IT Security Incidents

The Oncology Institute confirmed that patient data was potentially accessed following unauthorized access to its systems related to a cybersecurity incident at a third-party vendor affecting healthcare data processing and related services. SEC Filing Disclosure … Read more

A former employee of Nuance Communications has been sentenced for illegally accessing and copying the sensitive data of approximately 1.2 million Geisinger Health System patients after he was terminated from employment. Max Vance, 46 years … Read more

Deaconess Health System reported a data breach involving patient information shared with a third-party vendor, MediCopy, following unauthorized access to a cloud-based file-sharing platform. Incident Overview Deaconess Health System, based in Evansville, Indiana, disclosed a … Read more

A former Nuance Communications employee pleaded guilty in federal court to obtaining information from a protected computer without authorization after accessing and copying data associated with more than 1.2 million Geisinger Health System patient records. … Read more

HIPAA-covered entity, Midwest Physician Administrative Services, LLC doing business as Duly Health and Care agreed to a $3.1 million settlement to resolve class action litigation related to the use of website tracking technology that allegedly … Read more

Conduent Business Services located in New Jersey had earlier sent a breach report to the Oregon Attorney General about a hacking incident in 2024 that affected 10.5 million people across the country. This is one … Read more

The number of people impacted by Oracle Health’s hacking incident is not yet confirmed. The data breach may have impacted roughly 80 hospitals, though there is no report to the public yet of the listing … Read more

HIPAA business associate Doctor Alliance, based in Dallas, TX, is looking into an incident involving a hacker who stole 353 GB of data during a cyberattack in November. On or about November 7, 2025, a … Read more

A dental practice in Nevada, Absolute Dental, has more than 50 centers in Carson City, Las Vegas, Minden, Reno, and Sparks. It concluded its investigation associated with a February 2025 cyberattack and has announced that … Read more

Fundamental Administrative Services, LLC located in Sparks, Maryland, reported the potential compromise of the protected health information (PHI) of 56,235 individuals due to a cyberattack. The healthcare management services firm operates over 85 skilled nursing … Read more

Bone & Joint Clinic S.C. decided to resolve a class action lawsuit by paying $575,000. The lawsuit is associated with a security breach in January 2023 that had 105,094 affected patients and workers. HIPAA-covered entity, … Read more

Sanjai Syamaprasad, 47 years old, from Brooklyn, NY is an ex-employee of the Northwell Health Sleep Disorders Center who was indicted by the Nassau County District Attorney’s Office. Allegedly, Syamaprasad set up a hidden camera … Read more

The state of Rhode Island has published the results of the investigation conducted by cybersecurity company CrowdStrike regarding the hacking incident involving RIBridges, Rhode Island’s state benefit system. The Brain Cipher threat group was behind … Read more

Multiple lawsuits were filed against Southeast Series of Lockton Companies (Lockton) based in Kansas City, Missouri, because of a data breach report submitted to OCR. The initial report was 1,706 people were impacted, but a … Read more

Beacon Health System, based in South Bend, Indiana, has reported two data breaches associated with two business associates. The non-profit health care system added two breach notices on its website. The incident at business associate … Read more

Orthodontic practice management software provider OrthoMinds, based in Alpharetta, Georgia, recently reported a security incident that occurred in November 2024, allowing unauthorized access to patients’ protected health information (PHI). According to forensic investigation, parts of … Read more

A health technology firm in New Jersey encountered a breach of its database online, resulting in the exposure of sensitive data. Anyone could freely access the database with no need for authentication. The database associated … Read more

According to new research, the healthcare industry is the most impacted by third-party breaches. Monitoring by Black Kite, a cyber risk intelligence and risk management software company, showed that 41.2% of third-party breaches occur in … Read more

The HHS’ Office for Civil Rights (OCR) has reported a settlement with Solara Medical Supplies, LLC to settle multiple HIPAA Rules violations. Solara Medical Supplies, LLC is a direct-to-patient supplier of medical products and a … Read more

UT Southwestern Medical Center (UTSW) in Texas submitted a breach report to the HHS’ Office for Civil Rights (OCR) involving an email-linked unauthorized access/disclosure incident that affected the protected health information (PHI) of about 43,048 … Read more

The marketing firm and mailing vendor, Kaye-Smith Enterprises, opted to settle a class action lawsuit associated with a cyberattack and data security breach in 2022. Hackers acquired access to its network, deployed ransomware for file … Read more

Telemedicine platform company and drug discounter GoodRx will pay $25 million to settle a consolidated class action lawsuit. When users became aware that GoodRx used website tracking tools on its platform and shared website visitor … Read more

Postmeds Inc., dba Truepill, an online pharmacy, has agreed to negotiate a class action lawsuit it faced due to a 2023 data breach that impacted 2,364,359 people. U.S. District Court Judge Haywood S. Gilliam gave … Read more

