Court Rules
All enforcement actions
Enforcement ActionLow Risk

HIPAA Breach: Heywood Healthcare Inc. including Henry Heywood Memorial Hospital, Athol Memorial Hospital, and Heywood Medical Group, Inc. (“Heywood”) (MA)

Heywood Healthcare Inc. including Henry Heywood Memorial Hospital, Athol Memorial Hospital, and Heywood Medical Group, Inc. (“Heywood”)December 12, 2025HHS Office for Civil Rights

Consumers Affected

500

Summary

Heywood Healthcare Inc. including Henry Heywood Memorial Hospital, Athol Memorial Hospital, and Heywood Medical Group, Inc. (“Heywood”) (Healthcare Provider, MA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.

Laws Cited

HIPAAHITECH Act
45 CFR 164.400-414

Violation Types

Data BreachHealth DataSecurity Failure

Entity Details

Entity

Heywood Healthcare Inc. including Henry Heywood Memorial Hospital, Athol Memorial Hospital, and Heywood Medical Group, Inc. (“Heywood”)

Industry

Healthcare

Official Sources

Official Press Release

https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

HHS Office for Civil Rights Enforcement Page

https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/index.html

Related Enforcement Actions

HHS

BMG of Kansas, Inc.

BMG of Kansas, Inc. (Health Plan, KS) reported a HIPAA breach affecting 1,327 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.

HHS

Manhattan Retirement Foundation d/b/a Meadowlark Hills

Manhattan Retirement Foundation d/b/a Meadowlark Hills (Healthcare Provider, KS) reported a HIPAA breach affecting 14,442 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.

HHS

AltaMed Health Services Corporation

AltaMed Health Services Corporation (Healthcare Provider, CA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.

HHS

Commonwealth Care Alliance

Commonwealth Care Alliance (Health Plan, MA) reported a HIPAA breach affecting 634 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.

HHS

Couve Healthcare Consulting, LLC DBA Evergreen Healthcare Group

Couve Healthcare Consulting, LLC DBA Evergreen Healthcare Group (Business Associate, WA) reported a HIPAA breach affecting 11,795 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record.

HHS

Weill Cornell Medicine

Weill Cornell Medicine (Healthcare Provider, NY) reported a HIPAA breach affecting 516 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.