Operation PAR, Inc.
June 10, 2025
•[ ransomware, leak, healthcare ]
On June 10, 2025, Operation PAR, Inc., a Florida nonprofit providing addiction and mental health services, was hit by the Worldleaks ransomware group. The attacker exfiltrated around 485 GB of datanearly 900,000 files containing sensitive PII and PHIand later posted it on a dark-web leak site. No encryption or service disruption was confirmed.
Precision Endodontics of Raleigh
June 10, 2025
•[ hack, healthcare ]
Precision Endodontics discovered unauthorized access to an email account on June 10, 2025. The breach exposed patient names and email addresses, and for some individuals, patient portal usernames and passwords. No misuse has been identified. The incident was reported to HHS-OTCR on August 5 and security improvements have been implemented.
Omnicuris
June 8, 2025
•[ leak, healthcare ]
In June 2025, the Indian CME platform Omnicuris suffered a data breach that exposed approximately 200k records of healthcare professionals. The data included names, email addresses, phone numbers, geographic locations and other data attributes relating to professional expertise and training progress. Omnicuris is aware of the incident.
Highlands Oncology Group
June 2, 2025
•[ ransomware, healthcare ]
Highlands Oncology Group notifies 113,575 people after ransomware attack by Medusa
West Texas Oral Facial Surgery
May 29, 2025
•[ hack, ransomware, leak ]
West Texas Oral Facial Surgery suffered a cyberattack beginning May 29, 2025, when INC RANSOM gained unauthorized access to its systems. Patient files including names, imaging data, and treatment reasons were exfiltrated, but no encryption of systems was reported. SSNs, financial information, and the electronic medical records system were not affected. The breach impacted over 11,000 individuals and was reported to HHS-OCR on August 2 and to the Texas Attorney General on August 4.
ApolloMD (Business Associate to 11 Physician Practices)
May 22, 2025
•[ ransomware, malware, healthcare ]
ApolloMD confirmed unauthorized access to its network on May 2223 2025 affecting 11 affiliated physician practices. The Qilin ransomware group claimed to have stolen approximately 238 GB of data, including patient and insurance information. ApolloMD did not confirm encryption or ransom payment.
Doctors Hospital at Renaissance, Ltd. (DHR Health)
May 15, 2025
•[ data leak, healthcare ]
Doctors Hospital at Renaissance (DHR Health) notified the U.S. Department of Health & Human Services that it had experienced a data breach impacting sensitive personal and protected health information. An unauthorized party accessed systems storing patient records, potentially exposing names, Social Security numbers, clinical details, and insurance data for an undisclosed number of individuals. The hospital has since notified the Texas Attorney General and begun mailing breach letters, while law firm investigators explore potential compensation claims for patients whose information may be at heightened risk of identity theft and medical fraud.
PDI Health
May 14, 2025
•[ ransomware, leak, malware ]
On May 14, 2025, PDI Health discovered a cyberattack when the Everest ransomware group infiltrated its internal systems and exfiltrated sensitive patient records. The group leaked samples and claimed responsibility on the dark web, revealing more than 373,000 records stolen. No evidence of encryption or service disruption was confirmed.
Anchorage Neighborhood Health Center
May 9, 2025
•[ leak, healthcare ]
Anonymous group claims theft of ANHC patient records (10k, later 60k); FBI aware; at least one patient contacted with personal data. ANHC initiated investigation and took systems offline; scope/details pending.
Integrated Orthopedics of Arizona
April 7, 2025
•[ healthcare ]
The practice first detected unauthorized activity on April 7, 2025, and began notifying affected patients and regulators on August 11.
Fundamental Administrative Services, LLC
March 21, 2025
•[ hack, healthcare ]
On March 21, 2025, Fundamental Administrative Services, a healthcare management company based in Maryland, confirmed a data breach after discovering unauthorized access. Sensitive PII and PHI belonging to 56,235 patients was stolen, including SSNs, medical, and insurance data. No encryption or service disruption was reported.
Central Maine Healthcare
March 19, 2025
•[ hack, healthcare ]
An unauthorized actor accessed Central Maine Healthcares IT environment between March 19 and June 1, 2025, compromising sensitive patient data; systems were secured immediately and patient notifications began in late July 2025
Central Texas Pediatric Orthopedics
March 10, 2025
•[ data leak, healthcare ]
Austin pediatric orthopedics notified breach impacting ninety thousand patient records.
Szpital MSWiA (Ministry of Interior Hospital) Kraków
March 8, 2025
•[ ransomware, malware, healthcare ]
Cyberattack on the Ministry of Interior hospital in Krakw encrypted administrative and medical IT systems, fully paralyzing patient care and access to records. Hospital departments began restoring systems by March 11, indicating ~3 days of disruption. No data exfiltration or perpetrator identified.
Yale New Haven Health
March 8, 2025
•[ data leak, healthcare ]
YNHHS reported that an unauthorized third party accessed its network and on March 8 2025 obtained copies of certain patient data. The health system disclosed the breach publicly on April 24 2025, stating 5.5M+ patients were affected. Data types vary by individual and may include demographics, patient type, medical record number, and in some cases Social Security numbers. No encryption or operational shutdown was reported.
Central New York Cardiology
February 27, 2025
•[ data leak, healthcare ]
Practice reported a data breach impacting extensive patient PHI/PII per public notice.
DermCare Management (practice management company)
February 26, 2025
•[ hack, healthcare ]
Attack identified Feb 26, 2025; investigation confirmed Mar 3 that patient data may have been copied from DermCares network. At least 10 affiliated dermatology practices (mainly FL, plus TX) issued substitute notices; totals still being determined.
Oracle Health
February 20, 2025
•[ data leak, compromised credentials, healthcare ]
A breach at Oracle Health (formerly Cerner) exposed patient data from legacy EHR migration servers after attackers used compromised customer credentials to access and copy records. The incident, which began after January 22, 2025, was discovered on February 20, 2025. Impacted hospitals have been notified and face potential HIPAA obligations; Oracle has offered support but has not publicly acknowledged the full scope of the breach.
Goshen Medical Center
February 15, 2025
•[ ransomware, leak, malware ]
BianLian-attributed intrusion at Goshen Medical Center; files accessed on 02/15/2025, detected 03/04/2025; 456,385 affected with PHI/PII including SSNs and DL numbers; listed on BianLians leak site in March; no outage confirmed.
Vital Imaging Medical Diagnostic Centers
February 13, 2025
•[ hack, healthcare ]
A hacking incident on 13 Feb 2025 led to unauthorized access to Vital Imagings network, exposing sensitive personal and medical information of approximately 260,000 individuals. Notifications were sent in August 2025, and legal investigations are active.
