Veradigm Inc.
September 17, 2025
•[ financial, healthcare ]
Veradigm reported on September 26 2025 that it detected unauthorized access to portions of its network on September 17 2025. Investigators determined that data on roughly 1.1 million individuals was accessed, but no encryption, ransom demand, or operational disruption occurred. The actor has not been identified and the intrusion appears financially motivated.
Friendlies Society Dispensary
September 15, 2025
•[ ransomware, malware, healthcare ]
A ransomware attack occurred in September 2025 against the Friendlies Society Dispensary in Toowoomba, Queensland. The pharmacys systems were encrypted, disrupting services for several days. Management reported uncertainty about what data was accessed. The incident was publicly reported on October 1, 2025, by ABC News.
Maida.health (Brazil)
September 15, 2025
•[ leak, healthcare ]
Threat actors reportedly exfiltrated approximately 2 TB of sensitive data from Maida.health, a Brazilian health-technology firm providing services for the Military Police and their families. Stolen data allegedly include medical records, ID documents, and administrative files. No encryption or ransomware activity was reported, and the responsible actor has not been identified.
Cook County Public Health & Human Services
September 11, 2025
•[ insider, healthcare ]
PHHS reported an insider breach in which a now-terminated employee accessed social-services records without authorization; county issued notices and will mail letters to affected individuals; questions directed to county administrator.
Scarva Street Surgery
September 3, 2025
•[ hack, healthcare ]
The PSNI have confirmed they have launched an investigation into a theft at a practice which took place on 20 June.
Farmácia Moniz Silva
September 2, 2025
•[ ransomware, malware, healthcare ]
Ransomware group Qilin claimed responsibility for a September 2025 attack on Farmcia Moniz Silva, a pharmacy located in Luanda, Angola. The group listed the victim on its data-leak site, consistent with broader Qilin activity against healthcare organizations. No confirmation from the victim or Angolan CERT was available.
Farmácia Moniz Silva
September 2, 2025
•[ ransomware, data leak, healthcare ]
Ransomware group Qilin claimed responsibility for a September 2025 attack on Farmcia Moniz Silva, a pharmacy located in Luanda, Angola. The group listed the victim on its data-leak site, consistent with broader Qilin activity against healthcare organizations. No confirmation from the victim or Angolan CERT was available.
Waterford Surgical Center
September 1, 2025
•[ ransomware, malware, healthcare ]
Safepay ransomware group attacked Waterford Surgical Center on September 1, 2025, claiming access to internal systems and exfiltration of sensitive patient and payment data. No disclosure of affected numbers.
University of Hawaii Cancer Center
August 31, 2025
•[ ransomware, data breach, Social Security numbers ]
The University of Hawaii Cancer Center disclosed an August 2025 ransomware incident in which attackers gained unauthorized access to its network, encrypted files, and stole research files containing patient-related information. Reporting indicates the intrusion was discovered on or around August 31, 2025, after which affected servers were isolated and an investigation began. The Cancer Center stated its electronic medical record system was not impacted, but research datasets were affected and a subset of older records included Social Security numbers because they were historically used as identifiers in the 1990s. Due to the sensitivity of the data and the extent of encryption, the organization engaged external experts, obtained a decryption tool, and reported paying a ransom in exchange for a claimed promise by the attackers to delete stolen data, while continuing longer-term recovery and security hardening.
Personic Management Company LLC d/b/a Personic Health
August 29, 2025
•[ data leak, healthcare, third-party breach ]
Healthcare management firm Personic Management Company (Personic Health) reported that an unauthorized actor accessed a third-party software platform used to process patient information on August 29, 2025. The intrusion, discovered on September 1, enabled the attacker to obtain data containing patients names and associated protected health information from Personic-affiliated providers. After engaging external cybersecurity experts and notifying law enforcement, Personic filed breach notices with state regulators and began sending letters to impacted individuals, warning them about identity-theft risks and the potential misuse of their medical data.
Saint Mary’s Home of Erie
August 26, 2025
•[ unauthorized access, PII, PHI ]
A forensic investigation found that an unauthorized party accessed the Saint Marys Home of Erie network between August 26 and 28, 2025. Files and folders containing resident PII and PHI may have been exposed. The incident was reported to HHS OCR for at least 501 individuals while review continues.
Pittsburgh Gastroenterology Associates
August 20, 2025
•[ ransomware, malware, healthcare ]
On August 20, 2025, the Sinobi ransomware group hacked Pittsburgh Gastroenterologys internal systems, exfiltrating sensitive medical and personal information. The practice is involved in notifications and legal investigations following the breach.
MedicSolution
August 9, 2025
•[ ransomware, leak, malware ]
KillSec claimed ransomware attack against Brazilian healthcare IT vendor MedicSolution, disrupting operations and threatening a data leak unless negotiations commence; broader impact under investigation.
Prospect Medical Holdings
August 4, 2025
•[ ransomware, healthcare ]
Prospect Medical Holdings, a chain that owns hospitals as well as more than 165 outpatient facilities, said ransomware hackers had breached its system. Sixteen hospitals and more than a hundred other medical facilities across the United States are offline after the largest cyberattack on a U.S. hospital system since last year. Prospect Medical Holdings, a []
Harbor Behavioral Health
July 25, 2025
•[ leak, healthcare ]
Harbor reported that suspicious activity was identified on Aug 1, 2025; investigation determined an unauthorized party accessed and took files from the network between late July and Aug 1. Notifications were issued Sept 30; no encryption or operational disruption reported.
Harbor (Ohio mental health and substance use provider)
July 25, 2025
•[ leak, healthcare ]
An unauthorized actor accessed Harbors network between July 25 and August 1, 2025, and exfiltrated files containing patient, employee, and board member information. The organization disclosed the breach on September 30, 2025.
Hello Cake
July 25, 2025
•[ leak, healthcare ]
In July 2025, the sexual healthcare product maker Hello Cake suffered a data breach. The data was subsequently posted on a public hacking forum and included 23k unique email addresses along with names, phone numbers, physical addresses, dates of birth and purchases.
Canopy Healthcare
July 18, 2025
•[ unauthorized access, data breach, data leak ]
DataBreaches summarized RNZ reporting that Canopy Health said it identified on July 18, 2025 that an unknown person temporarily obtained unauthorized access to part of its systems used by its administration team. Canopy said forensic review indicated unauthorized access to one of its servers likely occurred and that some data may have been copied. The provider stated the incident was contained, that an investigation was ongoing, and that it sought and obtained an urgent High Court injunction to prevent use or publication of any information that may have been accessed. The report did not enumerate specific data elements or counts of affected individuals.
Survival Flight
July 17, 2025
•[ leak, healthcare ]
Survival Flight discovered a cyber incident on 07/17/2025 impacting IT systems; notice lists likely exposure of patient PHI. DataBreaches reports WorldLeaks claim (~2.8 TB) and previewed data including internal business files plus some patient/member financial/insurance info. Second Survival Flight incident in <1 year.
IMDataCenter
July 15, 2025
•[ leak, hack, misconfiguration ]
Unsecured AWS S3 bucket exposed ~38GB of records; hacker downloaded ~75GB, including ~20M emails, ~37M phone numbers, 50k SSNs/DOBs; affects multiple industries (healthcare, airlines, universities, dealerships). Bucket later secured; lawsuits pending.
