New York Home Healthcare Provider Identifies Email Account Breach
Excellent Home Care Services in New York has identified unauthorized access to an employee’s email account. Sports Medicine & Orthopaedics in Rhode Island has discovered a ransomware attack on a server containing disused electronic health records.
Excellent Home Care Services
Excellent Home Care Services, LLC, in New York, has identified unauthorized access to an employee’s email account. Suspicious activity was identified in the account on November 25, 2025, and an investigation was launched to determine the nature and scope of the activity. The investigation confirmed that the account was accessed by an unauthorized individual for a brief period, during which time files containing patient data may have been viewed. Excellent Home Care Services was able to identify the types of files that had been exposed, but not the files that were viewed.
The affected data includes full names in combination with one or more of the following: address, phone number, date of birth, gender, Social Security number, Medicare/Medicaid number, and medical information related to your plan of care, which may have included diagnoses, medications, or plan of care documentation. The affected individuals were residents of Bronx, Kings, Nassau, New York, and Queens counties. Notification letters were mailed to all potentially affected individuals on December 17, 2025, and identity monitoring services have been made available. The incident is not yet shown on the HHS’ Office for Civil Rights website, so it is currently unclear how many individuals have been affected.
Sports Medicine & Orthopaedics Discovers Ransomware Attack
Sports Medicine & Orthopaedics in Rhode Island has recently reported a data breach that potentially involved unauthorized access to the personal and protected health information of up to 4,000 individuals. On October 10, 2025, the practice discovered that data on a server had been encrypted by ransomware. Sports Medicine & Orthopaedics said the practice has been closed for approximately 10 months and that the server contained an electronic medical record system that had previously been used by the practice but was not in active use.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Sports Medicine & Orthopaedics said names and addresses stored in the medical record system may have been compromised, although highly sensitive information such as Social Security numbers and financial information was not involved. “The data breach was secondary to a customer data breach involving a firewall. Our systems have been secured, and steps have been taken to prevent future incidents,” explained Sports Medicine & Orthopaedics in the substitute breach notice on its website.
