Data breaches have been announced by Clinical Registry Solutions in New York, First Sight Family Vision in Washington, and VHC Health in Virginia. Clinical Registry Solutions, New York Clinical Registry Solutions, a Brooklyn, New York-based provider of clinical data abstraction and registry support services to healthcare providers, is notifying patients of Dignity Health’s St.
Mary’s Medical Center that some of their protected health information has potentially been compromised in an April 2026 cybersecurity incident. Suspicious activity was identified within its computer network on April 9, 2026. The forensic investigation identified unauthorized access to its computer network, and evidence was found indicating that files containing patient data were copied by the attackers.
The data review determined that patient names, procedure dates, and medical record numbers were involved; however, Social Security numbers and diagnosis and treatment information were not involved. Company data was also stolen in the attack. Clinical Registry Solutions has not identified any misuse of the impacted data; however, as a precaution, complimentary credit monitoring and identity theft protection services have been made available.
While not mentioned in the notification letters, the threat group behind the attack appears to be the Akira ransomware group. Akira claimed to have exfiltrated 41 GB of data, including employee information such as passports, Social Security numbers, and driver’s license numbers. First Sight Family Vision (Jason R Egbert OD PC) First Sight Family Vision, a Battle Ground, Washington-based optometry practice that used to operate under the name Jason R Egbert OD PC, has been affected by a data breach at vendor Networking Technology Inc, which does business as RXNT.
RXNT, a provider of cloud-based electronic prescribing, practice management, and electronic health records software to healthcare organizations, discovered unauthorized access to systems used by some of its customers on March 3, 2026. The forensic investigation confirmed unauthorized access between March 1, 2026, and March 3, 2026, during which time files containing patient information were potentially accessed or acquired.
Data potentially compromised in the incident include names, birth dates, contact information, patient ID’s, prescription information, and Social Security numbers. RXNT has offered the affected individuals complimentary credit monitoring and identity theft protection services. While it is unclear how many individuals have been affected in total, the breach was reported to the HHS’ Office for Civil Rights as involving the protected health information of 1,225 patients of Jason R Egbert OD PC.
VHC Health VHC Health, a healthcare provider serving patients in Northern Virginia and the Washington D. C. Metro area, has been affected by a cybersecurity incident at one of its vendors.
VHC Health contracted with a company called Xsolis, Inc. , which provides utilization management services to healthcare organizations. On January 22, 2026, Xsolis identified unauthorized access to parts of its environment as a result of a response to a phishing attempt on January 20, 2026.
The incident was contained, its environment was secured, and an investigation was launched to determine the impact of the incident. The investigation confirmed that files containing names, addresses, dates of birth, Social Security numbers, medical treatment information, and health insurance information were exposed. Xsolis has implemented additional security measures to protect against similar incidents in the future, and complimentary credit monitoring and identity theft protection services have been made available.
Notification letters started to be mailed to the affected individuals by Xsolis on April 23, 2026. At present, it is unclear how many VHC patients have been affected or how many individuals have been affected in total. The post Clinical Registry Solutions; Jason R Egbert OD PC; VNC Health Announce Data Breaches appeared first on The HIPAA Journal .
Originally published at hipaajournal.com
