1 min read

Innovative Renal Care reports major data breach

Lusanda Molefe Feb 20, 2025 10:31:09 AM

Healthcare cybersecurity news
Image of paper cut out of a kidney, held in someone's palm.

A Tennessee-based network of dialysis centers has disclosed a significant data breach that exposed sensitive patient information, including medical records and Social Security numbers.

 

What happened

Innovative Renal Care detected suspicious activity on its computer network on February 29, 2024. A forensic investigation revealed unauthorized access to their systems between February 21 and March 1, 2024, during which time attackers removed files from the network.

 

What's new

On February 17, 2025, the company provided a notice of the breach on its site and began sending notification letters to affected patients. The breach exposed comprehensive patient data, including medical diagnoses, prescription information, and financial details.

 

Why it matters

This breach is particularly concerning because it affects vulnerable patients receiving ongoing dialysis treatment. The comprehensive nature of the exposed data - combining medical, financial, and personal information - creates significant risks for patients. Criminals could use this information not only for financial fraud but also to potentially disrupt or exploit critical medical care. For dialysis patients who require regular life-sustaining treatments, any compromise of their medical or insurance information could have serious consequences.

 

The big picture

This breach affects one of the larger dialysis and kidney care providers in the country. Innovative Renal Care, headquartered in Nashville, Tennessee, employs approximately 500 people and generates an estimated $100 million in annual revenue, making this a significant breach in the healthcare sector.

 

Looking ahead

A class action lawsuit is being evaluated by Murphy Law Firm on behalf of affected individuals. The incident may lead to increased scrutiny of security measures at specialized healthcare providers, particularly those handling chronic care patients.

 

FAQs

What should affected patients do?

Monitor account statements, accept the offered credit monitoring services, and watch for suspicious activity related to medical claims or prescriptions.

 

How long was the system compromised?

The unauthorized access lasted approximately nine days, from February 21 to March 1, 2024.

 

Has any information been misused?

While no evidence of data misuse has been identified, the company is providing complimentary credit monitoring services as a precaution.

Download the HIPAA compliant email checklist

Download the HIPAA compliant email checklist
Image of woman sitting next to a stroller.

Baby product retailer Nuna reports data breach of 16,000 consumers

Lusanda Molefe : Feb 27, 2025 2:18:49 PM

Nuna Baby Essentials has disclosed a data breach that went undetected for nearly five months, potentially exposing sensitive information of more than...

Healthcare cybersecurity news
Read More
Image of a head with flowers coming out of it.

Cincinnati nonprofit Beech Acres exposes medical records of 19,315 individuals

Lusanda Molefe : Sep 9, 2025 7:20:31 AM

Beech Acres Parenting Center, a 175-year-old Cincinnati nonprofit providing mental health services and foster care support, has disclosed a data...

Healthcare cybersecurity news
Read More
Image of person inside of a pharmacy, using a tablet.

VectraRx Mail Pharmacy reports breach affecting over 109,000 patients

Lusanda Molefe : Feb 28, 2025 1:07:40 PM

VectraRx Mail Pharmacy Services has disclosed a data breach that exposed sensitive health information of 109,383 individuals, including prescription...

Healthcare cybersecurity news
Read More