Data breach Reports by Northeast Orthopedics and Sports Medicine, Orlando VA Medical Center, and Kids Care Dental & Orthodontics

177,000 Patients Affected by Northeast Orthopedics and Sports Medicine Breach

Northeast Orthopedics and Sports Medicine located in Nanuet, NY recently announced a cyberattack that affected 177,276 individuals and breached the protected health information (PHI) of 177,101 patients. The strange activity was noticed in its network on November 22, 2023. The investigation by third-party forensics experts confirmed on December 22, 2023 the unauthorized access to data on its system. The analysis of the breached files showed they contained names, dates of birth, driver’s license information, Social Security numbers, payment data, medical record details, health insurance data, and treatment and diagnosis details. Northeast Orthopedics and Sports Medicine has enforced more safeguards to stop similar incidents in the future and is reviewing its policies and procedures associated with data security. Breach notifications were sent on February 9, 2024.

PHI of 105,425 People Exposed at NewGen Administrative Services

Bold Quail Holdings, LLC, which does business as NewGen Administrative Services, has stated that the PHI of 105,425 persons has been exposed. Unauthorized server activity was noticed on September 13, 2023, and PHI may have been potentially accessed. The file evaluation revealed they included names, addresses, dates of birth, diagnosis/health conditions, lab results, prescription drugs, other treatment data, driver’s license and/or state identification numbers, Social Security numbers or other identifiers, claims details, credit card numbers, bank account numbers, and other financial data. The types of records exposed varied from individual to individual. The impacted people were informed on February 23, 2024, and were offered complimentary credit monitoring services for a year.

PHI of 10,059 Veterans Compromised at Orlando VA Medical Center

Orlando VA Medical Center based in Florida has uncovered a HIPAA breach impacting the PHI of 10,059 veterans. A former Orlando VA employee was found to have emailed files from their company email account to their email account on the last day of the employee’s work. The HIPAA violation was discovered on January 16, and the VA stated there was no evidence found that indicated the records were shared with any other persons. The records contained names, phone numbers, addresses, email addresses, and for a few individuals, birth dates and partial or complete Social Security numbers. Free credit monitoring services were provided to the 209 individuals because their Social Security numbers were included in the files.

Email Account Breach at Orthopedic Associates of Flower Mound

Orthopedic Associates of Flower Mound located in Texas is sending notifications to current and former patients concerning a breach of its email system. The breach was uncovered on or around September 8, 2023. Steps were quickly undertaken to prevent unauthorized access. Based on the forensic investigation, unauthorized access to a physician’s email account happened between July 7, 2023 and September 7, 2023. During that time, emails containing patients’ PHI were potentially viewed or copied. The provider completed the analysis of the email account on January 8, 2024, and sent notification letters to the affected people on March 6, 2024. The breached details included names, financial account and/or payment card numbers, Social Security numbers, and medical details. The incident report has been submitted to regulators, however, it is not yet posted on the HHS’ Office for Civil Rights website. It is still unclear how many people were impacted.

Kids Care Dental & Orthodontics Cyberattack

CDC Dental Management, Co., also called Kids Care Dental & Orthodontics based in Northern California, encountered a cyberattack on June 17, 2023, that interrupted access to a few of its systems. The forensic investigation mentioned that the attacker initially accessed its systems on June 15, 2023, and stole records from its systems. Third-party professionals reviewed the data files to know the types of information impacted, and that process was completed on February 29, 2024. The provider mailed breach notifications to the affected persons and provided free credit monitoring and identity protection services. The incident report was already sent to the regulators. However, the number of victims is not yet clear and the types of data involved. The specific information involved is mentioned in the individual notifications that have been mailed to the impacted persons.

887,000 Individuals Impacted by Eastern Radiologists, Inc. Data Breach

Eastern Radiologists, Inc. located in Greenville, NC recently alerted 886,746 people about the potential exposure of some of their PHI to unauthorized individuals in a cyberattack that was discovered on November 24, 2023. Investigation of the suspicious network activity by a third-party cybersecurity firm revealed unauthorized access to its system from November 20, 2023 to November 24, 2023. In that period, files on the system were viewed and stolen, some of which comprised patient data.

The investigation was finished on January 26, 2024, and confirmed the compromise of patient information including names plus one or more of these details: contact data, Social Security number, insurance details, examination and/or procedure data, referring doctor, diagnosis data and/or imaging data. Eastern Radiologists mentioned steps were taken to improve security and better safeguard patient data and network monitoring functions have been improved. Notification letters were mailed to the affected persons on March 4, 2024. Eastern Radiologists published a substitute breach notice on its website but did not mention credit monitoring and identity theft protection services.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at