In late September 2024, the UMC Health System in Lubbock, Texas, suffered a ransomware attack that greatly affected its IT infrastructure. The attack forced the health system to divert ambulances and patients to other hospitals … Read more

The U.S. Department of Justice recently announced charges against three Iranian operatives accused of hacking into former President Donald Trump’s campaign and leaking confidential documents. The indictment details the hacking operations linked to Iran’s Islamic … Read more

The prominent cybersecurity company “CrowdStrike”, recently issued a public apology after a widespread IT outage caused by its Falcon Sensor software update brought many systems to a standstill. Affecting an estimated 8.5 million Windows PCs … Read more

Healthcare system Ascension based in St. Louis, MO encountered a ransomware attack in May 2024 that considerably impacted the company, both operationally and financially. Because of the attack, Ascension diverted ambulances, closed pharmacies, took down … Read more

In July 2024, The Walt Disney Company faced a cybersecurity breach when over 1TB of sensitive data was stolen from its internal Slack channels. The breach was carried out by the group ‘NullBulge,’ exposing confidential … Read more

Nearly 8,000 individuals are set to join a High Court case against the outsourcing firm ‘Capita’ , following a cyberattack that occurred in March 2023. Barings Law, the Manchester-based legal firm representing the claimants, has … Read more

The U.S. government has received a set of voluntary commitments from AI industry leaders aimed at addressing the issue of image-based sexual abuse, including non-consensual intimate images (NCII) and child sexual abuse material (CSAM). Big … Read more

In February 2024, Change Healthcare suffered a ransomware attack that exposed sensitive personal and medical data. This breach affected millions of Americans, potentially impacting up to one-third of the U.S. population. By mid-July 2024, Change … Read more

Thousands of Oracle NetSuite SuiteCommerce sites have been found vulnerable to exposing sensitive customer data due to misconfigured access controls on Custom Record Types (CRTs). This issue emanates from user misconfigurations rather than a flaw … Read more

Delta Air Lines is contending with the aftermath of an IT outage that disrupted its operations for several days in July, resulting in thousands of canceled flights and financial losses. The outage, which was caused … Read more

An incident involving CrowdStrike’s Falcon Sensor software recently led to a global crash of millions of Windows devices. The root cause analysis conducted by CrowdStrike traces the issue back to a problematic content update, pointing … Read more

On July 2, 2024, Cisco issued a critical security alert regarding a major vulnerability in its routers exploited by Chinese hackers. The vulnerability, CVE-2023-20109, affects Cisco NX-OS software, allowing attackers to execute arbitrary commands with … Read more

A joint report from analysts at SentinelLabs and Recorded Future has studied two distinct activity clusters targeting government sectors and critical infrastructure globally between 2021 and 2023. The report reveals a worrying trend: actors in … Read more

On June 20, 2024, the United States announced its decision to ban the use of Kaspersky antivirus software, a well-known Russian cybersecurity product. The ban applies to all Americans, both at home and abroad, due … Read more

On May 30, 2024, CISA publicized ICS Medical Alerts for Baxter products and medical devices. Baxter identified two critical vulnerabilities in its Welch Allyn products, namely the Welch Allyn Connex Spot Monitor and the Welch … Read more

A report recently published by Mandiant discloses that the Russian hackers group Sandworm mistakenly targeted a small mill in France, believing it was a hydroelectric dam. This erroneous attack was part of a broader campaign … Read more

Med-Data Inc., a revenue cycle management services provider based in Spring, TX, has reached a $7 million settlement to address all claims arising from a data breach spanning from 2018 to 2019, affecting around 136,000 … Read more

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has announced the settlement of a ransomware investigation involving Green Ridge Behavioral Health, LLC, a Maryland-based psychiatric practice, highlighting the growing … Read more

Change Healthcare, a leading provider of healthcare billing and data systems, finds itself grappling with a severe cybersecurity crisis following the detection of a malicious cyberattack on February 21, 2024. This attack, attributed to the … Read more

The cyber attack exploiting a vulnerability in ConnectWise ScreenConnect software has led to significant disruptions at UnitedHealth’s Change Healthcare, impacting services across the United States. This incident has revealed critical vulnerabilities, affecting not just Change … Read more

In what is being described as France’s largest ever cyberattack, the personal information of over 33 million individuals has been compromised. This breach targeted two French service providers, Viamedis and Almerys, responsible for processing healthcare … Read more

In January 2024, Microsoft disclosed a significant cybersecurity breach in its network, attributed to Nobelium, a group with alleged ties to Russia’s Foreign Intelligence Service. This incident highlights the evolving challenges in digital security that … Read more