25% off all training courses Offer ends May 8, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 8, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Hackers Breach Systems of HIPAA-Regulated Entities in Missouri, Nevada, Texas & Wisconsin

Posted By on Feb 13, 2025

Kansas City Hospice & Palliative Care in Missouri, Apex Custom Software in Texas, ARC Community Services in Wisconsin, and REMSA Health in Nevada have experienced hacking incidents that potentially involved unauthorized access to patient data.

Kansas City Hospice Falls Victim to Black Suit Ransomware Attack

Kansas City Hospice & Palliative Care in Missouri is notifying 3,621 individuals about a 2024 ransomware attack. Kansas City Hospice confirmed that third-party digital forensics experts were engaged to investigate the incident and determine the extent and scope of the unauthorized activity. While the attack disrupted certain IT systems, services continued to be provided to patients throughout the attack and recovery. The recovery process has now been completed, and steps are being taken to improve security.

It is unclear exactly when the attack occurred, when it was detected, or the exact types of data compromised in the incident. On October 19, 2024, the Black Suit ransomware group added Kansas City Hospice to its data leak site, claiming 600+GB of data was stolen in the attack including “users data, business data, employee data, financial data, [and] other data.” The data has been leaked on the Black Suit dark web data leak site, indicating the ransom was not paid.

Hacking Group Steals Data from Texas Healthcare Software Developer

Apex Custom Software, a Texas-based software developer for the healthcare industry, reported a data breach to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) on January 22, 2025, that affected 1,500 individuals. There is currently no substitute breach notice on the company website, and the data breach is not yet shown on the Texas Attorney General’s website, so details of the breach are unclear; however, a threat group has claimed responsibility for the attack.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

A hacking group known as 0mid16B contacted databreaches.net claiming responsibility for the attack on January 16, 2025. The group claimed to still have access to its network on January 29, 2025, and said data had been exfiltrated and deleted from its server. A ransom demand was issued along with a threat to publish the stolen data.  It is currently unclear what types of patient data were stolen in the attack or how many Apex clients were affected.

ARC Community Services Falls Victim to Cyberattack

ARC Community Services, a women’s services agency in Madison, WI, has recently announced that patient and employee information was compromised in a security incident on November 1, 2024.  Cybersecurity experts were engaged to investigate the security incident and confirmed that certain data may have been viewed or acquired by an unauthorized third party.

ARC Community Services has published a statement on its website to warn patients and employees about the security incident, which is still under investigation to determine the number of individuals affected and the types of data involved. When that process concludes, individual notifications will be issued to the affected individuals who will be provided with further information and resources. The breach has been reported to the HHS’ Office for Civil Rights using a placeholder figure of 501 affected individuals and will be updated when the file review is concluded.

REMSA Health Confirms Cyberattack on Computer-aided Dispatch System

REMSA Health, the emergency medical services provider for Washoe County, Nevada, has announced that its security and anti-virus software identified a cyberattack on its computer-aided dispatch (CAD) system, forcing the implementation of CAD downtime protocols. REMSA Health said an investigation has been launched to determine the extent of the breach. The CAD system provides supplementary support to emergency medical dispatchers, and while that system was temporarily disrupted, the 911 ground ambulance and Care Flight air ambulance system were not affected and there was no delay to patient care. It is currently unclear to what extent, if any, patient data was involved.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist