John Blacksmith
Exposure of The Oncology Institute Patients’ Data Linked to Third-Party Vendor Breach
The Oncology Institute confirmed that patient data was potentially accessed following unauthorized access to its systems related to a cybersecurity incident at a third-party vendor affecting healthcare data processing and related services. SEC Filing Disclosure and Initial Incident Findings The … Read more
Delta Home Health Care Owner Convicted in Medicare Fraud and Illegal Kickback Scheme
Ruby Scott, owner and operator of Delta Home Health Care LLC in Michigan, was convicted by a federal jury on charges related to healthcare fraud and illegal healthcare kickbacks connected to a scheme that caused more than $1.6 million in … Read more
Nuance Communications Employee Sentenced for Data Breach Violation
A former employee of Nuance Communications has been sentenced for illegally accessing and copying the sensitive data of approximately 1.2 million Geisinger Health System patients after he was terminated from employment. Max Vance, 46 years old, now known as Andre … Read more
Exposed DICOM Servers Increase Risk of PHI Theft and Ransomware Attacks
Healthcare organizations are exposing patient data through improperly secured DICOM servers that are accessible through the public internet, according to a Trend Micro TrendAI analysis that identified thousands of exposed servers across more than 100 countries. The report stated the … Read more
AI Finds 38 Vulnerabilities in OpenEMR Platform
An automated analysis of the OpenEMR electronic medical records platform identified 38 previously unknown vulnerabilities, including two highest severity vulnerabilities rated CVSS 10.0, with potential impact on patient data integrity, system access, and server-level compromise. Vulnerability Findings The analysis identified … Read more
OPM Health Data Collection Proposal Raises HIPAA Compliance and Privacy Concerns
The Office of Personnel Management proposal to collect claims-level health insurance data for federal employees and retirees has generated sustained criticism due to privacy risks, potential violations of the HIPAA Privacy Rule, and concerns about data misuse and insufficient safeguards. … Read more
HSCC Guidance on Managing Third Party AI Risks Issued to Healthcare Organizations
The Health Sector Coordinating Council Cybersecurity Working Group has issued a 109-page guidance document to assist healthcare organizations in managing risks associated with third-party artificial intelligence tools and AI-related supply chains. Guidance Scope And Purpose The document, titled Health Industry … Read more
Concord Orthopaedics Settles Class Action Data Breach Lawsuit
Concord Orthopaedics Professional Association has agreed to a settlement to resolve consolidated class action litigation arising from a November 2024 cybersecurity incident that involved unauthorized access to the personal and protected health information (PHI) of 72,815 individuals. Incident Overview Concord … Read more
Citrix Disclosed Vulnerabilities Affecting NetScaler ADC and NetScaler Gateway
Citrix disclosed a vulnerability tracked as CVE-2026-3055 in NetScaler ADC and NetScaler Gateway that can produce a memory overread whenever the application is configured as a SAML identity provider and that has a CVSS v4 severity score of 9.3. Details … Read more
MediCopy Data Breach Impacts Deaconess Health System
Deaconess Health System reported a data breach involving patient information shared with a third-party vendor, MediCopy, following unauthorized access to a cloud-based file-sharing platform. Incident Overview Deaconess Health System, based in Evansville, Indiana, disclosed a security incident affecting certain patients … Read more
CISA Recommends Strict Administrative Controls of Microsoft Intune
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance instructing U.S. organizations to strengthen administrative controls in Microsoft Intune following a cyberattack on Stryker Corporation that involved data exfiltration and substantial data deletion. Incident Overview The incident involved … Read more
Paubox Research Identifies Email Security Risks Affecting Healthcare Organizations in 2026
Email security failures continue to expose healthcare organizations to breaches and regulatory exposure, with research identifying authentication gaps, encryption weaknesses, and credential theft as contributing factors in healthcare email incidents heading into 2026. Email Remains a Primary Breach Vector in … Read more
