25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Greater Pittsburgh Orthopedic Associates Data Breach Affects Almost 57,000 Individuals

Posted By on Feb 24, 2026

Greater Pittsburgh Orthopedic Associates has experienced a ransomware attack that has affected almost 57,000 individuals. Data breaches have also been announced by Triad Radiology Associates in North Carolina and North East Medical Services in California.

Greater Pittsburgh Orthopedic Associates, Pennsylvania

Greater Pittsburgh Orthopedic Associates in Pennsylvania has recently reported a data breach to the Maine Attorney General involving unauthorized access to the personal and protected health information of up to 56,954 individuals, including 3 Maine residents.

According to the notice, anomalous network activity was identified on August 10, 2025. Incident response protocols were initiated, and third-party cybersecurity experts were engaged to assist with the investigation, help secure its IT environment, and harden security. The investigation confirmed that patient data was exposed in the incident, and the review of that data has recently been completed. The exposed data elements vary from individual to individual and may include names in combination with one or more of the following: mailing address, Social Security number, and provider name.

Notification letters started to be mailed to the affected individuals on or around February 5, 2026, and at the time of issuing those notifications, no evidence had been found to indicate any patient data had been misused; however, as a precaution, the affected individuals have been offered complimentary single bureau credit score, credit report, and credit monitoring services. The Ransomhouse ransomware group claimed responsibility for the breach and said it encrypted files and exfiltrated data from its network. While the group claims that it will publish the stolen data, its dark web data leak site only includes an “evidence pack,” which currently cannot be downloaded.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Triad Radiology Associates, North Carolina

Triad Radiology Associates, a North Carolina-based physician practice providing medical imaging and radiology services, has notified 11,011 individuals about unauthorized access to an employee’s email account containing electronic protected health information. Suspicious activity was identified within the email account on or around July 30, 2025. After securing the account, an investigation was launched to determine the nature and scope of the activity, with assistance provided by third-party cybersecurity experts.

According to its data breach notice, “Our investigation determined that a limited amount of information may have been accessed between July 11, 2025, and September 8, 2025.”  That suggests that despite securing the account, unauthorized access continued for almost 40 days after the incident was first identified. Triad Radiology said its file review confirmed that the information exposed in the incident included names, addresses, dates of birth, Social Security numbers, driver’s license numbers, bank account information, medical information, and health insurance information. Triad Radiology has reviewed its data security policies and procedures and is taking steps to prevent similar incidents in the future. The affected individuals have been offered complimentary credit monitoring and identity theft protection services.

North East Medical Services, California

North East Medical Services, a San Francisco, California-based network of community health centers in the San Francisco Bay Area and Las Vegas, has recently disclosed a data breach to the California Attorney General. On October 19, 2025, suspicious activity was identified within its computer systems. Third-party cybersecurity experts have been engaged to investigate the incident, and unauthorized network access was confirmed.

The exposed data is currently being reviewed, and North East Medical Services has yet to determine how many individuals have been affected or the types of data involved. Notification letters will be mailed to the affected individuals when the data review is concluded. In the meantime, all patients have been advised to remain vigilant against incidents of identity theft and fraud by monitoring their accounts and explanation of benefits statements for suspicious activity.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist