McElroy & Associates, Inc.
May 28, 2025
•[ data leak, unauthorized access, HIPAA ]
McElroy & Associates, Inc., a professional services firm operating as a HIPAA-covered healthcare business associate, disclosed unauthorized access to an employee email account occurring between May 28 and May 30, 2025. A forensic investigation determined that personal and protected health information may have been exposed. The company notified affected individuals and regulators; no operational disruption was publicly reported.
Middlesex Sheriff's Office
January 1, 2025
•[ data breach, protected health information, HIPAA ]
The Middlesex Sheriffs Office reported that a security breach occurred in January 2025 and that a comprehensive investigation (with state/federal law enforcement and private cybersecurity vendors) determined on November 19, 2025 that the incident involved unauthorized access to protected health information. The exposed PHI may have included names, home addresses, dates of birth, diagnoses, and other general health information related to individuals who may have received medical care through the Sheriffs Office. Public reporting indicated the breach represented a HIPAA-related incident; the organization did not specify the number of affected individuals in the public notice and did not disclose the initial access vector or whether any data was exfiltrated beyond unauthorized viewing/access.