Former Nuance Employee Pleads Guilty to Unauthorized Access of Geisinger Patient Records
A former Nuance Communications employee pleaded guilty in federal court to obtaining information from a protected computer without authorization after accessing and copying data associated with more than 1.2 million Geisinger Health System patient records. Guilty Plea in Federal Court … Read more
Rebound Orthopedics & Neurosurgery Settles Data Breach Lawsuit For $2.5 Million
Orthopedic and neurosurgery practice, Rebound Orthopedics & Neurosurgery P.C. based in Vancouver, WA, agreed to a $2,500,000 settlement in a class action lawsuit over a February 2024 data breach that exposed the protected health information (PHI) of 426,536 patients. Security … Read more
Data-Only Extortion Attacks Increased Eleven Times in 2025
Data-only extortion attacks increased elevenfold between November 2024 and November 2025, representing a measurable shift in cyber extortion activity documented in recent threat reporting. Report Findings Arctic Wolf released a 2026 threat report identifying a substantial rise in data-only extortion … Read more
Duly Health and Care Settles Data Breach Lawsuit for $3.1 Million
HIPAA-covered entity, Midwest Physician Administrative Services, LLC doing business as Duly Health and Care agreed to a $3.1 million settlement to resolve class action litigation related to the use of website tracking technology that allegedly disclosed patient information. Settlement Overview … Read more
Capital Health Pays $4.5M to Settle Data Breach Lawsuit
Capital Health agreed to pay $4.5 million to resolve the class action lawsuit over a 2023 data breach that exposed patient data and other personal information. Data Breach Incident Capital Health experienced unauthorized access to its computer systems between November … Read more
Comstar to Settle Alleged HIPAA Violations for $515,000
The Massachusetts Attorney General is investigating Comstar, an ambulance billing and collections company in Massachusetts and determined to have failed to comply with the Massachusetts Data Security Regulations and the Health Insurance Portability and Accountability Act (HIPAA). Comstar is going … Read more
OCR’s Urges HIPAA-Covered Entities to Strengthen System Security
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published its 2026 quarterly cybersecurity newsletter where it prompted HIPAA-covered entities to take do something to strengthen system security and make it harder for hackers to access … Read more
List of Healthcare Providers Affected by TriZetto Provider Solutions Data Breach
TriZetto Provider Solutions, owned by Cognizant, which provides hospitals, doctors, and health systems with revenue management services, has began informing some healthcare clients regarding a recently discovered cybersecurity breach. On October 2, 2025, TriZetto Provider Solutions detected suspicious activity in … Read more
More Than 14.7M Individuals Affected by Conduent Business Services Data Breach
Conduent Business Services located in New Jersey had earlier sent a breach report to the Oregon Attorney General about a hacking incident in 2024 that affected 10.5 million people across the country. This is one of the biggest healthcare data … Read more
Oracle Health Data Breach May Have Affected 80 Hospitals
The number of people impacted by Oracle Health’s hacking incident is not yet confirmed. The data breach may have impacted roughly 80 hospitals, though there is no report to the public yet of the listing of affected hospitals. Oracle Health, … Read more
Cyberattack on ARC Community Services by INC Ransom Ransomware Group
ARC Community Services based in Madison, WI offers to women and children substance use disorder treatment, behavioral health, and support services. It encountered a ransomware attack that resulted in the theft of sensitive information from its system. On November 4, … Read more
Richmond Behavioral Health Authority Data Breach Impacts 113,232 Individuals
Richmond Behavioral Health Authority (RBHA) offers substance abuse and prevention and mental health services in Richmond, Virginia. This HIPAA-covered entity recently encountered a data incident that resulted in the compromise of up to 113,232 individuals’ data. On or about September … Read more
Better Protect Patient Data By Understanding the Risk Environment
