25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

PHI Exposed in Cyberattacks on Gaia Software & Pinnacle Orthopaedics & Sports Medicine Specialists

Posted By on Jul 4, 2024

Gaia Software has disclosed details of a February 2024 cyberattack, Pinnacle Orthopaedics & Sports Medicine Specialists are investigating an April 2024 cyberattack, and OB GYN Specialists of Lima have discovered the improper disposal of patient data.

Gaia Software

Gaia Software, a provider of electronic medical record and billing management software services to Americare Renal Center, has mailed notification letters to patients whose protected health information was compromised in a February 2024 cyberattack.

Gaia Software notified the HHS’ Office for Civil Rights about the breach on April 5, 2024, and confirmed in the breach report that the protected health information of 56,676 individuals had been compromised in the incident. The investigation into the incident concluded on April 19, 2024; however, details about the attack have only recently been made public.

According to the breach notification letters that were mailed on June 28, 2024, Gaia Software detected the cyberattack on or around February 5, 2024. The breach notification letters do not state whether ransomware was involved, only that the threat actor “attempted to infiltrate Gaia’s computer network and demand a ransom payment.”

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Gaia Software said it has not detected any misuse of patient data but has confirmed that patient information was exposed and was potentially stolen in the attack. The types of data involved varied from individual to individual and may have included names, addresses, dates of birth, Social Security numbers, health insurance information, and/or health information.

Gaia Software said it is implementing additional safeguards and enhanced security measures to prevent similar incidents in the future and is reviewing information life cycle management. As a precaution against identity theft and fraud, the affected individuals have been offered complimentary single bureau credit monitoring/single bureau credit report/single bureau credit score services.

Pinnacle Orthopaedics & Sports Medicine Specialists

On June 21, 2024, Pinnacle Orthopaedics & Sports Medicine Specialists in Marietta, GA, announced that an unauthorized third party gained access to its computer network and potentially obtained patient data. The intrusion was detected on or around April 22, 2024, and steps were immediately taken to prevent further unauthorized access. Third-party cybersecurity experts were engaged to investigate to determine the nature and scope of the security breach.

On or around April 29, 2024, Pinnacle confirmed that the protected health information of fewer than 10 patients had been stolen. Those patients were notified but as the investigation continued it became clear that more patients had been affected. On or around June 7, 2024, Pinnacle determined that the protected health information of more than 500 patients had been exposed. Pinnacle is currently undertaking a detailed review of the exposed files and cannot confirm at this stage exactly how many patients have been affected. Those individuals will be notified when the investigation is completed.

Pinnacle said the types of information involved vary from individual to individual and may include names, dates of birth, medical/health information, treatment/diagnostic information, health insurance information, and/or billing/payment information. Pinnacle said it is implementing enhanced security measures to prevent similar incidents in the future.

OB GYN Specialists of Lima

OB GYN Specialists of Lima in Ohio have notified 1,100 patients that some of their personal and protected health information has been exposed in an improper disposal incident. The incident was detected on June 14, 2024, and attempts were made to retrieve the documents, but it was not possible to retrieve them all.

The documents related to visits to its office between June 5, 2024, and June 13, 2024, and included the demographic information that is printed when patients visit, which may have also included test results. Steps have since been taken to prevent similar HIPAA compliance failures in the future.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist