New Jersey Medical Groups Warn Patients About Data Breach
Two New Jersey medical groups have notified patients that their data may have been compromised in a recent security incident. Family & Community Services in Ohio is investigating a cyberattack that exposed patient data.
Passaic Hospitalist Services/ Passaic River Physicians, New Jersey
Legal counsel for two New Jersey medical groups has notified patients of the medical groups Passaic Hospitalist Services and Passaic River Physicians that some of their protected health information has potentially been stolen in a recent data security incident.
Suspicious activity was identified within its computer systems, and an investigation was launched to determine the cause of the activity, which revealed unauthorized access and acquisition of files from certain systems between May 22 and May 23, 2025. A review was conducted of all files on the compromised parts of the network, and it was determined on September 11, 2025, that protected health information was involved, including names, dates of birth, addresses, diagnosis information, provider names, dates of service, treatment information, and/or health insurance information.
Notification letters are now being mailed to the affected individuals. The incident is not yet shown on the HHS’ Office for Civil Rights website, so it is currently unclear how many individuals have been affected.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Update: The business associate involved was ApolloMD, and the data breach affected multiple physician practices.
Family & Community Services, Ohio
Family & Community Services Inc., a social services organization in Ravenna, Ohio, has recently written to its clients to inform them about the potential theft of some of their personal data. On May 22, 2025, Family & Community Services identified activity within its computer systems indicative of unauthorized access. Third-party cybersecurity experts were engaged to investigate the activity and confirmed unauthorized access to its computer systems.
The investigation and data review are ongoing, and Family & Community Services has not yet determined the number of individuals affected or the exact types of data involved. Notification letters will be mailed to the affected individuals when the file review is completed. The letters will detail the types of data involved. In the meantime, clients have been advised to remain vigilant against incidents of identity theft and fraud. Family & Community Services said it restored operations in a safe and secure manner, and steps have been taken to enhance security. Those measures include hardening remote entry points, which indicates the likely initial access vector in the incident. Steps have also been taken to strengthen access controls.
