CareCloud
March 16, 2026
•[ unauthorized access, service disruption, electronic health record ]
An unauthorized third party temporarily accessed part of CareCloud Health and partially disrupted functionality and data access in one electronic health record environment before service was restored the same evening.
Navia Benefit Solutions, Inc.
December 22, 2025
•[ data breach, unauthorized access, personally identifiable information ]
BleepingComputer reported that Navia notified nearly 2.7 million people of a data breach after an investigation determined an unauthorized actor accessed and acquired certain information between December 22, 2025 and January 15, 2026; suspicious activity was discovered on January 23. Navia stated the exposed data can include full name, date of birth, Social Security number, phone number, email address, and benefits-administration details such as HRA participation, FSA information, and COBRA enrollment, while stating that claims and financial details were not exposed. The company reported notifying law enforcement and offering identity protection services.
Precipio Inc.
November 23, 2025
•[ unauthorized access, data leak, protected health information ]
Precipio posted a Notice of Data Event stating it learned on or about November 25, 2025 that an unauthorized user accessed an employees cloud-based storage account. The companys investigation (with third-party cybersecurity specialists) determined the unauthorized access occurred on or around November 23, 2025 and that certain files in the account were copied without authorization. Precipio stated the impacted information varies by person but may include identifiers and protected health information such as names, addresses, MRNs, DOB, clinical/treatment and procedure information, provider name, prescription information, and health insurance information. The notice said law enforcement was notified and that additional notifications would follow after file review completion.
Insightin Health
September 17, 2025
•[ data leak, unauthorized access, zero-day vulnerability ]
Insightin Health disclosed that an unauthorized party gained access to its GoAnywhere file-transfer tool by exploiting an unknown design flaw, potentially accessing data on a subset of servers between 09/17/2025 and 09/23/2025. Insightin said it identified unusual activity on 09/23/2025, stopped further access, and reviewed impacted files. On 02/12/2026, a health plan confirmed some members information was included. The data involved included name, health care provider name, insurance information, and member ID; no Social Security numbers or financial information were reported involved in the notice excerpt.
Munson Healthcare (via Cerner legacy systems)
January 22, 2025
•[ data leak, third party breach, healthcare data ]
Munson Healthcare confirmed that an unauthorized third party gained access to and obtained data maintained by its electronic health record vendor, Cerner, on legacy Cerner systems used by Munson. The investigation indicated access occurred at least as early as January 22, 2025, and could have exposed patient identifiers and clinical information, including Social Security numbers and medical record data. Munson and Cerner reported taking steps to secure the affected systems and notified impacted individuals with options for identity-protection services.
Dr. F.H. Wigmore Regional Hospital patients
July 1, 2024
•[ insider threat, unauthorized access, privacy breach ]
Saskatchewans Information and Privacy Commissioner found a privacy breach at Dr. F.H. Wigmore Regional Hospital where an emergency department unit clerk inappropriately accessed their own health record and the records of 98 other people, for a total of 102 accesses between July 2024 and June 2025. The decision found the employee also disclosed information learned from records in at least two instances, including sharing private health information with a co-worker and texting a family member about another relatives hospital admission.
