HHS Releases Updated Security Risk Assessment Tool
From HHS OCR:
Dutch Lab Cancer Screening Hack Balloons to 941,000 Victims
BankInfoSecurity reports: With ransomware gang Nova threatening to leak patient data on the darkweb, a Dutch laboratory that performs cervical cancer tests for a government screening program is mum about the ransom negotiations, but it says the cyberattack in July has affected 941,000 patients – nearly double the initial estimate of 485,000 people. Bevolkingsonderzoek Nederland, […]
DaVita says ransomware gang stole data of nearly 2.7 million people
In what is currently the third largest health data breach of 2025, kidney dialysis provider DaVita has reported a ransomware attack to HHS. Bleeping Computer reports: Kidney dialysis firm DaVita has confirmed that a ransomware gang that breached its network stole the personal and health information of nearly 2.7 million individuals. DaVita serves over 265,400 […]
Cencora & The Lash Group Settle Data Breach Litigation for $40 Million
There is a settlement in litigation stemming from a breach reported last year that affected more than three dozen Cencora/Lash Group clients, and more than 1.4 million patients at last public count. The HIPAA Journal now reports: Cencora & The Lash Group have agreed to pay $40 million to settle class action data breach litigation […]
Sanderling Healthcare Breach: 25 Years of Data Stolen
ClaimDepot reports: On July 3, 2025, Sanderling Healthcare became the victim of a significant ransomware attack that may have impacted thousands of patients. The data breach was orchestrated by the Sarcoma group disclosed on the dark web, where the attackers claimed to have hacked and accessed sensitive data from the company’s systems. According to the […]
Major European healthcare network discloses security breach
Bleeping Computer reports: AMEOS Group, an operator of a massive healthcare network in Central Europe, has announced it has suffered a security breach that may have exposed customer, employee, and partner information. The organization published a statement on its website, as required by Article 34 of the General Data Protection Regulation (GDPR), which mandates a […]
Episource Data Breach Hits Over 5 Million Patients, Sensitive Medical and Insurance Data Potentially Exposed
The Daily Security Review reports: Episource, a key healthcare services provider under UnitedHealth Group’s Optum division, has disclosed a significant data breach that exposed the sensitive personal and medical data of more than 5.4 million individuals. The company, which offers risk adjustment and medical coding services to healthcare providers and insurers, identified unauthorized access to […]
Patients Allege Home Delivery Pharmacy Failed Timely Notification of Data Breach
Pharmacy Times reports: In January 2021, a nationwide mail-order pharmacy located in Massachusetts experienced a data breach. The pharmacy discovered the breach in May 2021 and investigated to determine its scope. Personally identifiable information (PII), including names and Social Security numbers for more than 75,000 customers, was breached. In February 2022, 9 months after the […]
Ascension discloses multiple third-party data breaches
Over the course of the last year, Ascension Health has been affected by several third-party data breaches impacting its patients across multiple states. TechTarget reports: Ascension Health, a Missouri-based Catholic health system, has disclosed several third-party data breaches in 2025, impacting patients across its network of hospitals and care facilities. While Ascension posted notices for […]
Charlotte Clinic Owner Agrees To Settle Allegations Of Medicaid Fraud
A press release from the U.S. Attorney’s Office, Western District of North Carolina: CHARLOTTE, N.C. – Steven Osbey, of Kernersville, N.C., has agreed to entry of a consent judgment against him in the amount of $4,711,159.00 in favor of the United States and State of North Carolina (the Governments), subject to a separate agreement regarding […]