Multiple healthcare organizations in the United States have recently disclosed data breaches, highlighting ongoing cybersecurity and data handling challenges across the sector. Incidents involving DermCare Management, Aetna, and Option Care Health reveal a mix of cyber intrusions and operational errors that exposed sensitive patient information.
DermCare Management, a Florida-based provider of practice management services for dermatology clinics, confirmed a 2025 hacking incident involving unauthorized access to its network. Suspicious activity was first detected on February 26, 2025, and a subsequent investigation revealed that attackers had accessed its systems between February 14 and February 26, 2025. During this period, sensitive patient data was either accessed or acquired.
Following a detailed forensic investigation, DermCare Management determined that the compromised information included names, Social Security numbers, driver’s license details, financial account information, credit and debit card data, and medical records. Due to the complexity of the data review process, it took until March 2026 to identify affected individuals and issue notification letters. The organization has since informed impacted individuals and is offering complimentary credit monitoring and identity restoration services. Regulatory authorities have also been notified, although the total number of affected individuals has not yet been publicly disclosed.
In a separate disclosure, Aetna, the Connecticut-based health insurance provider owned by CVS Health, reported two data breach incidents affecting a total of 11,663 individuals. Unlike DermCare’s cyberattack, Aetna’s incidents were the result of third-party mailing errors rather than unauthorized system access.
According to CVS Health, the issue stemmed from letters sent on behalf of two health plans, where some mailings inadvertently included the name of another individual not associated with the recipient’s plan. While the exposed data was described as minimal, the incidents were classified as unauthorized disclosures. Aetna has implemented additional safeguards to prevent similar errors and is providing affected individuals with credit monitoring and identity protection services.
Meanwhile, Option Care Health, a New York-based provider of home infusion services, reported unauthorized access to an employee’s email account. The breach was detected on February 9, 2026, with investigators confirming that the account had been accessed without authorization between February 6 and February 9, 2026.
The compromised email account contained sensitive patient information, including names, dates of birth, medical record numbers, and treatment details. Option Care Health has since reviewed its security protocols and implemented measures to strengthen its defenses against similar incidents. The breach has been reported to regulators, although the number of affected individuals has not yet been disclosed.
These incidents underscore the diverse nature of data breach risks in the healthcare industry, ranging from sophisticated cyberattacks to human and operational errors. As healthcare organizations continue to handle large volumes of sensitive patient data, strengthening both cybersecurity infrastructure and operational safeguards remains critical to protecting patient privacy and maintaining trust.
Recommended Cyber Technology News :
- Data Breaches Hit ProxyCare, Oscar Health, AccentCare
- CERT-EU: Trivy Attack Breaches EU Commission AWS Data
- 64 Percent of Consumers Cite Data Breaches as Top Privacy Concern
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
