Rhode Island Human Services Agency Announces 114K-Record Data Breach
Cyberattacks have recently been announced by Community Care Alliance in Rhode Island, Central Texas Pediatric Orthopedics, and Whitman Hospital and Medical Clinics in Washington. At least 204,000 individuals have had their personal and health data exposed.
Community Care Alliance
A major data breach has been announced by the Woonsocket, Rhode Island-based human services agency Community Care Alliance. A security incident was identified on July 6, 2024, when network disruption was experienced. Third-party cybersecurity experts were engaged to investigate the cause of the activity, and it was confirmed that an unauthorized third party had access to its network from July 1, 2024, to July 5, 2024. While ransomware was not mentioned in the breach notice, it appears to have been an attack by the Rhysida ransomware group, which has added Community Care Alliance to its data leak site. Rhysida claims to have exfiltrated a 2.5 terabyte SQL database in the attack, which included data such as names, contact information, and Social Security numbers.
Community Care Alliance conducted a file review to determine the types of information stored on the compromised parts of the network, and it was confirmed on January 8, 2025, that sensitive data had been exposed and potentially stolen. The types of information involved included first and last names, addresses, birth dates, driver’s license numbers, Social Security numbers, diagnosis and condition information, lab test results, medications and other treatment information, patient ID numbers, provider names, and health insurance information. Since that date, Community Care Alliance has been obtaining up-to-date contact information to allow individual notification letters to be mailed.
Steps have already been taken to improve security, including implementing additional technical safeguards, and the affected individuals have been offered 12 months of complimentary credit monitoring services. The HHS’ Office for Civil Rights breach portal indicates 114,975 individuals have been affected.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Central Texas Pediatric Orthopedics
The Austin, Texas-based healthcare provider, Central Texas Pediatric Orthopedics, has recently notified the Texas Attorney General about a security incident involving unauthorized access to the personal and healthcare information of up to 90,000 Texas residents. Third-party cybersecurity experts have been engaged to investigate the breach and the investigation is ongoing; however, it has been determined that a threat actor had access to systems that contained information such as names, dates of birth, medical information, health insurance information, and government issued ID numbers, and exfiltrated files from the network. The Texas Attorney General was notified about the incident on March 6, 2025; however, individual notification letters have yet to be mailed.
It is currently unclear when the cyberattack occurred or when it was first detected, but this appears to have been an attack by the Qilin ransomware group, which added Central Texas Pediatric Orthopedics to its dark web data leak site on February 25, 2025. The listing indicates 3,269 files (42 GB) were exfiltrated, a sample of which has been added to the listing. Qilin has also recently claimed responsibility for attacks on Lake Washington Vascular and Andover Family Medicine in Kansas. As of today, neither entity has publicly announced a cyberattack or data breach.
Whitman Hospital and Medical Clinics
Whitman Hospital and Medical Clinics in Colfax, Washington, has warned patients about potential disruption to medical services due to a recent cyberattack. The hospital made its first announcement on February 28, 2025, when it was discovered that an unknown attacker had infiltrated its electronic systems. Internal computer systems were taken offline for containment purposes and to prevent further unauthorized access, and an investigation has been launched to establish the nature and scope of the unauthorized activity.
In a March 4, 2025, update, the hospital said its systems were still down, but progress was being made resolving all related IT issues. In a March 7, 2025, update, the hospital said it expects to return to normal operations by the end of the week commencing March 10, 2025. While the attack has resulted in delays to certain services, the hospital has remained operational throughout and has continued to provide medical services. It has yet to be determined to what extent, if any, patient data was involved as the investigation is still in the early stages. If patient data has been compromised, notifications will be mailed to the affected individuals.
