Data Breaches Confirmed by City of McKinney and Innovative Renal Care
Data breaches have recently been announced by the City of McKinney in Texas and Innovative Renal Care in Tennessee.
City of McKinney
The City of McKinney has recently confirmed that the protected health information of 17,751 individuals was compromised in an October 2024 cyberattack. The security breach was detected on November 14, 2024, with the forensic investigation confirming government systems were first breached on October 31, 2024. City officials did not provide further information on the nature of the attack, such as if ransomware was involved, and no ransomware group appears to have claimed responsibility for the attack. City officials said the unauthorized access was immediately severed and the Federal Bureau of Investigation, Department of Homeland Security, and the Texas Department of Information were contacted and provided assistance.
The forensic investigation confirmed on November 16, 2024, that files had been exposed and may have been stolen, and on December 30, 2024, it was confirmed that some of those files contained protected health information. The review of the files was recently completed, and on February 4, 2025, individual notification letters were mailed to all individuals for whom a valid mailing address could be found.
The types of data involved varied from individual to individual and may have included names, Social Security numbers, driver’s license numbers, credit card information, financial account information, and certain medical/health insurance information. The city is unaware of any misuse of the exposed data, but as a precaution, has offered the affected individuals one year of complimentary credit monitoring and identity theft protection services.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Innovative Renal Care
American Renal Management, dba Innovative Renal Care, a Franklin, TN-based network of dialysis centers and providers, has recently disclosed a data security incident detected on February 29, 2024. The forensic investigation confirmed that an unauthorized third party had access to certain computer systems between February 21, 2024, and March 1, 2024, and removed certain files from its network during that time.
Innovative Renal Care said it conducted an extensive review of all potentially exposed files, and that process was recently completed. The types of information involved varied from individual to individual and may have included some or all of the following: name, address, date of birth, Social Security number, driver’s license or state identification number, financial account information, taxpayer identification number, electronic signature, health insurance information, medical billing/claim information, medical diagnosis or condition information, medical prescription information, medical record number, medical treatment information, patient account number, and patient identification number.
While no evidence of misuse of the affected information has been identified, complimentary credit monitoring services have been offered to the affected individuals. Security policies have been reviewed, and additional measures have been implemented to prevent similar incidents in the future. The data breach has been reported to regulators, but it is currently unclear how many individuals were affected.
