Search Results for "healthcare"

Boston Mountain Rural Health Center February 27, 2026 • [ hacking, IT incident, network server ] Boston Mountain Rural Health Center reported a hacking/IT incident involving a network server on February 27, 2026, affecting 4,800 individuals and potentially exposing sensitive personal health information; specific exposed data fields were not publicly reported.

An undisclosed U.S. healthcare organization February 24, 2026 • [ ransomware, healthcare, encryption ] Beazley Security and Halcyon reported that Pay2Key maintained access to a compromised administrative account at an undisclosed U.S. healthcare organization for several days before deploying ransomware in late February 2026 and encrypting the environment within three hours; no data exfiltration or ransom demand was reported.

University of Mississippi Medical Center (UMMC) February 20, 2026 • [ ransomware, operational disruption, healthcare ] UMMC reported a ransomware attack triggered its emergency operations plan and forced it to cancel all clinic appointments and elective procedures at locations statewide while it assessed the intrusion and worked to restore systems. Public reporting described broad impacts to phone and electronic systems and significant disruption to patient care workflows, with staff reverting to manual processes. UMMC stated it was working with federal authorities (including the FBI) and external experts to investigate scope and recover operations; reporting at the time did not confirm whether patient data was exfiltrated, but the primary confirmed effect was major operational disruption across the health system.

Telecare Corporation February 19, 2026 • [ ransomware, data leak, healthcare ] Qilin claimed responsibility for an attack on Telecare Corporation on February 19, 2026 and threatened to release sensitive healthcare data unless negotiations began. DataBreach indexed 275,644 rows and listed exposed fields including Social Security numbers, dates of birth, email addresses, phone numbers, names, and street addresses. Public reporting did not confirm encryption, data destruction, attacker-caused operational disruption, or the exact intrusion vector.

EBR Systems February 13, 2026 • [ network disruption, unauthorized access, patient health data ] EBR Systems experienced a network disruption around February 13, 2026 and later determined that certain information stored on its network, including a limited amount of patient health data, was subject to unauthorized access; the incident was contained and did not cause material business disruption.

Nippon Medical School Musashi Kosugi Hospital (æ—¥æœ¬åŒ»ç§‘å¤§å¦æ¦è”µå°æ‰ç—…é™¢) February 6, 2026 • [ ransomware, data breach, healthcare ] Japans Nippon Medical School Musashi Kosugi Hospital disclosed it suffered a ransomware attack after nurse-call terminals malfunctioned and investigation found its nurse-call system servers were attacked. The hospital stated patient personal information stored on the nurse-call system servers was stolen and that the intrusion path was tied to a maintenance VPN device. Public reporting in Japan said attackers demanded a large ransom (reported internationally as about $100 million). The hospital stated it would not comply with the ransom demand and reported that clinical services continued while investigation and recovery actions proceeded.

MRO Corp. January 20, 2026 • [ data breach, third-party vendor incident, healthcare ] DataBreaches summarized a disclosure that a data breach at third-party medical records vendor MRO Corp. exposed personal and health information of patients tied to two Deaconess Health System hospitals in Western Kentucky (Deaconess Henderson Hospital and Deaconess Union County Hospital), as well as affected clinic patients whose records were subject to release-of-information requests. The health system stated the breach did not affect Deaconess internal systems or its electronic medical records platform; the incident was contained to the ROI vendor environment. The reporting did not enumerate specific data elements in the excerpt.

Tampa Bay Dental Implants & Periodontics January 19, 2026 • [ ransomware, electronic medical records, backup data ] Tampa Bay Dental Implants & Periodontics identified a ransomware incident on January 19, 2026 affecting an internal legacy server containing backup electronic medical record data. The practice said it found no evidence of data exfiltration or misuse, but encryption of legacy system logs prevented it from forensically ruling out unauthorized access. The incident was reported to HHS OCR as affecting 6,400 individuals.

MediCopy Services, Inc. January 13, 2026 • [ unauthorized access, data leak, healthcare ] An unauthorized actor accessed MediCopy Services' cloud-based file-sharing platform on January 13, 2026, and downloaded files related to release-of-information requests for certain Deaconess patients, including patients of Deaconess Henderson Hospital, Deaconess Union County Hospital, and surrounding clinics. Deaconess stated that its own IT systems and electronic medical record system were not impacted.

Waterloo Regional Health Network January 13, 2026 • [ personal health information, third-party security incident, data breach ] Waterloo Regional Health Network notified patients that a third-party security incident affecting its connection to the Health Report Manager service may have exposed personal health information for approximately 150,000 patients who received care between April 2025 and January 2026. WRHN said the incident occurred outside WRHNs internal systems, was contained within hours on January 13, and no misuse was believed likely.