Part 1 of the 2025 American Hospital Association (AHA) review of healthcare cybersecurity revealed that from January to October 3, 2025, there were 364 hacking incidents that resulted in the compromise of the health records of 33 million Americans. Although … Read more
Threat Actors Activiely Exploiting Oracle Identity Manager Critical Vulnerability
U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that threat actors are actively exploiting a critical vulnerability identified in Oracle Identity Manager (OIM). CISA advised all government civilian executive branch institutions to patch the vulnerability by December 12, 2025, and … Read more
Attacks on Healthcare Mobile Devices Increased by 224%
Cybersecurity firm Zscaler’s latest report, entitled 2025 Mobile, IoT & OT Threat Report, disclosed a significant increase of cyberattacks on Android mobile gadgets used in critical infrastructure sectors in 2024. Mobile attacks on the energy industry increased by 387%. It … Read more
353 GB Data Stolen from Doctor Alliance
HIPAA business associate Doctor Alliance, based in Dallas, TX, is looking into an incident involving a hacker who stole 353 GB of data during a cyberattack in November. On or about November 7, 2025, a hacker with the nickname Kazu … Read more
224% Increase in Healthcare Sector Attacks Targeting Mobile Gadgets
Cybersecurity company Zscaler’s new report revealed that cyberattacks on Android mobile devices in critical infrastructure industries significantly increased in 2024. The energy sector had the biggest increase in mobile attacks with 387%, followed by healthcare with 224% and manufacturing with … Read more
Neuromusculoskeletal Center of The Cascades Settles Class Action Lawsuit
HIPAA-covered entity Neuromusculoskeletal Center of The Cascades, PC, and Cascade Surgicenter LLC in Oregon decided to resolve a class action lawsuit resulting from a data breach in October 2023. Employee email accounts were accessed by an unauthorized third party from … Read more
Report Reveals Only 23% of Ransomware Attack Victims Pay the Ransom
According to Coveware, a ransomware remediation company, the ransomware scene is divided into two where bigger companies face more targeted, high-cost attacks, while mid-market firms are attacked in volume. Ransomware groups perform high-volume attacks even though the ransom payments are … Read more
Greater Cincinnati Behavioral Health Services Settles Data Breach Litigation for $850K
HIPAA-covered entity Greater Cincinnati Behavioral Health Services (GCBHS) decided to pay approximately $850,000 to settle all claims associated with a ransomware attack in December 2023 involving unauthorized access to patient and worker data. On December 10, 2023, GCBHS discovered the … Read more
Medusa Ransomware Attacks Affect Fortra GoAnywhere Transfer Tool
Medusa ransomware attacks are actively exploiting a critical vulnerability identified in the GoAnywhere MFT secure web-based file transfer tool of Fortra. Microsoft’s Threat Intelligence Team reported that a threat group identified as Storm-1175 is exploiting the vulnerability using Medusa ransomware … Read more
Skagit Regional Health Resolves Data Breach Lawsuit Involving Use of Tracking Technologies
Skagit County Public Hospital District No. 1, also called Skagit Regional Health, operates Skagit Regional Hospital, located in Mount Vernon, Washington, agreed to settle class action litigation prompted by its installation of Meta Pixel and other tracking tools on its … Read more
SSM Health Settlement of Its Patient Portal Tracking Lawsuit
SSM Health will pay individuals who used its MyChart patient portal while it had active tracking tools installed. The individuals whose personal data and health information were disclosed to third parties like Meta and Google will receive a cash payment. … Read more
Verily Faces Lawsuit Over Alleged HIPAA Violations
Verily, owned by Alphabet, is facing a lawsuit filed by an ex-employee who alleges the misuse of the personally identifiable health information of over 25,000 patients, and the failure of the company to submit HIPAA breach reports, as per the … Read more
163,000 Wayne Memorial Hospital Patients Affected by May 2024 Ransomware Attack
Wayne Memorial Hospital patients received notification recently about a ransomware group that stole their protected health information (PHI) fifteen months ago. The 84-bed rural hospital located in Jessup, Georgia, sent personal notifications to the 163,400 patients impacted by the data … Read more
