Data Breach at New York Medical Imaging Provider Affects 138,000 Patients
Several data breaches have recently been reported to the HHS’ Office for Civil Rights and State Attorneys General that involved unauthorized access to individuals’ personal and protected health information. Affected HIPAA-regulated entities include University Diagnostic Medical Imaging, Newport Harbor Pathology Medical Group, and the Athens County Board of Developmental Disabilities.
University Diagnostic Medical Imaging
University Diagnostic Medical Imaging in New York is notifying 138,080 patients about a hacking incident that involved unauthorized access to its network for a short period on November 26, 2024. The unauthorized access was detected and blocked the same day, and a review was conducted to determine the types of information exposed and the individuals affected. That process has recently been completed and confirmed names, addresses, dates of birth, referring physician names, and medical diagnosis/treatment information have been exposed. University Diagnostic Medical Imaging said there is no reason to believe that any patient data has been or will be misused. Cybersecurity specialists have been retained to implement additional security protections to prevent similar breaches in the future.
Newport Harbor Pathology Medical Group
Newport Harbor Pathology Medical Group (NHPMG) in Newport Beach, California, has recently reported a hacking incident to the HHS’ Office for Civil Rights (OCR) using an interim figure of 501 affected individuals. The exact number of affected individuals has yet to be confirmed. NHPMG said unauthorized access to parts of its network was identified on November 11, 2024. The forensic investigation confirmed that the unauthorized access occurred between October 8, 2024, and November 11, 2024, and a threat actor potentially viewed or acquired the data of patients who received pathology services through the entities Orange County Medical Group Pathology, Mission Laguna Pathology Medical Group, and Barr Dermatopathology.
The types of information on the compromised parts of the network included names, dates of birth, addresses, diagnoses, pathology test results, medical record numbers, Social Security numbers, driver’s license numbers/other government ID numbers, and health insurance information. The unauthorized access was promptly blocked and security measures have been reviewed and enhanced to prevent similar incidents in the future. The file review is ongoing, and notification letters will be mailed to the affected individuals when that process is completed.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Athens County Board of Developmental Disabilities
The Athens County Board of Developmental Disabilities (ACBDD) in Athens, Ohio, has recently notified 3,100 individuals about a security breach detected on May 28, 2024, that potentially involved unauthorized access to personal and protected health information. An investigation was launched when ACBDD started experiencing technical issues with its server. Assisted by cyber counsel and independent IT forensics experts, ACBDD determined there had been unauthorized access to its systems between May 24 and May 25, 2024, during which time the threat actor exfiltrated personal and protected health information such as first and last names, telephone numbers, emergency contact numbers, email addresses, mailing addresses, dates of birth, medical diagnoses/conditions, bank account numbers, health insurance information, Medicaid numbers, driver’s license numbers, and Social Security numbers. Individual notification letters started to be mailed to the affected individuals on February 7, 2025. 12 months of complimentary single bureau credit monitoring services have been offered to individuals whose Social Security numbers were involved.
