 2026 update: Main Cancer Care has confirmed that files were exfiltrated from its network, and complementary identity monitoring services have been offered to the affected individuals.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist