Two Disability Service Providers Announce Data Breaches Affecting 8,100 Patients
Two providers of disability services have announced security incidents. The cyberattacks on Reimagine Network in California and the Center for Disability Services in New York have affected more than 8,100 individuals.
Reimagine Network, California
Reimagine Network, a Santa Ana, California-based provider of disability services, recently reported a data breach to the HHS’ Office for Civil Rights that has affected up to 4,799 individuals. Network disruption was experienced on June 23, 2025, indicative of a cyberattack. Third-party cybersecurity experts were engaged to investigate and confirmed unauthorized network access and the potential exfiltration of files containing sensitive patient data.
The file review was completed on August 6, 2025, and notification letters have now been sent to all potentially affected individuals. The types of information involved vary from individual to individual and may include names plus one or more of the following: address, phone number, date of birth, Social Security number, diagnosis/conditions, medications, and health insurance information.
IT security experts have assessed the security of its network, and security enhancements have been made to prevent similar incidents in the future. Complimentary credit monitoring services and identity theft protection services have been offered to all affected individuals, who have been encouraged to sign up for those services to ensure their information is protected.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Center for Disability Services, New York
The Center for Disability Services in Albany, New York, has provided more information on a data security incident reported to the HHS’ Office for Civil Rights on August 8, 2025. On or around June 10, 2025, suspicious activity was identified in an employee’s email account. The account was secured, and an investigation was launched to determine the cause of the activity.
The investigation confirmed unauthorized access to the employee’s email account and other employee email accounts between June 19, 2025, and June 25, 2025. The accounts were reviewed and found to contain the protected health information of 3,343 individuals, including names, demographic information, medical information, and health insurance information. A limited number of the affected individuals also had their Social Security numbers, driver’s license numbers/state identification card numbers, and/or financial account information exposed.
The Center for Disability Services is reviewing its data security policies and procedures and will take steps to prevent similar incidents in the future.
