Legacy Health, LLC
October 24, 2025
•[ data leak, healthcare ]
Legacy Health LLC, a Dallas-based healthcare revenue cycle management company, disclosed that it experienced a data breach affecting 4,031 Texas residents. According to breach notices and law firm investigations, an Undetermined actor accessed data used in medical billing and revenue cycle services, exposing sensitive personal and protected health information. Compromised data includes individuals' names, medical information and health insurance details, increasing the risk of medical identity theft and insurance fraud for affected patients. Legacy Health mailed notification letters on October 24, 2025 and reports that it has taken steps to secure its systems and strengthen cybersecurity controls.
Heywood Hospital and Athol Hospital
October 15, 2025
•[ cybersecurity, healthcare, outage ]
Hospitals reported cybersecurity incident causing outages and Code Black ambulance diversion
CPAP Medical Supplies and Services, Inc.
October 8, 2025
•[ data leak, healthcare, government ]
Data breach affecting ~90,000 military members, veterans and families exposed SSNs and medical details.
Assaf Harofeh Medical Center
October 1, 2025
•[ extortion, data leak, healthcare ]
Hospital hit during Yom Kippur; extortion demand ~$700,000; brief outage of shared records system reported; authorities probing possible data leak.
Cancer patient in charity livestream
September 25, 2025
•[ financial, malware, healthcare ]
A serious accusation in Argentina alleged that influencer Valentn scammed a cancer patient during a charity livestream using a video game called BlockBlasters, which contained hidden malware that stole cryptocurrency from the victims wallet.
Vitas Hospice
September 21, 2025
•[ data leak, third-party breach, healthcare ]
Vitas Hospice Services (Vitas Healthcare) detected a cybersecurity intrusion on 10/24/2025. According to the organizations breach notice and subsequent reporting, the threat actor gained access to certain Vitas systems by using a compromised third-party vendor account. The unauthorized access persisted from approximately 09/21/2025 through 10/27/2025, and the attacker downloaded files containing personal information of current and former patients. Exposed data elements included identifiers (name, address, phone number, date of birth), government identifiers (drivers license number and Social Security number), and protected health information such as medical and insurance details, plus next-of-kin contact information. Government breach tracking and reporting indicated 319,177 individuals were affected. Vitas stated it took steps to secure systems, investigate, and notify impacted individuals, though the specific malware or group responsible was not publicly identified.
Veradigm Inc.
September 17, 2025
•[ financial, healthcare ]
Veradigm reported on September 26 2025 that it detected unauthorized access to portions of its network on September 17 2025. Investigators determined that data on roughly 1.1 million individuals was accessed, but no encryption, ransom demand, or operational disruption occurred. The actor has not been identified and the intrusion appears financially motivated.
Friendlies Society Dispensary
September 15, 2025
•[ ransomware, malware, healthcare ]
A ransomware attack occurred in September 2025 against the Friendlies Society Dispensary in Toowoomba, Queensland. The pharmacys systems were encrypted, disrupting services for several days. Management reported uncertainty about what data was accessed. The incident was publicly reported on October 1, 2025, by ABC News.
Maida.health (Brazil)
September 15, 2025
•[ leak, healthcare ]
Threat actors reportedly exfiltrated approximately 2 TB of sensitive data from Maida.health, a Brazilian health-technology firm providing services for the Military Police and their families. Stolen data allegedly include medical records, ID documents, and administrative files. No encryption or ransomware activity was reported, and the responsible actor has not been identified.
Cook County Public Health & Human Services
September 11, 2025
•[ insider, healthcare ]
PHHS reported an insider breach in which a now-terminated employee accessed social-services records without authorization; county issued notices and will mail letters to affected individuals; questions directed to county administrator.
Scarva Street Surgery
September 3, 2025
•[ hack, healthcare ]
The PSNI have confirmed they have launched an investigation into a theft at a practice which took place on 20 June.
Farmácia Moniz Silva
September 2, 2025
•[ ransomware, malware, healthcare ]
Ransomware group Qilin claimed responsibility for a September 2025 attack on Farmcia Moniz Silva, a pharmacy located in Luanda, Angola. The group listed the victim on its data-leak site, consistent with broader Qilin activity against healthcare organizations. No confirmation from the victim or Angolan CERT was available.
Farmácia Moniz Silva
September 2, 2025
•[ ransomware, data leak, healthcare ]
Ransomware group Qilin claimed responsibility for a September 2025 attack on Farmcia Moniz Silva, a pharmacy located in Luanda, Angola. The group listed the victim on its data-leak site, consistent with broader Qilin activity against healthcare organizations. No confirmation from the victim or Angolan CERT was available.
Waterford Surgical Center
September 1, 2025
•[ ransomware, malware, healthcare ]
Safepay ransomware group attacked Waterford Surgical Center on September 1, 2025, claiming access to internal systems and exfiltration of sensitive patient and payment data. No disclosure of affected numbers.
University of Hawaii Cancer Center
August 31, 2025
•[ ransomware, data breach, Social Security numbers ]
The University of Hawaii Cancer Center disclosed an August 2025 ransomware incident in which attackers gained unauthorized access to its network, encrypted files, and stole research files containing patient-related information. Reporting indicates the intrusion was discovered on or around August 31, 2025, after which affected servers were isolated and an investigation began. The Cancer Center stated its electronic medical record system was not impacted, but research datasets were affected and a subset of older records included Social Security numbers because they were historically used as identifiers in the 1990s. Due to the sensitivity of the data and the extent of encryption, the organization engaged external experts, obtained a decryption tool, and reported paying a ransom in exchange for a claimed promise by the attackers to delete stolen data, while continuing longer-term recovery and security hardening.
Personic Management Company LLC d/b/a Personic Health
August 29, 2025
•[ data leak, healthcare, third-party breach ]
Healthcare management firm Personic Management Company (Personic Health) reported that an unauthorized actor accessed a third-party software platform used to process patient information on August 29, 2025. The intrusion, discovered on September 1, enabled the attacker to obtain data containing patients names and associated protected health information from Personic-affiliated providers. After engaging external cybersecurity experts and notifying law enforcement, Personic filed breach notices with state regulators and began sending letters to impacted individuals, warning them about identity-theft risks and the potential misuse of their medical data.
Saint Mary’s Home of Erie
August 26, 2025
•[ unauthorized access, PII, PHI ]
A forensic investigation found that an unauthorized party accessed the Saint Marys Home of Erie network between August 26 and 28, 2025. Files and folders containing resident PII and PHI may have been exposed. The incident was reported to HHS OCR for at least 501 individuals while review continues.
Pittsburgh Gastroenterology Associates
August 20, 2025
•[ ransomware, malware, healthcare ]
On August 20, 2025, the Sinobi ransomware group hacked Pittsburgh Gastroenterologys internal systems, exfiltrating sensitive medical and personal information. The practice is involved in notifications and legal investigations following the breach.
Barrio Family Health Care Center
August 16, 2025
•[ email compromise, unauthorized access, data leak ]
KENS5 reported Barrio Comprehensive Family Health Care Center notified patients about a cybersecurity incident involving unauthorized access to employee email accounts. The clinic said it discovered the incident on Sept. 16, 2025 and later determined that up to 19,885 individuals may have been affected. The exposed information varied by individual and was contained in the compromised email accounts; the report frames the event as a successful email compromise leading to exposure of patient information.
MedicSolution
August 9, 2025
•[ ransomware, leak, malware ]
KillSec claimed ransomware attack against Brazilian healthcare IT vendor MedicSolution, disrupting operations and threatening a data leak unless negotiations commence; broader impact under investigation.
