25% off all training courses Offer ends May 8, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 8, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Email Account Breaches Reported by Access TeleCare & Madison County, MS

Posted By on Mar 19, 2025

Access TeleCare in Texas and Madison County, Mississippi have reported breaches of employee email accounts, and the California Department of Child Support Services has discovered an employee emailed sensitive data to a personal email account.

Access TeleCare, Texas

The Dallas, TX-based acute and specialty telemedicine provider Access TeleCare identified unauthorized access to an employee’s email account on January 8, 2024. An investigation was launched which revealed an unauthorized third party had access to the email account for 2 months since November 6, 2023, and other email accounts may also have been accessed. During the two months, it is possible that emails and attachments were downloaded from the account.

A data review vendor was engaged, and Access TeleCare was provided with the final results of the review on August 30, 2024; however, it took until March 4, 2025, for individual notifications to be mailed. Access TeleCare said the four-and-a-half-month delay from receiving the final results to issuing notification letters was due to the time-intensive process of reviewing and verifying the affected information and obtaining address information to allow notification letters to be mailed.

The information compromised in the incident varied from individual to individual and may have included names in combination with one or more of the following: date of birth, medical record number, patient account number, patient ID, diagnoses, treatment and procedure information, clinical information, provider locations, provider names, and prescription information. Access TeleCare said it is unaware of any misuse of the affected information and is issuing notification letters out of an abundance of caution. The affected individuals have been offered free credit monitoring and identity theft protection services for 12 months, and Access TeleCare has implemented additional security measures to prevent similar incidents in the future.  The breach was reported to the Office for Civil Rights as affecting 62,669 individuals.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Madison County, Mississippi

Madison County in Mississippi has notified 6,082 individuals about a breach of some of their protected health information. On or around November 18, 2024, suspicious activity was identified in an employee email account. On February 17, 2025, external cybersecurity experts confirmed that an unauthorized third party accessed the email account between November 13 and November 17, 2024, Emails and attachments may have been viewed or downloaded during that time.

The data review confirmed that the email account contained names, dates of birth, Social Security numbers, driver’s license numbers, state identification and other government identification numbers, financial account information, medical information, and health insurance information. Individual notification letters were mailed to the affected individuals on March 5, 2025, and those individuals have been offered complimentary credit monitoring services. County officials have confirmed that steps have been taken to improve email security to prevent similar incidents in the future.

California Department of Child Support Services

The State of California Department of Child Support Services has notified the California Attorney General about a potential unauthorized disclosure of sensitive data in an email incident. On January 14, 2025, an employee emailed a document to a personal email account. The document contained children’s first and last names, dates of birth, addresses, and Social Security numbers, and the same types of information for non-minors plus driver’s license numbers. The Department of Child Support Services said it is reviewing and revising its policies and procedures to reduce the risk of similar incidents in the future. It is currently unclear how many individuals had their data exposed in the incident.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist