25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

ProxyCare; Oscar Health; AccentCare Announce Data Breaches

Posted By on Apr 7, 2026

Data incidents have recently been announced by ProxyCare in Florida, Oscar Health in New York, and AccentCare in Texas.

ProxyCare, Florida

ProxyCare LLC, a Sunrise, Florida-based provider of personalized pharmacy services, has started mailing notification letters to individuals impacted by an August 2025 cybersecurity incident. The company learned on August 22, 2025, that certain computer systems within its network environment had been affected by a cybersecurity incident. Third-party cybersecurity professionals were engaged to determine the nature and scope of the incident, and whether, and to what extent, patient information had been compromised.

The investigation confirmed that patient data had been exposed, and following a comprehensive manual document review, ProxyCare determined on January 29, 2026, that files accessed or acquired by an unauthorized third party in the incident included names, dates of birth, Social Security numbers, and driver’s license numbers. Notification letters were mailed to the affected individuals on March 23, 2026, and individuals whose Social Security numbers were involved have been offered complimentary credit monitoring and identity theft protection services.

Based on notifications to state attorneys general, around 150 individuals in Massachusetts and New Hampshire have been affected, but it is currently unclear how many individuals have been affected in total, as the incident has yet to be added to the HHS’ Office for Civil Rights breach portal.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Oscar Health, New York

Oscar Health, Inc., a New York-based health insurance company, has recently disclosed a data privacy incident that resulted in the unauthorized disclosure of a limited amount of member information. On December 31, 2025, Oscar Health learned that member identification cards and other enrollment information related to 2026 health insurance coverage were inadvertently mailed to old and potentially incorrect member addresses.

When the error was identified, immediate action was taken to prevent similar mis-mailing incidents, and an investigation was launched to determine the scope of the event. All individuals potentially affected were identified, and notification letters have now been sent to individuals for whom correct address information could be found, warning them that their name, health insurance policy number, and health insurance plan information were potentially impermissibly disclosed.

Oscar Health confirmed that highly sensitive information such as Social Security numbers, government identification numbers, and financial information was not involved, and there has been no known misuse of the disclosed information. The data breach notice was issued individually and on behalf of its affiliated covered entities, including Oscar Health Plan, Inc., Oscar Insurance Company of Florida, and Oscar Health Plan of Georgia. The incident affected up to 91,350 individuals.

AccentCare, Texas

AccentCare, a Texas-based provider of home health, palliative, and hospice services, has been affected by a data breach at its billing service vendor, Doctor Alliance. The protected health information of 19,772 individuals was potentially compromised in the incident. Doctor Alliance determined on November 16, 2025, that an unauthorized third party had accessed a web application. The forensic investigation determined that the threat actor had access to the application between October 31, 2025, and November 16, 2025, and accessed or exfiltrated files containing patient information.

Data compromised in the incident included names, Social Security numbers, medical record numbers, Medicare numbers, diagnosis/treatment information, provider information, and medical/health information. AccentCare said there was no unauthorized access to its own systems, and no impact to the care provided to its patients. AccentCare is monitoring Doctor Alliance’s response to the incident and its continued role as a service provider.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist