The Chicago, IL-based Catholic health system CommonSpirit Health has announced that it has been affected by a security incident at a vendor of one of its business associates.  The healthcare consulting company Pinnacle Holdings Ltd experienced network disruption on November 25, 2024, as a result of a ransomware attack. The ransomware group had access to Pinnacle’s network from November 11, 2024, to November 25, 2024. During that time, files were exfiltrated from Pinnacle’s network.

Pinnacle was a vendor of CommonSpirit Health’s vendor, NorthGauge Healthcare Advisors. In a breach notice issued to the Washington Attorney General on behalf of CommonSpirit Health, NorthGauge explained that Pinnacle immediately isolated its network when the attack was detected and has since implemented additional security measures to prevent similar incidents in the future. NorthGauge explained that Pinnacle had strict policies and procedures in place concerning data retention and data destruction, which limited the amount of data compromised in the incident.

Pinnacle engaged a third-party vendor to review the exposed data, and in November 2025 – a year after the attack – Pinnacle notified NorthGauge about the incident. NorthGuage said it did not receive confirmation about the identities of the affected individuals until January 30, 2026, and notified CommonSpirit Health about the affected Washington residents on February 2, 2026. NorthGauge said individual notification letters will be mailed to the affected Washington residents as soon as up-to-date contact information has been obtained. Those individuals are being offered complimentary credit monitoring and identity theft protection services.

The breach notice does not state the types of data compromised in the incident; however, they are stated in the individual notification letters to the affected individuals. According to the Washington Attorney General, the breach affected 19,027 Washington residents. The incident is not currently listed on the HHS’ Office for Civil Rights website, so it is unclear if individuals in other states have also been affected.

The post CommonSpirit Health Patients Affected by Vendor Data Breach appeared first on The HIPAA Journal.

Meadowlark Hills retirement community in Kansas and MedPeds Associates of Sarasota in Florida have announced data breaches. The Beast ransomware group has claimed responsibility for both attacks.

Manhattan Retirement Foundation (Meadowlark Hills), Kansas

Manhattan Retirement Foundation, doing business as Meadowlark Hills, has reported a breach of the protected health information of 14,442 individuals to the HHS’ Office for Civil Rights. The Manhattan, KS-based non-profit retirement community and skilled nursing facility explained that unauthorized access to its network was identified on or around July 21, 2025. The forensic investigation determined that there had been unauthorized network access between July 12, 2025, and July 21, 2025. During that time, files containing personal and protected health information were exfiltrated from its network.

The review of the files on the compromised parts of its network was completed on January 28, 2026, when it was confirmed that the following data elements were involved: name, date of birth, Social Security number, Driver’s license number/state identification number, other government identifiers, financial account information, credit/debit card information, health insurance information, and medical information.

Written notification letters were mailed to affected individuals in late February, and complimentary single-bureau credit monitoring and identity theft protection services have been made available to individuals whose Social Security numbers were involved. The Beast threat group claimed responsibility for the attack and claims to have exfiltrated 750 GB of data.

MedPeds Associates of Sarasota

MedPeds Associates of Sarasota, an internal and pediatric medicine practice in Florida, is notifying 21,430 individuals about a data breach involving their personal and protected health information. According to the notification letters, MedPeds identified unauthorized access to its computer network on September 2, 2025, when ransomware was used to encrypt files.

MedPeds said some patient data was subject to unauthorized access during the attack. The affected files have been reviewed and found to contain names, birth dates, addresses, phone numbers, and patient medical records. The FBI was notified about the intrusion, and the practice has been working with the FBI’s cybersecurity department and has implemented additional safeguards and security measures to prevent similar incidents in the future.

No evidence has been found to indicate any misuse of the impacted data; however, as a precaution, the affected individuals have been offered complimentary credit monitoring and identity theft protection services. While the name of the group was not disclosed by MedPeds, the Beast ransomware group claimed responsibility for the attack. The group claimed to have exfiltrated 400 GB of data and added MedPeds to its data leak site; however, the data allegedly stolen in the attack does not appear to have been published at the time of writing.

The post Ransomware Group Claims Attacks on Meadowlark Hills Retirement Community & MedPeds appeared first on The HIPAA Journal.

A data breach has been announced by Tieu Dental Corporation in California. The Children’s Council of San Francisco has determined that more than 12,650 individuals have been affected by a ransomware attack.

Tieu Dental Corporation

Tieu Dental Corporation, a California-based provider of oral and maxillofacial surgery services, started has notifying patients about unauthorized access to its computer network last summer. The intrusion was identified on or around July 29, 2025, and the forensic investigation confirmed that an unauthorized third party accessed its network between July 28 and July 29, 2025.

The compromised parts of its network were reviewed, and on January 11, 2026, Tieu Dental confirmed that the compromised files included patient data such as names, dates of birth, Social Security numbers, medical records, treatment plans, prescription information, and health insurance information. Tieu Dental has not identified any misuse of patient data as a result of the incident; however, out of an abundance of caution, the affected individuals have been offered complimentary credit monitoring and identity theft protection services. No known threat group has publicly claimed responsibility for the incident.

While regulators have been notified, the incident is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.

Children’s Council of San Francisco

Children’s Council of San Francisco (CCSF), a nonprofit childcare resource and referral agency, has notified regulators about a data breach impacting 12,655 individuals. CCSF identified a security breach on August 3, 2025, that caused network disruption. Assisted by third-party cybersecurity experts, CCSF secured its network, investigated the incident, and determined that an unknown hacker gained access to its network on August 1, 2025, and acquired certain data. The SafePay ransomware group claimed responsibility for the attack.

The file review was completed on or around February 23, 2026, when it was confirmed that names and Social Security numbers were present in the acquired files. Notification letters were mailed to the affected individuals on March 2, 2026, and complimentary single-bureau credit monitoring and identity theft protection services have been offered.  CCSF notified the Federal Bureau of Investigation about the incident and has implemented measures to harden security and reduce the risk of similar incidents in the future.

The post California Dental Care Provider Announces Data Breach appeared first on The HIPAA Journal.