ID Care & CommuniCare Announce Data Breaches
ID Care in New Jersey and Barrio Comprehensive Family Health Care Center (CommuniCare) in Texas have confirmed that patients’ personal and protected health information have been compromised in recent data security incidents.
ID Care
ID Care, a New Jersey-based network of board-certified infectious disease specialists, has recently disclosed a data security incident that involved unauthorized access to the personal and protected health information of current and former patients.
Suspicious activity was identified within certain systems on November 5, 2025. Industry-leading cybersecurity specialists were engaged to investigate the activity and confirmed that an unknown actor gained access to its network and accessed or downloaded files without authorization.
ID Care is currently reviewing the affected files, and while that process has not yet been completed, ID Care has confirmed that the affected files contained full names, dates of birth, Social Security numbers, health insurance information, and medical information, including diagnoses, treatment information, and prescription information.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Policies and procedures are being reviewed to reduce the likelihood of similar incidents in the future, and the HHS’ Office for Civil Rights has been notified about the data breach. The data breach is not yet shown on the OCR breach portal, so the scale of the breach is currently unclear.
Barrio Comprehensive Family Health Care Center (CommuniCare)
Barrio Comprehensive Family Health Care Center (CommuniCare), a non-profit clinic in San Antonio, Texas, has identified unauthorized access to an employee’s email account. The email account breach was identified on September 16, 2025, and third-party cybersecurity experts were engaged to determine the nature and scope of the unauthorized activity. CommuniCare determined that emails in the account had been accessed without authorization, some of which contained patient information.
Following a lengthy review of the affected emails and files, CommuniCare determined on February 19, 2026, that they contained first and last names, in combination with one or more of the following: dates of birth, health insurance account/member/group numbers, clinical information, diagnoses, medical treatment/procedure information, prescription information, provider locations, and patient account numbers.
CommuniCare said it is unaware of any misuse of patient data as a result of the incident, nor does it have any reason to believe that any information in the compromised account will be misused; however, the affected individuals have been advised to remain vigilant against data misuse by monitoring their accounts, explanation of benefits statements, and free credit reports for suspicious activity. The HHS’ Office for Civil Rights breach portal shows that 19,971 individuals have been affected.
