Word & Brown Insurance Administrators, Inc.
October 23, 2024
•[ data leak ]
Word & Brown Insurance Administrators, Inc. experienced unauthorized access to an employee workstation on or about October 23, 2024. The attacker accessed and copied insurance administration records containing personal and health-related information for clients and employees. No encryption or operational disruption was reported. Disclosure was filed December 23, 2024.
Gold Coast Health Plan
October 21, 2024
•[ data leak, third-party breach, account takeover ]
Gold Coast Health Plan reported that a contracted vendor (Conduent Business Solutions) suffered a cyberattack involving compromise of a single employee email account, which allowed unauthorized access to certain files during a window from Oct. 21, 2024 to Jan. 13, 2025. The vendor discovered the incident on Jan. 13, 2025 and began an investigation with law enforcement notification. A later forensic review determined that information for 540 plan members could have been exposed, listing specific claim-related and membership data elements; the release stated that Social Security numbers and financial information were not accessed or disclosed.
Ou Medicine (Ou Health)
October 18, 2024
•[ phishing, data leak ]
Ou Health reported unauthorized access to two email accounts impacting patient information.
Central Kentucky Radiology
October 16, 2024
•[ data leak, healthcare, PII ]
Unauthorized actor accessed CKRs network Oct 1618 2024 and copied files; ~167k people impacted; notifications issued mid-June 2025; data stolen from Lexington-based servers; no encryption or operational shutdown confirmed.
Goglia Nutrition LLC d/b/a FuturHealth, Inc.
October 16, 2024
•[ data leak ]
Goglia Nutrition LLC, doing business as FuturHealth Inc., reported a long-running data security incident involving its data hosting environment for the G-Plans personalized nutrition platform. Investigations found that an Undetermined attacker acquired subscriber data on or before October 16, 2024, but FuturHealth did not complete its internal review and begin notifying customers until October 2025. The compromised information consists mainly of subscriber names and health or lifestyle information submitted through G-Plans, while Social Security numbers, driver licenses and financial account details were not involved. FuturHealth has implemented additional security measures and is sending breach notification letters and offering guidance to affected customers.
The Good Life Medical Staff LLC
October 15, 2024
•[ phishing, data leak ]
Healthcare staffing firm reported email account compromise exposing sensitive information
Hillcrest Convalescent Center
October 15, 2024
•[ email compromise, data leak ]
Hillcrest reported email account breach affecting over one hundred thousand individuals.
Drug and Alcohol Treatment Service (DATS)
October 5, 2024
•[ data leak, network intrusion, negligence ]
22,215 patient and employee records containing names, addresses, dates of birth, Social Security numbers, and medical treatment information were accessed during a network intrusion discovered October 2024 at Drug and Alcohol Treatment Service (DATS) in Scranton, Pennsylvania; no ransom demand or actor identified; eight class-action lawsuits filed in May 2025 alleged negligent data protection.
IdeaLab
October 4, 2024
•[ ransomware, data leak ]
IdeaLab confirmed data theft from an Oct 2024 ransomware breach claimed by Hunters International. 137,000 files (~262.8 GB) stolen and leaked impacting employees/contractors and dependents.
Charleston Area Medical Center
October 2, 2024
•[ phishing, data leak ]
Phishing attack on multiple email users; unauthorized access to one mailbox between Oct 23, 2024, possibly exposing personal and health information. No other systems impacted.
Heartland Community Health Center
October 1, 2024
•[ phishing, data leak ]
Clinic reported email account breach exposing sensitive patient and insurance information.
Andy Frain Services
October 1, 2024
•[ ransomware, data leak ]
Physical security firm reported a ransomware intrusion in Oct 2024 attributed to Black Basta with exfiltration of a wide range of data; notices sent to ~100k people in May 2025.
Onsite Mammography
October 1, 2024
•[ phishing, data leak ]
Phishing attack compromised a single employees email account, enabling exfiltration of PII and PHI data affecting over 350,000 individuals; no encryption involved.
Hunter Health Clinic
September 30, 2024
•[ phishing, data leak ]
Clinic said an unauthorized party accessed one employee mailbox around Sept 30, 2024; on May 1, 2025 it confirmed files with PHI/PII may have been accessed; notices issued May 15.
Dove Healthcare
September 29, 2024
•[ phishing, data leak ]
Healthcare provider disclosed email account compromise containing patient and employee information.
AultCare Corporation
September 25, 2024
•[ phishing, data leak ]
An unauthorized party accessed an employee email account and a SharePoint instance on 2024-09-25. AultCare reviewed affected content and began notifying brokers and affected individuals by 2025-01-21.
Michigan Surgery Center
September 23, 2024
•[ data leak ]
Ambulatory surgery center reported unauthorized access to systems containing patient information.
Broadcom Inc
September 15, 2024
•[ ransomware, data leak ]
Ransomware on ADP partner Business Systems House led to theft of Broadcom employee data; leaks appeared in Dec 2024 and full impact was clarified to Broadcom in May 2025.
Grede Holdings LLC
September 12, 2024
•[ data leak ]
Grede Holdings mailed breach notices after unauthorized access exposed consumer information.
Nuna Baby Essentials
September 8, 2024
•[ data leak, payment card information ]
Company disclosed network intrusion exposing payment card information of customers.
