Tri-City Cardiology Consultants & Northeast Georgia Health System Announce 21K+ Record Data Breaches
Data breaches have been announced by Tri-City Cardiology Consultants in Arizona, Northeast Georgia Health System, Family Christian Health Center in Illinois, and Primary Health Care in Iowa.
Tri-City Cardiology Consultants, Arizona
Tri-City Cardiology Consultants, a cardiology medical group based in Phoenix, Arizona, has warned 22,753 patients about an attempted infiltration of its computer network. The security breach was identified on or around April 6, 2025, and immediate action was taken to secure its network and prevent further unauthorized access. While no evidence was found that suggested its network was accessed specifically to obtain patient data, it is possible that an unauthorized third party viewed or obtained names, health insurance information, and protected health information. The types of data involved varied from individual to individual.
Tri-City Cardiology Consultants confirmed that Social Security numbers were not compromised in the incident; however, out of an abundance of caution, the affected individuals have been offered complimentary credit monitoring and identity theft protection services, and patients have been advised to take advantage of those services.
Northeast Georgia Health System, Georgia
Northeast Georgia Health System (NGH), a not-for-profit community health system with five hospital campuses in Gainesville, Barrow, Braselton, Lumpkin, and Habersham in Georgia, has notified 21,000 patients about a security incident at one of its vendors. Like many other healthcare providers, NGH contracted with Nationwide Recovery Service (NRS) to recover unpaid medical bills.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
An unauthorized individual gained access to the debt collection agency’s network between July 5, 2024, and July 11, 2024, with the incident resulting in a network outage. The forensic investigation confirmed that an unauthorized third party copied certain files and folders from its systems. The document review was completed on February 3, 2025, and confirmed that the breach was limited to names and mailing addresses.
NRS has reviewed its security policies and implemented additional measures to prevent similar breaches in the future. Due to the nature of the compromised data, the risk to patients is believed to be low. As a precaution, NGH recommends patients remain vigilant against incidents of identity theft and fraud by regularly reviewing their account statements, explanation of benefits, and medical bills.
Family Christian Health Center, Illinois
Family Christian Health Center, a healthcare provider with locations in Harvey, Lynwood, and Dolton in Illinois, has experienced a security incident that may have resulted in unauthorized access to the electronic protected health information of up to 12,500 individuals. Unauthorized network activity was detected on February 26, 2025, and after securing its systems, an investigation was launched with assistance provided by third-party cybersecurity experts.
The investigation confirmed there had been unauthorized access to its network between February 23 and February 25, 2025. During that time, patient data was potentially copied from its network. The incident caused some disruption to operations, although care continued to be provided to patients, and normal operations have now resumed. The file review confirmed that the exposed data included names, addresses, dates of birth, Social Security numbers, driver’s license numbers, health insurance information, and medical information. Family Christian Health Center said a number of cybersecurity enhancements have been implemented, including additional endpoint detection and response software.
Primary Health Care, Iowa
Primary Health Care, Inc. in Iowa has discovered an impermissible disclosure of the protected health information of 787 patients. An employee inadvertently emailed the data to an individual who was unauthorized to view that information. The emailed data included patient names, client/patient numbers, and health insurance information. The privacy violation was identified on March 7, 2025, and notification letters were mailed to the affected individuals on May 6, 2025. During those two months, Primary Health Care found no evidence to suggest any of the disclosed information had been misused. Primary Health Care said it took every measure to rectify the privacy violation and has received assurances that the misdirected email was deleted and was not further disclosed to any other individual.