AZ Monica January 13, 2026 • [ cyberattack, operational disruption, healthcare ] AZ Monica hospital in Antwerp reported a cyberattack discovered around 6:30 a.m. after staff observed a serious IT failure. As a precaution, the hospital shut down all servers across both campuses (Deurne and Antwerp/Harmonie), and law enforcement opened an investigation with the cyber crime unit on site. Because clinicians could not access electronic patient records, the hospital postponed non-urgent care and maintained emergency care at a reduced level. Reporting stated at least 70 planned operations were cancelled, roughly 70 patients were sent home, and seven patients were transferred to other hospitals as a precaution. Public reporting did not confirm encryption, ransom demands, or data theft, focusing primarily on operational disruption and patient-care impact.

Undisclosed Taiwanese healthcare organization #5 January 12, 2026 • [ ransomware, cyber intrusion, data exfiltration ] The CrazyHunter ransomware group conducted a cyber intrusion against a healthcare organization in Taiwan by exploiting application-layer access, resulting in unauthorized access and data exfiltration. Security reporting confirms the victim as one of multiple Taiwanese healthcare entities affected, though specific organizational details were not publicly disclosed.

Pecan Tree Dental, PLLC January 11, 2026 • [ data breach, data exfiltration, personally identifiable information ] Pecan Tree Dental, PLLC, a dental practice in Grand Prairie, Texas, discovered a cybersecurity incident on January 11, 2026. Sinobi claimed responsibility and claimed to have exfiltrated 250 GB of data. HHS/OCR-style reporting listed 13,300 affected individuals, while DataBreach.com indexed 24,504 rows containing Social Security numbers, email addresses, and phone numbers. Public reporting did not confirm successful encryption or operational disruption.

Mt. Spokane Pediatrics January 1, 2026 • [ ransomware, data leak, healthcare ] Mt. Spokane Pediatrics experienced unauthorized access to certain systems in its network environment on or about January 1, 2026, and files containing patient information were removed. LockBit 5.0 claimed responsibility on January 3, 2026 and threatened to leak the stolen data. The clinic's forensic investigation determined on April 22, 2026 that exfiltrated files contained personal and protected health information for 32,021 individuals, including 29,410 Washington accounts.

ManageMyHealth December 30, 2025 • [ ransomware, data leak, healthcare ] A significant volume of patient medical records was accessed and partially encrypted in a cyber intrusion targeting document systems The threat actor issued a ransom demand and published some data samples online before legal action was taken The breach was discovered in late December and publicly confirmed shortly after

Sports Medicine and Orthopedics December 30, 2025 • [ ransomware, data leak, healthcare ] Sports Medicine & Orthopaedics, a now-closed practice in East Providence, Rhode Island, reported that it was impacted by a ransomware incident in October 2025. Reporting indicates the attack exposed personal and health-related information for roughly 4,000 patients, prompting the practice to issue breach notifications after it had already shut down operations. Public accounts describe a ransomware-driven compromise that resulted in unauthorized access to patient information (typical elements in these incidents include identifiers and clinical/billing-related data), with the key confirmed impact being exposure of patient data tied to the practice rather than a long-running operational outage (since the practice was shuttered).

Southern Oregon Neurosurgery December 30, 2025 • [ email compromise, hacking, data leak ] Southern Oregon Neurosurgery (Southern Oregon Neurosurgical and Spine Associates, PC) disclosed a hacking incident that stemmed from an email breach and affected at least 1,000 individuals. According to reporting, the incident occurred in November 2025; the organization said its IT staff isolated the issue immediately once identified. The breach was reported to HHS as a hacking/IT incident involving email, indicating unauthorized access to email content (and potentially attachments) that contained patient-related information. While public reporting did not enumerate every exposed field, the confirmed impact is unauthorized access via email compromise with resultant exposure risk to individuals whose information was present in the affected mailbox(es).

QualDerm December 23, 2025 • [ data breach, data leak, unauthorized access ] SecurityWeek reported that QualDerm Partners is notifying more than 3.1 million people of a December 2025 breach discovered on Dec. 24, 2025. QualDerm said attackers had unauthorized access to its network for two days and exfiltrated data from a limited number of compromised systems. Stolen data included personal identifiers and health/insurance information such as names, addresses, dates of birth, email addresses, medical record numbers, doctor names, treatment/diagnosis information, health insurance information, dates of death, and in some cases government-issued ID information. QualDerm said its investigation is ongoing and it notified law enforcement and regulators.

Singing River Health System December 21, 2025 • [ unauthorized access, data breach, patient information ] Singing River Health System discovered that an unauthorized party gained access to its computer network between December 19 and December 21, 2025. On February 10, 2026, SRHS learned that the unauthorized party had accessed files containing patient information, and on May 19, 2026 it began mailing notices to affected patients. SRHS also temporarily shut down select systems, including internet access and MyChart, as a defensive containment measure; public reporting did not confirm attacker-caused encryption or destructive disruption.

Stockton Cardiology Medical Group December 15, 2025 • [ unauthorized access, data leak, extortion ] Stockton Cardiology Medical Group disclosed that an unauthorized individual accessed and removed files from its systems in December 2025, and some of the files were later publicly disclosed; outside reporting tied the incident to a Genesis extortion claim.

Search Results (healthcare)