Hematology Oncology Consultants; Southcoast Health; Cunningham Prosthetic Care Announce Data Breaches
Data breaches have recently been announced by Hematology Oncology Consultants in Michigan, Cunningham Prosthetic Care in Maine, and Southcoast Health System in Massachusetts.
Hematology Oncology Consultants
Hematology Oncology Consultants in Michigan have started notifying individuals affected by a September 20, 2025, security incident. Upon detection, immediate action was taken to secure its network and prevent further unauthorized access, and an investigation was launched to determine the nature and scope of the unauthorized activity. On or around February 12, 2026, Hematology Oncology Consultants confirmed that files containing personal and protected health information were likely exfiltrated from its network.
The review of the affected files was completed on April 7, 2026, and notification letters started to be mailed to the affected individuals on April 24, 2026. Data compromised in the incident includes names, medical records, health insurance information, and Social Security numbers. While not described as a ransomware attack, the Rhysida ransomware group claimed responsibility for the attack. Rhysida threatens to sell or publish the stolen data if the ransom is not paid. The group claims to have sold some of the stolen data and has leaked 40% of the data exfiltrated in the attack. The incident has been reported to regulators, although it is currently unclear how many individuals have been affected.
Cunningham Prosthetic Care
The Saco, Maine-based orthotic and prosthetic service provider Cunningham Prosthetic Care has started notifying patients about a data security incident first identified on October 22, 2025. Suspicious activity was identified within an employee’s email account, and upon investigation, unauthorized access to the account was confirmed as occurring on October 22, 2025. The account was reviewed, and after around 4 months, it was confirmed that the account contained personal and protected health information, including names, health insurance information, diagnostic information, medical treatment information, and medical record numbers. The affected individuals started to be notified by mail on May 1, 2026. The data breach has been reported to the appropriate authorities, but at present, the number of affected individuals has yet to be publicly disclosed.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Southcoast Health
Southcoast Health System, a nonprofit community health system with more than 55 locations in Southeastern Massachusetts and Rhode Island, has identified unauthorized access to a single user account on February 16, 2026. The security incident was identified on the same day, and unauthorized access was immediately blocked. While the incident was detected quickly, it is possible that sensitive data such as names and Social Security numbers were viewed or acquired. As a precaution against data misuse, the affected individuals have been offered complimentary single-bureau credit monitoring and identity theft protection services. At the time of publication, the number of affected individuals had not been publicly disclosed.
