Delta County Memorial Hospital
January 31, 2025
•[ hack, healthcare ]
Non-profit hospital district Delta County Memorial Hospital informs that threat actors had compromised the personal information of 148,363 people in a May 2024 cyberattack.
Miracle Ear (Health Services LLC)
January 28, 2025
•[ hack, healthcare ]
Unauthorized access from Jan 228, 2025 allowed cybercriminals to view and potentially exfiltrate sensitive personal and health data of at least 13,088 individuals. No service disruption reported and no encryption involved. Regulatory notifications occurred August 12, 2025.
Frederick Health Medical Group
January 27, 2025
•[ ransomware, malware, healthcare ]
Frederick Health Medical Group warns that there will be delays in service as it is hit by a ransomware attack.
New York Blood Center (NYBC)
January 26, 2025
•[ ransomware, malware, healthcare ]
The New York Blood Center (NYBC), one of the world's largest independent blood collection and distribution organizations, says a Sunday ransomware attack forced it to reschedule some appointments.
HCF Management
January 24, 2025
•[ ransomware, malware, healthcare ]
HCF Management healthcare facilities confirm a ransomware attack from the RansomHun group, with more than 70,000 patients affected.
Hospital El Cruce
January 24, 2025
•[ ransomware, malware, healthcare ]
The Hospital El Cruce is hit with a Medusa ransomware attack.
Northwest Radiologists / Mount Baker Imaging
January 20, 2025
•[ hack, leak, healthcare ]
Northwest Radiologists (Mount Baker Imaging) discovered a network intrusion on January 25, 2025, with malicious activity beginning around January 20 that exposed patient data from its systems. The breach compromised PII/PHIincluding names, contact details, dates of birth, SSNs, drivers license/ID numbers, treatment/diagnosis information, medical record and insurance detailsimpacting about 348,118 Washington residents; no ransomware claim or operational disruption was confirmed.
Medical Associates of Brevard
January 18, 2025
•[ ransomware, malware, healthcare ]
{"richText":[{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"BianLian claimed MAB in Jan 2025; MABs review (by 07/07/2025) identified affected individuals and data types; HHS breach portal lists "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"246,711"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":" affected in a "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"Hacking/IT Network Server"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":" incident reported "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"09/05/2025"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"; no outage confirmed."}]}
Allegheny Health Network (AHN)
January 17, 2025
•[ hack, healthcare ]
Allegheny Health Network discloses that an "unauthorized user" hacked its IT vendor IntraSystems.
Heart Centre
January 16, 2025
•[ ransomware, malware, healthcare ]
Heart Centre in Australia is hit with a DragonForce ransomware attack.
International AIDS Vaccine Initiative (IAVI)
January 15, 2025
•[ ransomware, malware, healthcare ]
The International AIDS Vaccine Initiative (IAVI) discloses a ransomware attack. The INC Ransom group claims responsibility.
Hue Central Hospital – On-Demand and International Treatment Center
January 15, 2025
•[ ransomware, encryption, healthcare ]
In January 2025 the hospital information system of Hue Central Hospitals On-Demand and International Treatment Center was compromised, with around 500 GB of data encrypted and a ransom demanded for decryption; no public evidence of data exfiltration has been reported.
Teton Orthopaedics
January 12, 2025
•[ ransomware, malware, healthcare ]
Teton Orthopaedics discloses a DragonForce ransomware attack. A total of 13,409 people are affected by the incident.
Ungava Tulattavik Health Centre (UTHC)
January 11, 2025
•[ cyberattack, data leak, healthcare ]
Ungava Tulattavik Health Center in Kuujjuaq (Nunavik, Quebec) disclosed it was the victim of a cyberattack in November 2025. The centre said the attack was blocked upon detection, but warned that files containing clinical and administrative information related to some people who use the health centre and some employees may have been stolen. The centre established a crisis unit, deployed enhanced surveillance/security tools, and worked with the Sret du Qubec, the Nunavik Regional Board of Health and Social Services, and Sant Qubecs Cyber Defence Operational Centre during the investigation. Officials advised users and employees to monitor bank accounts and watch for suspicious emails or calls while the incident response and review continued.
Lifebridge Health
January 10, 2025
•[ hack, phishing, healthcare ]
LifeBridge Health sent letters to patients and families about an email phishing incident that was discovered on Nov. 12.
Excelsior Orthopaedics
January 7, 2025
•[ ransomware, malware, healthcare ]
Excelsior Orthopaedics notifies approximately 357,000 people that their personal and health information was compromised in a data breach resulting from a ransomware attack that came to light in June 2024.
Stroboertje Food Bank
January 4, 2025
•[ financial, phishing, healthcare ]
Voedselbank Stroboertje in Merksem, een van de grootste voedselbanken van Antwerpen, is slachtoffer geworden van phishing. De organisatie zag inmiddels al meer dan 20.000 euro van hun rekening verdwijnen en zit met de handen in het haar. Ik denk zelfs dat we ons personeel niet gaan kunnen betalen, we gaan mensen moeten ontslaan deze maand.
Community Health Center (CHC)
January 2, 2025
•[ leak, healthcare ]
Community Health Center (CHC), a leading Connecticut healthcare provider, notifies over 1 million patients of a data breach that impacted their personal and health data.
Health Service Executive (HSE) – primary care services, Midlands (third-party processor)
January 2, 2025
•[ ransomware, third-party processor, data protection breach ]
DataBreaches summarized reporting that the Irish Health Service Executive confirmed a second ransomware attack occurred in February 2025, targeting a third-party processor and resulting in a data protection breach reported by HSE primary care services in the Midlands. The HSE stated there was no evidence that patients data was stolen in the incident, and the brief report did not describe prolonged operational disruption or specify what systems were encrypted. Based on the confirmation of a ransomware incident affecting a processor, this is coded as a disruptive event with limited publicly available detail on scope and duration.
MedSave Health Insurance
January 1, 2025
•[ leak, healthcare ]
A threat actor with the Moniker 0mid16B claims to have breached MedSave Health Insurance TPA Ltd (MedSave), stealing 561 gigabytes of databases, containing data of 10,617,943 people.
