Stockton Cardiology Medical Group
December 15, 2025
•[ unauthorized access, data leak, extortion ]
Stockton Cardiology Medical Group disclosed that an unauthorized individual accessed and removed files from its systems in December 2025, and some of the files were later publicly disclosed; outside reporting tied the incident to a Genesis extortion claim.
Southern Illinois Dermatology
November 28, 2025
•[ unauthorized access, protected health information, PHI ]
Southern Illinois Dermatology discovered unauthorized access to its network on November 28, 2025, resulting in the exposure of personal and protected health information of approximately 160,312 individuals.
Advanced Family Surgery Center (AFSC)
November 26, 2025
•[ data leak, healthcare, protected health information ]
Threat actors identifying as Genesis claimed they compromised Advanced Family Surgery Center (AFSC) in Oak Ridge, Tennessee, and later added the organization to their leak site, asserting that about 100 GB of data had been exfiltrated from company file servers. The reported dataset included healthcare data, personal data, financial data, user folders, and operational files. The reporting outlet reviewed sample files and indicated they contained protected health information such as patient names, dates of birth, full Social Security numbers, dates of service, physician details, and insurance information. At the time of reporting, no official public notification by the provider had been located.
Mid South Pulmonary & Sleep Specialists (MSPS)
November 17, 2025
•[ ransomware, data leak, data breach ]
Reporting on Anubis RaaS described a severe ransomware incident affecting Mid South Pulmonary & Sleep Specialists (MSPS) in Tennessee. The threat actor claimed initial access on Nov. 10, 2025, spent about a week conducting internal reconnaissance and data theft, then paralyzed the organizations network in a single night. The group claimed to have encrypted MSPSs Nutanix systems and used a wiper to delete backups, leaving MSPS unable to restore systems; the actor also claimed exfiltration of roughly 860 GB and leakage of hundreds of gigabytes containing administrative records, insurance billing files, and extensive PII/PHI. MSPS had not publicly confirmed details in the reporting, but the described impacts suggest prolonged disruption and exposure of sensitive medical data.
Central Ozarks Medical Center
November 10, 2025
•[ cyberattack, unauthorized access, data breach ]
Patients and individuals had their sensitive personal and health information exposed in a criminal cyberattack on Central Ozarks Medical Center. The breach involved unauthorized access to systems and resulted in the compromise of names, dates of birth, Social Security numbers, financial account details, medical treatment records, and health insurance information, according to investigation notices.
Weda (Medical Software)
November 10, 2025
•[ cyberattack, denial of service, healthcare ]
On November 10, 2025, Weda medical software used by general practitioners across France experienced a major cyberattack that rendered the system inaccessible. Physicians were unable to view or transmit patient medical records for several days. Service resumed only in degraded mode on November 14. No evidence of data encryption or exfiltration has been reported.
Legacy Health, LLC
October 24, 2025
•[ data leak, healthcare ]
Legacy Health LLC, a Dallas-based healthcare revenue cycle management company, disclosed that it experienced a data breach affecting 4,031 Texas residents. According to breach notices and law firm investigations, an Undetermined actor accessed data used in medical billing and revenue cycle services, exposing sensitive personal and protected health information. Compromised data includes individuals' names, medical information and health insurance details, increasing the risk of medical identity theft and insurance fraud for affected patients. Legacy Health mailed notification letters on October 24, 2025 and reports that it has taken steps to secure its systems and strengthen cybersecurity controls.
ModMed (Modernizing Medicine)
October 24, 2025
•[ data leak, healthcare, third-party breach ]
Modernizing Medicine (ModMed) said it discovered unauthorized activity on July 29, 2025, and confirmed that attackers had accessed and exfiltrated data from servers hosting podiatry-client EHR information between July 910. Exposed fields include full names, addresses, DOB, SSNs, contact details, health insurance info, medical record and patient account numbers, dates of service, providers/practices, billing/diagnostic codes, prescription/medication data, and diagnosis/treatment information; providers were notified on September 19 and patients on October 17. Days later, a seller advertised a partial EHR database (1,0001,500 podiatry patient records) on a breach forum/Telegram, indicating financially motivated data trafficking, though ModMed has not confirmed a second intrusion. Overall impact: large-scale PHI exposure from vendor-hosted servers, with evidence of downstream data sale attempts.