Absolute Dental Notified Over 1.2 Million Individuals About Its Data Breach
A dental practice in Nevada, Absolute Dental, has more than 50 centers in Carson City, Las Vegas, Minden, Reno, and Sparks. It concluded its investigation associated with a February 2025 cyberattack and has announced that the personal data and protected … Read more
Court Approves $40 Million Data Breach Settlement by Cencora & The Lash Group
Cencora & The Lash Group decided to create a $40 million fund to resolve class action litigation over a data breach in February 2024 that affected approximately 1.43 million people. Cencora, Inc., formerly known as AmerisourceBergen, is an American drug … Read more
87 Skilled Nursing Facilities Affected by Fundamental Administrative Services Data Breach
Fundamental Administrative Services, LLC located in Sparks, Maryland, reported the potential compromise of the protected health information (PHI) of 56,235 individuals due to a cyberattack. The healthcare management services firm operates over 85 skilled nursing facilities and rehab centers in … Read more
Critical Vulnerabilities Found in Santesoft Sante PACS Server
Santesoft discovered five vulnerabilities in the medical image archiving and communication system of its Sante PACS Server, which include a critical vulnerability that makes it possible for the interception of user credentials. The vulnerabilities impact all Sante PACS Server versions … Read more
113,500 Individuals Affected by Highlands Oncology Group Ransomware Attack
Highlands Oncology Group, a provider of complete cancer care in six areas in Northwest Arkansas, recently announced a cyberattack that was initially discovered on June 2, 2025. A hacker accessed the Group’s system on January 21, 2025, and stayed in … Read more
Bone & Joint Clinic Pays $575,000 to Resolve Class Action Lawsuit
Bone & Joint Clinic S.C. decided to resolve a class action lawsuit by paying $575,000. The lawsuit is associated with a security breach in January 2023 that had 105,094 affected patients and workers. HIPAA-covered entity, Bone & Joint in Northcentral … Read more
Syracuse ASC Pays $250K to Resolve Violations of HIPAA Risk Analysis and Breach Notification Law
Director Paula M. Stannard of the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced the 18th HIPAA penalty for 2025. Ambulatory surgery center in Liverpool, New York, Syracuse ASC dba Specialty Surgery Center of Central … Read more
Northbay Healthcare Pays $3.6 Million to Resolve Data Breach Lawsuit
Northbay Healthcare Corporation agreed to a settlement to resolve a class action lawsuit associated with a 2024 cyberattack and data breach that impacted approximately 570,000 people. Northbay Healthcare discovered suspicious activity inside its computer system on February 23, 2024. According … Read more
GRIT Reports Drop in Q2 Ransomware Attacks
Ransomware attacks in Q2 of 2025 diminished by 23% compared to the last quarter, but they are 43% higher compared to this time in 2024, with the drop only partly the result of typical seasonal changes. In quarter 2 of … Read more
20 States Sue HHS and DHS for Alleged Illegal Disclosure of Medicaid Data
An alliance of 20 state Attorneys General is filing a lawsuit against the Department of Homeland Security (DHS), DHS Secretary Kristi Noem, the Department of Health and Human Services (HHS), and HHS Secretary Robert F. Kennedy Jr., because of the … Read more
MNGI Digestive Health Resolves Data Breach Lawsuit for $2.8 Million
MNGI Digestive Health consented to resolve a class action lawsuit associated with its negligence for not securing sensitive patient data. The lawsuit is a result of a ransomware attack on the Minnesota gastroenterology practice by the ALPHV/Blackcat ransomware group in … Read more
NIST’s New Guidance on Setting Up Zero Trust Frameworks
The National Institute of Standards and Technology (NIST) has released new guidance on enforcing zero trust architecture (ZTA) to aid companies in dealing with the difficulties of implementing this new cybersecurity strategy. Conventional security entails protecting a perimeter. Examples of … Read more
Class Action Lawsuits Filed Over HealthEC Data Breach
HealthEC LLC faced multiple class action lawsuits because of a data breach that affected about 4.5 million people. Hackers acquired access to the population health management system of HealthEC from July 14 to July 23, 2024, and acquired the sensitive … Read more
