Data breaches or leaks involving health or medical data.
Bank Info Security reports: Montana state regulators are investigating a data breach affecting 462,000 Blue Cross Blue Shield of Montana members involving one of the health insurer’s third-party services providers – and they want to know why nearly 10 months have gone by without notifying the breach victims. It took nearly four months for the […]
From Polsinelli PC: In two separate but related actions, third party administrators (TPAs) and their insurance business partners agreed to substantial settlements to resolve allegations that they failed to adequately safeguard sensitive data from cyberattacks. Though neither case involved a finding of fault, both spotlight a growing trend: plaintiffs and regulators are treating basic cybersecurity […]
From HHS OCR:
BankInfoSecurity reports: With ransomware gang Nova threatening to leak patient data on the darkweb, a Dutch laboratory that performs cervical cancer tests for a government screening program is mum about the ransom negotiations, but it says the cyberattack in July has affected 941,000 patients – nearly double the initial estimate of 485,000 people. Bevolkingsonderzoek Nederland, […]
In what is currently the third largest health data breach of 2025, kidney dialysis provider DaVita has reported a ransomware attack to HHS. Bleeping Computer reports: Kidney dialysis firm DaVita has confirmed that a ransomware gang that breached its network stole the personal and health information of nearly 2.7 million individuals. DaVita serves over 265,400 […]
There is a settlement in litigation stemming from a breach reported last year that affected more than three dozen Cencora/Lash Group clients, and more than 1.4 million patients at last public count. The HIPAA Journal now reports: Cencora & The Lash Group have agreed to pay $40 million to settle class action data breach litigation […]
ClaimDepot reports: On July 3, 2025, Sanderling Healthcare became the victim of a significant ransomware attack that may have impacted thousands of patients. The data breach was orchestrated by the Sarcoma group disclosed on the dark web, where the attackers claimed to have hacked and accessed sensitive data from the company’s systems. According to the […]
Bleeping Computer reports: AMEOS Group, an operator of a massive healthcare network in Central Europe, has announced it has suffered a security breach that may have exposed customer, employee, and partner information. The organization published a statement on its website, as required by Article 34 of the General Data Protection Regulation (GDPR), which mandates a […]
The Daily Security Review reports: Episource, a key healthcare services provider under UnitedHealth Group’s Optum division, has disclosed a significant data breach that exposed the sensitive personal and medical data of more than 5.4 million individuals. The company, which offers risk adjustment and medical coding services to healthcare providers and insurers, identified unauthorized access to […]
Pharmacy Times reports: In January 2021, a nationwide mail-order pharmacy located in Massachusetts experienced a data breach. The pharmacy discovered the breach in May 2021 and investigated to determine its scope. Personally identifiable information (PII), including names and Social Security numbers for more than 75,000 customers, was breached. In February 2022, 9 months after the […]
