25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Minidoka Memorial Hospital Recovering from Easter Cyberattack

Posted By on Apr 22, 2026

Minidoka Memorial Hospital was the victim of a cyberattack on Easter morning, and two further healthcare providers have confirmed they have been affected by the data breach at business associate Doctor Alliance: A Path of Care Home Health and Hospice and Team Select Holdings.

Minidoka Memorial Hospital, Idaho

Minidoka Memorial Hospital in Rupert, Idaho, has confirmed media reports of a cybersecurity incident. On April 17, 2026, Minidoka Memorial Hospital issued a statement on its Facebook page confirming that it experienced a cyber incident on Easter morning that temporarily impacted some of its computer systems.

While the incident did not prevent the hospital from providing care to patients, certain emergency patients were transferred to Intermountain Health Cassia Regional Hospital due to the inability to access certain medical imaging systems. Full access to those systems was restored on April 19, 2026. Minidoka Memorial Hospital said it was not necessary to postpone scheduled appointments, and patients with new health concerns continued to be treated, with the hospital operating under established downtime procedures until such time as systems are restored.

The investigation into the incident is ongoing, and the extent of unauthorized access to patient data has yet to be determined. According to Databreaches.net, a new threat group called Blackwater has claimed responsibility for the attack and has threatened to release the stolen data on April 24, 2026, if the ransom is not paid. Minidoka Memorial Hospital is one of three victims currently listed on the darkweb data leak site.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

A Path of Care Home Health and Hospice, Oklahoma

A Path of Care Home Health and Hospice in Oklahoma has notified 3,849 individuals about a data breach at its business associate, Doctor Alliance. Doctor Alliance notified A Path of Care Home Health and Hospice on January 12, 2026, that it had been affected by the incident. A Path of Care Home Health and Hospice confirmed that the breach was limited to Doctor Alliance systems and that its own IT systems were unaffected.

The incident involved unauthorized access to documents containing patient information via a Doctor Alliance web portal between October 31, 2025, and November 17, 2025. The data compromised in the incident was limited to names, addresses, dates of birth, medical record numbers, dates of care, and diagnosis and treatment information. Doctor Alliance confirmed to A Path of Care Home Health and Hospice that several steps have been taken to improve security, including enhancing access controls, expanding monitoring capabilities, and strengthening detection, logging, and alerting measures. A Path of Care Home Health and Hospice has also taken steps to reduce the risk of similar incidents in the future, including conducting additional checks to ensure that medical record requests are coming from a verified source.

A Path of Care Home Health and Hospice is aware of claims that some of the information accessed by the unauthorized third party was further disclosed to other unauthorized individuals, although Doctor Alliance denied any knowledge of any further disclosures.

Team Select, Arizona

Team Select Holdings in Arizona and its affiliated entities were also affected by the data security incident at Doctor Alliance, although the breach was more limited, affecting 949 individuals. Team Select used the Doctor Alliance document management platform to facilitate physicians’ signatures on physician orders and notes. On January 11, 2026, Team Select was informed that it had been affected and that there had been unauthorized access to the platform between November 4, 2025, and November 6, 2025, and between November 14, 2025, and November 17, 2025.

Data compromised in the incident included names, Social Security numbers, dates of birth, addresses, phone numbers, gender information, medical record numbers, dates of care, Medicare or Medicaid IDs, diagnoses, medications, treatment information, physician information, and/or home health provider information. Team Select said it is reviewing its existing policies and procedures with its third-party vendors and working to evaluate additional measures that can be implemented to reduce the risk of similar incidents in the future.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist