Strauss Borrelli PLLC, a leading data breach law firm, is investigating Ruffolo, Hooper & Associates, MD, PA (“RHA”) regarding its recent cybersecurity incident. The RHA cybersecurity incident involved sensitive personal information and protected health information belonging to an undetermined number of individuals.
ABOUT ALERA GROUP, INCABOUT RUFFOLO, HOOPER & ASSOCIATES, MD, PA:
RHA is medical practice based in Florida. Focusing on comprehensive anatomic and clinical pathology services, RHA is physician-owned.2 All of RHA’s pathologists are board certified and serve as laboratory medical directors and staff pathologists at hospitals, ambulatory surgery centers, independent laboratories, and other patient care centers.2 RHA is a client of Physicians Independent Management Services(‘PIMS’), which handles RHA’s turn-key billing and practice management.1,3 Headquartered in Tampa, Florida, RHA has a plethora of locations in the state.
WHAT HAPPENED?
Recently, RHA announced that one of PIMS’ third-party vendors had experienced a data breach in which sensitive personal identifiable information and protected health information in RHA’s care may have been compromised. According to the breach notice, in July 2024, PIMS’ third-party vendor, Nationwide Recovery Service (“NRS”), became aware of a cybersecurity issue involving its network environment.1 As a result, NRS launched an investigation to determine the nature of the incident.
Through its investigation, NRS confirmed that sensitive personal information in its systems belonging to RHA patients may have been viewed and obtained by an unauthorized third party between July 5 and July 11, 2024. As a result, RHA began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Date of birth
- Gender
- Date of service
- Insurance carrier name
- Insurance policy number
On May 21, 2025, RHA posted a notice of the incident on its website. Additionally, on May 19, 2025, RHA began sending breach notification letters to impacted individuals. Based on the website breach notice, RHA is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. A link to the form breach notification that RHA posted on its website is below.
If you received a breach notification letter from Ruffolo, Hooper & Associates, MD, PA:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
