AdventHealth Daytona Beach HIPAA Breach: 821 Patients Affected by Lost Medical Records

In a concerning development for healthcare data security, AdventHealth Daytona Beach has reported a significant HIPAA breach to the Department of Health and Human Services (HHS) involving the loss of physical medical records. The breach, reported on January 20, 2026, has impacted 821 patients and highlights ongoing challenges healthcare providers face in securing patient information.

What Happened

AdventHealth Daytona Beach experienced a "loss" type breach involving paper medical records and film materials. While specific details about how the records were lost have not been publicly disclosed, this incident represents one of the more traditional forms of healthcare data breaches that continue to plague the industry despite the digital transformation of healthcare.

The breach was officially reported to HHS on January 20, 2026, and subsequently appeared on the HHS Wall of Shame, which publicly lists healthcare data breaches affecting 500 or more individuals. This public reporting is required under HIPAA regulations and serves as a transparency measure for patients and the healthcare community.

Who Is Affected

The breach has impacted 821 patients who received care at AdventHealth Daytona Beach. AdventHealth is a large healthcare system operating multiple facilities across Florida and other southeastern states. The Daytona Beach location is one of their key facilities serving the central Florida coast region.

Patients affected by this breach likely received various medical services at the facility, and their paper records and film materials (such as X-rays, MRIs, or other diagnostic imaging) were among the lost items. The hospital is required by law to notify affected patients within 60 days of discovering the breach.

Breach Details

This incident is classified as a "loss" breach, which typically means that physical materials containing protected health information (PHI) have gone missing and cannot be located. Loss breaches differ from theft (where records are deliberately stolen) or unauthorized disclosure (where information is improperly shared).

The fact that this breach involved paper records and films rather than electronic data highlights an important aspect of healthcare data security. While much attention focuses on cybersecurity and electronic health records (EHR) protection, physical records remain vulnerable to loss, theft, and improper disposal.

Key characteristics of this breach:

• Scale: 821 patients affected
• Type: Physical loss of materials
• Materials: Paper records and medical films
• Location: Healthcare provider facility
• Discovery: Specific timeline not disclosed

What This Means for Patients

For the 821 affected patients, this breach could have several implications:

Privacy Concerns: Patient medical information may be accessible to unauthorized individuals if the lost records are found by someone outside the healthcare system.

Identity Theft Risk: Medical records often contain sensitive personal information including Social Security numbers, addresses, birth dates, and insurance information that could be used for identity theft.

Medical Care Disruption: Lost medical records could impact continuity of care, especially if the missing documents contained important diagnostic information or treatment histories.

Legal Rights: Affected patients have the right to receive detailed notification about what information was involved and what steps the healthcare provider is taking to address the situation.

How to Protect Yourself

If you are a patient at AdventHealth Daytona Beach or any healthcare facility, consider these protective measures:

Monitor Your Accounts: Regularly review your credit reports, insurance statements, and medical bills for any suspicious activity.

Request Medical Records: Consider obtaining copies of your important medical records for your personal files, ensuring you have backup documentation.

Ask Questions: Don't hesitate to ask healthcare providers about their data security measures and how they protect both electronic and physical records.

Report Suspicious Activity: If you notice any unauthorized use of your medical information or identity, report it immediately to your healthcare provider and relevant authorities.

Stay Informed: Keep track of breach notifications from your healthcare providers and take recommended actions promptly.

Prevention Lessons for Healthcare Providers

This incident offers several important lessons for healthcare organizations:

Physical Security Matters: Even as healthcare becomes increasingly digital, physical security of paper records and films remains crucial. Healthcare providers must implement robust policies for handling, storing, and tracking physical PHI.

Inventory Management: Maintaining accurate inventories of physical records and implementing check-out/check-in procedures can help prevent loss and enable quick detection when materials go missing.

Staff Training: Regular training on proper handling of both electronic and physical PHI helps ensure all staff members understand their responsibilities under HIPAA.

Incident Response: Having a clear incident response plan helps organizations respond quickly when breaches occur, potentially minimizing impact and ensuring compliance with notification requirements.

Risk Assessments: Regular security risk assessments should evaluate both digital and physical vulnerabilities to PHI.

The AdventHealth Daytona Beach breach serves as a reminder that healthcare data security requires comprehensive approaches addressing both traditional and modern risks. While cybersecurity threats often dominate headlines, the fundamental challenge of protecting physical medical information remains relevant for healthcare providers nationwide.

As healthcare organizations continue to balance patient care delivery with privacy protection, incidents like this underscore the importance of maintaining vigilant security practices across all forms of patient information storage and handling.

Protect your practice with AI-powered HIPAA compliance. Get started with HIPAA Agent.