Heywood Hospital and Athol Hospital
October 15, 2025
•[ cybersecurity, healthcare, outage ]
Hospitals reported cybersecurity incident causing outages and Code Black ambulance diversion
North Texas Behavioral Health Authority
October 13, 2025
•[ network intrusion, data exfiltration, Social Security numbers ]
North Texas Behavioral Health Authority detected a network intrusion in October 2025; investigators found that unauthorized individuals accessed and exfiltrated files containing personal information, including Social Security numbers, affecting 285,000 individuals.
CPAP Medical Supplies and Services, Inc.
October 8, 2025
•[ data leak, healthcare, government ]
Data breach affecting ~90,000 military members, veterans and families exposed SSNs and medical details.
Assaf Harofeh Medical Center
October 1, 2025
•[ extortion, data leak, healthcare ]
Hospital hit during Yom Kippur; extortion demand ~$700,000; brief outage of shared records system reported; authorities probing possible data leak.
Cancer patient in charity livestream
September 25, 2025
•[ financial, malware, healthcare ]
A serious accusation in Argentina alleged that influencer Valentn scammed a cancer patient during a charity livestream using a video game called BlockBlasters, which contained hidden malware that stole cryptocurrency from the victims wallet.
Vitas Hospice
September 21, 2025
•[ data leak, third-party breach, healthcare ]
Vitas Hospice Services (Vitas Healthcare) detected a cybersecurity intrusion on 10/24/2025. According to the organizations breach notice and subsequent reporting, the threat actor gained access to certain Vitas systems by using a compromised third-party vendor account. The unauthorized access persisted from approximately 09/21/2025 through 10/27/2025, and the attacker downloaded files containing personal information of current and former patients. Exposed data elements included identifiers (name, address, phone number, date of birth), government identifiers (drivers license number and Social Security number), and protected health information such as medical and insurance details, plus next-of-kin contact information. Government breach tracking and reporting indicated 319,177 individuals were affected. Vitas stated it took steps to secure systems, investigate, and notify impacted individuals, though the specific malware or group responsible was not publicly identified.
Veradigm Inc.
September 17, 2025
•[ financial, healthcare ]
Veradigm reported on September 26 2025 that it detected unauthorized access to portions of its network on September 17 2025. Investigators determined that data on roughly 1.1 million individuals was accessed, but no encryption, ransom demand, or operational disruption occurred. The actor has not been identified and the intrusion appears financially motivated.
Friendlies Society Dispensary
September 15, 2025
•[ ransomware, malware, healthcare ]
A ransomware attack occurred in September 2025 against the Friendlies Society Dispensary in Toowoomba, Queensland. The pharmacys systems were encrypted, disrupting services for several days. Management reported uncertainty about what data was accessed. The incident was publicly reported on October 1, 2025, by ABC News.
Maida.health (Brazil)
September 15, 2025
•[ leak, healthcare ]
Threat actors reportedly exfiltrated approximately 2 TB of sensitive data from Maida.health, a Brazilian health-technology firm providing services for the Military Police and their families. Stolen data allegedly include medical records, ID documents, and administrative files. No encryption or ransomware activity was reported, and the responsible actor has not been identified.
Cook County Public Health & Human Services
September 11, 2025
•[ insider, healthcare ]
PHHS reported an insider breach in which a now-terminated employee accessed social-services records without authorization; county issued notices and will mail letters to affected individuals; questions directed to county administrator.
Scarva Street Surgery
September 3, 2025
•[ hack, healthcare ]
The PSNI have confirmed they have launched an investigation into a theft at a practice which took place on 20 June.
