Data breach Reports by NewGen Administrative Services, Orthopedic Associates of Flower Mound, and Eastern Radiologists, Inc.

177,000 Patients Affected by Northeast Orthopedics and Sports Medicine Breach

Northeast Orthopedics and Sports Medicine based in Nanuet, NY recently reported a cyberattack that impacted 177,276 people and compromised the protected health information (PHI) of 177,101 individuals. Abnormal activity was found in its system on November 22, 2023. The investigation by third-party forensics experts confirmed on December 22, 2023 the unauthorized access to information on its network. The evaluation of the impacted files confirmed they enclosed names, dates of birth, driver’s license information, Social Security numbers, payment details, medical record details, medical insurance data, and treatment and diagnosis data. Northeast Orthopedics and Sports Medicine has carried out extra safety measures to avoid the same occurrences later on and is going over its guidelines and procedures linked to data safety. Breach notifications were sent by mail on February 9, 2024.

PHI of 105,425 Individuals Exposed at NewGen Administrative Services

Bold Quail Holdings, LLC, which is also known as NewGen Administrative Services, has affirmed that the PHI of 105,425 persons was popped. Unauthorized server activity was observed on September 13, 2023, and PHI might have been likely accessed. The file evaluation affirmed they included names, birth dates, addresses diagnosis/medical conditions, laboratory results, medicines, other treatment details, driver’s license and/or state ID numbers, Social Security numbers or other identifiers, claims data, bank account numbers, credit card numbers, and other financial details. The types of data compromised differed from one person to another. The affected people were informed on February 23, 2024, and were offered complimentary credit monitoring services for one year.

PHI of 10,059 individuals Compromised at Orlando VA Medical Center

Orlando VA Medical Center based in Florida has identified a HIPAA breach affecting the PHI of 10,059 veterans. An ex-Orlando VA worker was learned to have sent records from their work email account to their email account on the last day of the worker’s work. The HIPAA violation was seen on January 16, and the VA stated that no information suggests the exposure of files to any other persons. The records included names, telephone numbers, addresses, email addresses, and for several persons, birth dates and partial or full Social Security numbers. Free credit monitoring services were given to the 209 individuals who had their Social Security numbers bundled with the records.

Orthopedic Associates of Flower Mound Email Account Breach

Orthopedic Associates of Flower Mound located in Texas is informing present and past patients regarding an email system breach. The incident was discovered on or about September 8, 2023. Safety measures were promptly undertaken to stop the unauthorized access. As per the forensic investigation, unauthorized access to a physician’s email account occurred between July 7, 2023 and September 7, 2023. At that time, emails that contained patients’ PHI were possibly accessed or stolen. The provider finished the analysis of the email account on January 8, 2024, and mailed notification letters to the impacted people on March 6, 2024. The data compromised contained names, payment card and/or financial account numbers, Social Security numbers, and health details. The breach report was submitted to regulators, nevertheless, it is not yet posted on the HHS’ Office for Civil Rights site. It is still uncertain how many people have been affected.

Cyberattack on Kids Care Dental & Orthodontics

CDC Dental Management, Co., also known as Kids Care Dental & Orthodontics based in Northern California, suffered a cyberattack on June 17, 2023, that blocked access to part of its systems. The forensic investigation stated that a threat actor initially accessed its systems on June 15, 2023, and extracted data files from its systems. Third-party professionals checked the records to find out the types of data affected, and that procedure was accomplished on February 29, 2024. The provider sent breach notifications to the impacted persons and provided free credit monitoring and identity protection services. The incident report was already sent to the government bodies. Nevertheless, the number of affected individuals or the types of information affected is not yet certain. The particular data involved is specified in the individual notices that were mailed to the affected individuals.

887,000 People Impacted by Eastern Radiologists, Inc. Data Breach

Eastern Radiologists, Inc. located in Greenville, NC recently alerted 886,746 people about the probable exposure of some of their PHI to unauthorized persons in a cyberattack that was noticed on November 24, 2023. Investigation of the strange system activity by a third-party cybersecurity company revealed unauthorized access to its network from November 20, 2023 to November 24, 2023. Throughout that period, files on the system were viewed and copied, some of which comprised patient details.

The investigation was concluded on January 26, 2024, and affirmed the compromise of patient data including names and at least one of these data: contact data, Social Security number, insurance details, test and/or procedure details, referring doctor, diagnosis data and/or imaging data. Eastern Radiologists mentioned steps were undertaken to enhance security and better secure patient information and system tracking functionality has been upgraded. Notification letters were sent by mail to the impacted persons on March 4, 2024. Eastern Radiologists published a substitute breach notice on its website but did not talk about identity theft protection and credit monitoring services.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at