Data breaches or leaks involving health or medical data.
HackRead reports: Barts Health NHS Trust has confirmed that the Russian-speaking Cl0p ransomware group stole files from one of its invoice databases after exploiting a vulnerability in Oracle E-Business Suite. The breach exposed data linked to payments for treatment and services, with some records going back several years. Hackread.com first reported on the Cl0p activity in November twenty twenty […]
The Illinois Times reports: A court hearing is scheduled Dec. 4 to finalize a $7.6 million settlement that would pay people whose personal information was seized by hackers in a targeted cyber attack that temporarily crippled Hospital Sisters Health System in 2023. The nonprofit health system, based in rural Sangamon County near Riverton, discovered the […]
DataBreaches.net reports that Doctor Alliance, a business associate to covered entities in the healthcare sector, recently fell prey to a cyberattack that allegedly comprised 353 GB of patient files. Making matters even worse, after assuring clients that the vulnerability had been addressed and everything was secure, it was attacked again by the same threat actor […]
Notice of Data Security Incident On October 23, 2025, Michael R. Schwartz, M.D., Inc. (“the Practice”) mailed notification letters to certain individuals whose information may have been involved in a recent data security incident. On or about August 25, 2025, the Practice became aware that an unauthorized party gained remote access to one computer within […]
Yale News reports a settlement stemming from a March, 2025 data breach that the Yale New Haven Health System reported to HHS as impacting 5,556,702 individuals: The Yale New Haven Health System has agreed to finance an $18 million settlement fund in response to a class action lawsuit about a data breach that allowed an unauthorized third […]
The Grand Junction Daily Sentinel reports: On Tuesday morning, Family Health West Hospital in Fruita discovered that it was the target of a cyberattack. While the cyberattack forced the hospital to shut down its electronic systems, a hospital spokesperson said that patient care has not been impacted, nor do they expect it will be. They […]
Vibra Hospital of Sacramento, LLC recently reported a data breach to the California Attorney General’s Office. According to their notification, they became aware of suspicious activity in several employee email accounts on March 13. Their investigation subsequently revealed that six employees’ email accounts had been subject to unauthorized access between March 11 and March 22. […]
Bank Info Security reports: Montana state regulators are investigating a data breach affecting 462,000 Blue Cross Blue Shield of Montana members involving one of the health insurer’s third-party services providers – and they want to know why nearly 10 months have gone by without notifying the breach victims. It took nearly four months for the […]
From Polsinelli PC: In two separate but related actions, third party administrators (TPAs) and their insurance business partners agreed to substantial settlements to resolve allegations that they failed to adequately safeguard sensitive data from cyberattacks. Though neither case involved a finding of fault, both spotlight a growing trend: plaintiffs and regulators are treating basic cybersecurity […]
From HHS OCR:
