Data breaches or leaks involving health or medical data.
DataBreaches.net reports that Doctor Alliance, a business associate to covered entities in the healthcare sector, recently fell prey to a cyberattack that allegedly comprised 353 GB of patient files. Making matters even worse, after assuring clients that the vulnerability had been addressed and everything was secure, it was attacked again by the same threat actor […]
Notice of Data Security Incident On October 23, 2025, Michael R. Schwartz, M.D., Inc. (“the Practice”) mailed notification letters to certain individuals whose information may have been involved in a recent data security incident. On or about August 25, 2025, the Practice became aware that an unauthorized party gained remote access to one computer within […]
Yale News reports a settlement stemming from a March, 2025 data breach that the Yale New Haven Health System reported to HHS as impacting 5,556,702 individuals: The Yale New Haven Health System has agreed to finance an $18 million settlement fund in response to a class action lawsuit about a data breach that allowed an unauthorized third […]
The Grand Junction Daily Sentinel reports: On Tuesday morning, Family Health West Hospital in Fruita discovered that it was the target of a cyberattack. While the cyberattack forced the hospital to shut down its electronic systems, a hospital spokesperson said that patient care has not been impacted, nor do they expect it will be. They […]
Vibra Hospital of Sacramento, LLC recently reported a data breach to the California Attorney General’s Office. According to their notification, they became aware of suspicious activity in several employee email accounts on March 13. Their investigation subsequently revealed that six employees’ email accounts had been subject to unauthorized access between March 11 and March 22. […]
Bank Info Security reports: Montana state regulators are investigating a data breach affecting 462,000 Blue Cross Blue Shield of Montana members involving one of the health insurer’s third-party services providers – and they want to know why nearly 10 months have gone by without notifying the breach victims. It took nearly four months for the […]
From Polsinelli PC: In two separate but related actions, third party administrators (TPAs) and their insurance business partners agreed to substantial settlements to resolve allegations that they failed to adequately safeguard sensitive data from cyberattacks. Though neither case involved a finding of fault, both spotlight a growing trend: plaintiffs and regulators are treating basic cybersecurity […]
From HHS OCR:
BankInfoSecurity reports: With ransomware gang Nova threatening to leak patient data on the darkweb, a Dutch laboratory that performs cervical cancer tests for a government screening program is mum about the ransom negotiations, but it says the cyberattack in July has affected 941,000 patients – nearly double the initial estimate of 485,000 people. Bevolkingsonderzoek Nederland, […]
In what is currently the third largest health data breach of 2025, kidney dialysis provider DaVita has reported a ransomware attack to HHS. Bleeping Computer reports: Kidney dialysis firm DaVita has confirmed that a ransomware gang that breached its network stole the personal and health information of nearly 2.7 million individuals. DaVita serves over 265,400 […]
