Central Texas Pediatric Orthopedics Hacking Incident Affects 140,000 Patients
Hacking incidents have been announced by Central Texas Pediatric Orthopedics, Omni Healthcare Financial Holdings in North Carolina, and Community Dental Care in Minnesota.
Central Texas Pediatric Orthopedics
On March 6, 2025, Central Texas Pediatric Orthopedics notified the Texas Attorney General about a security incident involving unauthorized access to patient data. The breach report indicates that the protected health information of approximately 90,000 Texas residents was involved, and the April 4, 2025, breach report to the HHS’ Office for Civil Rights reveals 140,000 patients in total have been affected.
Central Texas Pediatric Orthopedics has uploaded a substitute breach notice to its website that states a security incident was identified on January 25, 2025. Assisted by third-party cybersecurity experts, Central Texas Pediatric Orthopedics determined that an unauthorized third party accessed its network between January 23 and January 26, 2025. On February 4, 2025, it was confirmed that some of the network locations accessed by the threat actor contained patient information and limited information of volunteers. The exposed information includes names, dates of birth, government-issued ID numbers such as passport numbers and state ID cards, medical information such as X-ray images, and health insurance information. Since the incident, Central Texas Pediatric Orthopedics has implemented several cybersecurity enhancements, including additional endpoint detection and response software.
The Qilin ransomware group claimed responsibility for the attack. The group is known to exfiltrate data and issue demands for payment to ensure its deletion. It is unclear if a ransom was paid.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Omni Healthcare Financial Holdings, North Carolina
Omni Healthcare Financial Holdings, the parent company of Omni Healthcare Financial LLC and Injury Finance LLC, has notified the Maine Attorney General about a security incident that involved the exposure of the personal information of 16,701 individuals, including 8 Maine residents.
Omni Healthcare primarily provides healthcare financial solutions to providers and patients, such as medical lien financing and pre-settlement funding following personal injury events. The security incident was detected on January 19, 2024, when network disruption was experienced. Third-party digital forensics experts were engaged to investigate the activity and confirmed unauthorized access to its network and potential theft of files containing sensitive data between January 18 and January 19, 2024. On August 24, 2024, it was confirmed that sensitive data was involved.
Third-party specialists were then engaged to identify up-to-date contact information to allow notification letters to be mailed. The information potentially compromised includes names, Social Security numbers, and other sensitive information. The affected individuals have been offered complimentary credit monitoring and identity theft protection services. On April 9, 2025, 15 months after the initial breach, the notification process was completed.
Community Dental Care, Minnesota
Community Dental Care, Inc., the largest Medicaid dental provider in Minnesota, recently announced a hacking and data theft incident that was first identified on December 20, 2024. Third-party cybersecurity experts were engaged to investigate anomalous network activity and confirmed that the network was first accessed by an unauthorized individual on December 6, 2024, and files were exfiltrated from its network.
On March 24, 2025, it was confirmed that the exposed data included names, addresses, dates of birth, Social Security numbers, driver’s license numbers or other government-issued identification numbers, passport numbers, medical information, and health insurance information. The types of data involved varied from individual to individual. Notification letters were mailed to the affected individuals on March 28, 2025.
The HHS’ Office for Civil Rights (OCR) has been notified, and the breach portal indicates that the electronic protected health information of 134,903 individuals was exposed in the incident. Community Dental Care said complimentary credit monitoring and identity theft protection have been made available to the affected individuals, and steps have been taken to harden security to prevent similar incidents in the future.
