Full List

Search

Search Results (healthcare)

• Prospect Medical Holdings August 4, 2025 • [ ransomware, healthcare ] Prospect Medical Holdings, a chain that owns hospitals as well as more than 165 outpatient facilities, said ransomware hackers had breached its system. Sixteen hospitals and more than a hundred other medical facilities across the United States are offline after the largest cyberattack on a U.S. hospital system since last year. Prospect Medical Holdings, a []
• Harbor Behavioral Health July 25, 2025 • [ leak, healthcare ] Harbor reported that suspicious activity was identified on Aug 1, 2025; investigation determined an unauthorized party accessed and took files from the network between late July and Aug 1. Notifications were issued Sept 30; no encryption or operational disruption reported.
• Harbor (Ohio mental health and substance use provider) July 25, 2025 • [ leak, healthcare ] An unauthorized actor accessed Harbors network between July 25 and August 1, 2025, and exfiltrated files containing patient, employee, and board member information. The organization disclosed the breach on September 30, 2025.
• Hello Cake July 25, 2025 • [ leak, healthcare ] In July 2025, the sexual healthcare product maker Hello Cake suffered a data breach. The data was subsequently posted on a public hacking forum and included 23k unique email addresses along with names, phone numbers, physical addresses, dates of birth and purchases.
• Survival Flight July 17, 2025 • [ leak, healthcare ] Survival Flight discovered a cyber incident on 07/17/2025 impacting IT systems; notice lists likely exposure of patient PHI. DataBreaches reports WorldLeaks claim (~2.8 TB) and previewed data including internal business files plus some patient/member financial/insurance info. Second Survival Flight incident in <1 year.
• IMDataCenter July 15, 2025 • [ leak, hack, misconfiguration ] Unsecured AWS S3 bucket exposed ~38GB of records; hacker downloaded ~75GB, including ~20M emails, ~37M phone numbers, 50k SSNs/DOBs; affects multiple industries (healthcare, airlines, universities, dealerships). Bucket later secured; lawsuits pending.
• Ohio Medical Alliance (Ohio Marijuana Card) July 14, 2025 • [ leak, misconfiguration, healthcare ] Unsecured database exposed sensitive records of an estimated 30,00040,000 Ohio medical cannabis patients. Data included names, addresses, phone numbers, email addresses, medical marijuana card numbers, state ID numbers, and medical information. The database was discovered on July 14, 2025, by a security researcher and secured on July 15; no evidence of ransomware or encryption was found.
• Philadelphia Corporation for Aging July 10, 2025 • [ data leak, healthcare ] A data breach at the Philadelphia Corporation for Aging allowed unauthorized access to systems between July 10 and July 25, 2025, during which personal and protected health information for 19,820 individuals was copied. PCA filed notice on November 4, 2025.
• Undisclosed Florida orthopedic practice July 8, 2025 • [ data leak, healthcare ] Beckers reports a data breach affecting a Florida orthopedic practice; details on scope and vector limited.
• Woodlawn Health July 5, 2025 • [ ransomware, malware, healthcare ] Woodlawn Health in Rochester, Indiana suffered a ransomware attack starting July 5, 2025, which encrypted systems and disrupted clinical and administrative operations. Systems were gradually restored, and officials confirmed that some patient care was impacted. Investigations continue into whether personal or medical data was exfiltrated.
• Clinical Diagnostics NMDL (Eurofins) lab systems July 3, 2025 • [ hack, healthcare ] A breach at the Clinical Diagnostics NMDL lab in Rijswijk compromised personal and medical data of women who participated in cervical cancer screenings; hackers accessed the data starting July 3, 2025, with notification to affected individuals beginning around August 11
• University of Iowa Community HomeCare July 3, 2025 • [ hack, healthcare ] Cybercriminal gained unauthorized access to UI Community HomeCare computer system on July 3, 2025; systems restored within one business day but files containing patient information were viewed and copied.
• Royal Health July 3, 2025 • [ hack, healthcare ] Data breach at Royal Health Inc. detected on or about July 3, 2025, where an unauthorized party accessed documents potentially containing full names and Social Security numbers. The breach was disclosed to the Massachusetts Attorney General and notifications began August 21. Compensation inquiries are underway under Levi & Korsinsky LLPs investigation.
• OutcomesOne July 1, 2025 • [ social, phishing, healthcare ] A phishing attack compromised a single employees email account for about one hour at OutcomesOne, a Florida-based professional services firm providing health IT and medication management support to insurers and pharmacies. Attackers accessed PHI stored in the organizations email application server, exposing data of roughly 149,000 individuals including names, demographics, provider, insurance, and medication information. No Social Security numbers or financial data were involved.
• Pulse Urgent Care Center July 1, 2025 • [ data leak, unauthorized access, healthcare ] Unauthorized access to Pulse Urgent Care Centers network exposed patient PHI; no encryption or quantitative scope reported and threat actor unconfirmed.
• MPOWERHealth June 29, 2025 • [ ransomware, leak, hack ] WorldLeaks, a criminal ransomware group, claimed responsibility for a June 29, 2025 cyberattack on MPOWERHealth in Addison, Texas. The attackers exfiltrated roughly 1.5 TB of data (over 1.6 million files), including PHI, insurance claims, internal documents, login credentials, and cyber-insurance records. While negotiations began, the company ceased responding, after which WorldLeaks leaked the stolen files. Reports indicate data theft and exposure but no confirmed operational outage.
• Somerset County Children & Youth Services June 26, 2025 • [ hack, healthcare ] Email accounts of Somerset County CYS were breached during a fourday period; exposed data includes Social Security and insurance IDs, medical dates, condition/treatment info, sometimes paternity testing info; no confirmed misuse yet; County working with forensics, notifying affected, improving email security and staff training.
• Viva Health Insurance June 14, 2025 • [ leak, misconfiguration, healthcare ] Viva Health, an Alabama-based health insurance company headquartered in Birmingham, experienced exposure of a web-accessible file from June 14 to August 27, 2025. The file contained limited PHI for about 4,945 members and was removed upon discovery. No misuse or encryption was reported.
• Sturgis Hospital June 12, 2025 • [ hack, healthcare ] Sturgis Hospital confirmed a second unauthorized network access event discovered in June 2025 while investigating an earlier breach. The incident involved potential access to protected health information. No ransomware or disruption to hospital operations was reported.
• Cardiovascular Medicine Associates, PA (MyCardiologist) June 12, 2025 • [ data leak, healthcare, email compromise ] Hackers accessed MyCardiologists email environment between May 30 and June 12 2025, exfiltrating patient information including medical and insurance details; no encryption or quantitative data reported.