25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

EMR Vendor Reports Breach of Patient Data

Posted By on Dec 31, 2024

Data breaches have been announced by the electronic medical record company PracticeSuite, California Correctional Health Care Services, College Hospital Costa Mesa, and Western Montana Mental Health Center.

PracticeSuite

PracticeSuite, Inc., a Tampa, FL-based practice management software provider and electronic medical record company, has announced that a hacker accessed a data file on one of its servers on or around October 11, 2024. When the intrusion was detected, prompt action was taken to prevent further unauthorized access, and an investigation was launched to determine the extent of the unauthorized activity. The server was used by PracticeSuite for storage, and the review confirmed that it contained a data file that included the electronic medical records of patients of Texas ENT Specialists. No other systems were accessed by the hackers as the server was isolated from other parts of the network.

The data review confirmed that the file contained names, dates of birth, social security numbers, addresses, diagnoses, clinical and treatment information, insurance details, and a limited amount of financial information. No address information was held for 190 individuals; however, all other individuals were mailed notification letters on November 15, 2024. The breach was reported to the Maine Attorney General as involving the personal information of 13,353 individuals, and the HHS’ Office for Civil Rights breach report indicates the protected health information of 13,000 individuals was involved. The affected individuals were patients of Texas ENT Specialists prior to March 19, 2024. PracticeSuite said it is taking steps to ensure similar incidents are prevented in the future.

California Correctional Health Care Services

California Correctional Health Care Services has discovered two boxes of documents have gone missing. The loss was identified on November 15, 2024, but is thought to have occurred on or around November 5, 2024. The boxes were last recorded as being handled by its courier service after leaving the mailroom and the exact location of those boxes is unknown. California Correctional Health Care Services, its courier services, and other involved parties have been attempting to locate the boxes and the matter will be escalated to law enforcement if the boxes cannot be located. The boxes contained the names, medical, and dental information of 1,416 individuals.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

College Hospital Costa Mesa

College Hospital Costa Mesa in California experienced a cyberattack on or around September 17, 2024, that disrupted certain IT systems. Assisted by third-party digital forensics experts, the hospital determined that a threat actor had access to its systems from August 14, 2024, to September 17, 2024, and during that time, files containing patient data may have been copied. The review of the files confirmed they contained patients’ names, Social Security numbers, dates of birth, date of services, diagnosis, and other information that could indicate they received services at College Hospital Costa Mesa.

Fortunately, the systems accessed by the hackers only contained a limited amount of patient data, with only 591 patients affected. Individuals whose Social Security numbers were involved have been offered complimentary identity monitoring services. College Hospital Costa Mesa said additional safeguards and technical security measures have been implemented to prevent similar incidents in the future.

Western Montana Mental Health Center

Western Montana Mental Health Center has warned patients about a network security incident discovered in mid-September. The investigation of the incident is ongoing but it has been determined that its electronic medical record system was not accessed. Other parts of the network contained files that included patient data, and those files are still being reviewed. Western Montana Mental Health Center has not yet disclosed how many individuals have been affected. The HHS’ Office for Civil Rights has been provided with an interim figure of 500 affected individuals. The breach report will be updated when the investigation concludes and notification letters will be mailed to the affected patients.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist