Onsite Mammography Email Breach Affects 357,000 Patients
Data breaches have been announced by Onsite Mammography in Massachusetts, Bell Ambulance in Wisconsin, Kelly & Associates Insurance Group in Maryland, and Cabot Medical Care & Jacksonville Medical Care in Arkansas.
Onsite Mammography
Onsite Mammography, a Westfield, MA-based provider of medical imaging services to hospitals across the United States, has announced a security incident involving the protected health information of 357,265 individuals. Suspicious activity was identified in an employee’s email account in October 2024. The email account was immediately secured, and a forensic investigation was initiated to determine the nature and scope of the unauthorized activity.
Third-party digital forensics experts confirmed that there had been unauthorized access to a single email account for “a brief window of time.” A data analytics vendor was engaged to review the account to determine the individuals affected and the types of information in the account. The review concluded on February 21, 2025, and confirmed that health-related information had been exposed. Additional security measures have been implemented to prevent similar incidents in the future, and the affected individuals have been offered complimentary credit monitoring and identity theft protection services.
Kelly & Associates Insurance Group
Kelly & Associates Insurance Group, a Sparks, Maryland-based employee benefits administrator that does business as Kelly Benefits, recently announced a data breach. Initially reported as affecting 32,234 individuals, the victim count has now been increased to 263,893 individuals as more of its clients have been confirmed as affected. Suspicious activity was identified within its network on or around December 17, 2024, and assisted by third-party digital forensics specialists, Kelly & Associates confirmed there had been unauthorized access to its network between December 12, 2024, and December 17, 2024. During that time, files were copied from its network. The file review has recently been completed, and it has been confirmed that the copied files contained names plus one or more of the following: Social Security number, tax ID number, date of birth, medical information, health insurance information, and financial account information.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Notification letters are being sent by Kelly & Associates on behalf of the following companies:
- Allergis
- Amergis
- Beam Benefits
- Beltway Companies, LLC
- CareFirst BlueCross BlueShield
- Intercon Truck of Baltimore, Inc.
- Maxim Healthcare Services, Inc.
- Populus
- Publishers Circulation Fulfilment, Inc.
- Quantum Real Estate Management, LLC
- The Guardian Life Insurance Company of America
- Transforming Lives Inc.
- University of Maryland Medical System
- Young Life
Since publication, the victim count has increased to more than 413,000. You can view updated information on the data breach on this link.
Bell Ambulance
Bell Ambulance Inc. in Milwaukee, Wisconsin, has announced a data breach affecting up to 114,000 patients. Unauthorized network activity was detected on February 13, 2025, and third-party cybersecurity experts were engaged to assist with the investigation. The investigation is ongoing, but it has been confirmed that the compromised parts of its network contained patient names, birth dates, Social Security numbers, driver’s license numbers, financial account information, medical information, and health insurance information. At the time of issuing notifications, Bell Ambulance had not identified any evidence to suggest patient information had been misused; however, the affected individuals have been advised to remain vigilant against incidents of identity theft and fraud by reviewing their credit reports, account statements, and Explanation of Benefits statements.
Update: Bell Ambulance completed its file review in February 2026 and confirmed that 237,830 individuals have been affected.
Cabot Medical Care & Jacksonville Medical Care
Cabot Medical Care & Jacksonville Medical Care in Arkansas have recently announced a security incident affecting 27,729 individuals. Network disruption was experienced on January 26, 2025, and cybersecurity experts were engaged to investigate the activity. On February 3, 2025, the investigation confirmed unauthorized access to its network between January 25, 2025, and January 26, 2025. During that time, patient data may have been viewed or acquired.
The file review has recently been completed, and individual notification letters were mailed on April 9, 2025. The information compromised in the incident includes names, dates of birth, diagnosis and treatment information, other health-related information, and Social Security numbers. No evidence was found to suggest any unauthorized access to the electronic medical record system. The breach has been reported to the HHS Office for Civil Rights as affecting 21,467 Cabot Medical Care patients and 6,262 Jacksonville Medical Care patients.
