Data Breaches Announced by Ennoble Care & Circa Health; Dermatology Associates of Concord
Data breaches have recently been announced by Ennoble Care & Circa Health in New Jersey and Dermatology Associates of Concord in Massachusetts.
Ennoble Care/Circa Health, New Jersey
Ennoble Care & Circa Health, LLC, a Hackensack, NJ-based provider of primary care, palliative care, and hospice services to individuals in Georgia, Kansas, Maryland, New York, New Jersey, Oklahoma, Pennsylvania, Virginia, and Washington, D.C., has announced an email account breach that was identified on April 17, 2025.
Ennoble Care said the investigation into the incident is ongoing; however, it has been determined that patient information has been exposed and may have been obtained by an unauthorized individual. The types of information involved include names, addresses, dates of birth, hospice status, status dates, and orders status (CTI, SN, MSW, CH, HHA, etc.). No evidence was found to indicate that its cloud-based electronic health record was compromised.
While no evidence has been found to indicate misuse of the exposed data, the affected individuals have been advised to remain vigilant against identity theft and fraud by monitoring the explanation of benefits statements that they receive from their health insurance providers. The data breach is not currently shown on the HHS’ Office for Civil Rights website, so it is currently unclear how many individuals have been affected.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Dermatology Associates of Concord, Massachusetts
Dermatology Associates of Concord (DAC), a provider of dermatology services to individuals in the greater Boston area, has notified the Massachusetts Attorney General about a recent security incident affecting a currently undisclosed number of individuals. Suspicious activity was identified within its computer systems on September 19, 2025. Assisted by third-party cybersecurity experts, DAC determined that an unauthorized third party accessed a specific computer system between September 18, 2025, and September 19, 2025, and copied files from that system.
The files are being reviewed to determine the types of data involved and the individuals affected, and that process has not yet concluded. While data was stolen, DAC is unaware of any misuse of that information. DAC said it has notified law enforcement about the incident and has augmented its security protocols to prevent similar incidents in the future.
Notification letters will be mailed to the affected individuals when the data review is completed, and complimentary single-bureau credit monitoring, credit report, credit score, and fraud assistance services will be made available to the affected individuals for a period of 24 months.
