Two women’s healthcare providers have announced data privacy incidents. Women’s Wellness of Southern Delaware recently learned about unauthorized retention of patient data by a former provider of aesthetic services, and Women’s Center for Radiology has identified a hacking incident. Women’s Wellness of Southern Delaware Women’s Wellness of Southern Delaware, a Lewes, DE-based provider of obstetrics, gynecology, and facial aesthetic services, has recently learned that a former provider who rendered aesthetic services for the practice retained the protected health information of patients after engagement with the practice had terminated.
Women’s Wellness of Southern Delaware was made aware of the data retention on April 28, 2026. The provider retained patients’ contact information and other patient-related information and is believed to have contacted certain patients to offer similar services at a new practice. The information retained relates to certain recipients of aesthetic services and clinical services patients.
For the aesthetic services patients, the information included their name, birth date, gender, email address, physical address, phone number, allergies, medications, supplements, and information related to the services received, which may include photographs, intake records, aesthetics-related medical history, face maps, dates of services and purchases, and descriptions of services or items purchased.
For the clinical services recipients, the impacted data included name, phone number, dates of purchases, and descriptions of the items/medications purchased. The former provider did not have access to electronic medical records. Women’s Wellness of Southern Delaware said it is in communication with the former provider and is seeking to obtain assurances that the data is returned or destroyed, and steps have been taken to enhance its data privacy and security measures to prevent similar incidents in the future.
The incident is not currently shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected. Women’s Center for Radiology Women’s Center for Radiology, a provider of medical imaging services at three locations in Orlando, Florida, has identified unauthorized access to parts of its network containing patient data.
The unauthorized access was identified on or around April 28, 2026, and the forensic investigation determined that an unauthorized third party gained access to a limited part of its computer network. Files containing patient information were viewed or downloaded by the unauthorized third party. Assisted by third-party specialists, Women’s Center for Radiology determined that the exposed files contained patient information such as names, addresses, dates of birth, contact information, diagnosis or condition, lab results, treating physician, medical record number, health insurance information, and driver’s license numbers.
Women’s Center for Radiology has started notifying the affected individuals, who have been offered complimentary credit monitoring and identity theft protection services. Women’s Center for Radiology is reviewing its policies, procedures, and protocols related to data privacy and security. Regulators have been notified about the incident; however, the number of affected individuals has not yet been publicly disclosed.
The post Delaware & Florida Women’s Health Centers Announce Data Breaches appeared first on The HIPAA Journal .
Originally published at hipaajournal.com