Visionworks
January 1, 2025
•[ leak, healthcare ]
The federal suit, which seeks class-action status, alleges a data breach exposed 40,000 customers' private data.
Middlesex Sheriff's Office
January 1, 2025
•[ data breach, protected health information, HIPAA ]
The Middlesex Sheriffs Office reported that a security breach occurred in January 2025 and that a comprehensive investigation (with state/federal law enforcement and private cybersecurity vendors) determined on November 19, 2025 that the incident involved unauthorized access to protected health information. The exposed PHI may have included names, home addresses, dates of birth, diagnoses, and other general health information related to individuals who may have received medical care through the Sheriffs Office. Public reporting indicated the breach represented a HIPAA-related incident; the organization did not specify the number of affected individuals in the public notice and did not disclose the initial access vector or whether any data was exfiltrated beyond unauthorized viewing/access.
Jupiter Medical Center (via third party health records vendor)
January 1, 2025
•[ data breach, healthcare, third party risk ]
Jupiter Medical Center issued a warning/notice describing a data breach tied to a data security incident dating back to January 2025. The report indicates the healthcare organization investigated the incident and proceeded with notification and remediation steps in 2026. Because the accessible source context here does not provide a clear affected-individual count or a detailed breakdown of data elements, the customer-data fields are coded as undetermined.
The Children’s Center of Hamden
December 28, 2024
•[ hack, healthcare ]
The Childrens Center of Hamden reported a December 2024 data-security incident in which an unauthorized actor acquired files from its systems, exposing PII/PHI for ~5.2k clients and staff; investigation ended June 29, 2025; notifications began Aug 12, 2025; credit monitoring offered.
Denton County MHMR Center (My Health, My Resources)
December 24, 2024
•[ data leak, healthcare ]
Denton County MHMR Center disclosed unauthorized access to its network occurring between December 24 and December 25, 2024. A forensic investigation determined that patient protected health information was accessed. The organization notified affected individuals and regulators in 2025; no attacker-caused operational disruption was publicly reported.
Sturgis Hospital
December 18, 2024
•[ hack, healthcare ]
Sturgis Hospital reported that unauthorized access was detected in part of its network in December 2024. The hospital determined that files containing personal and medical data may have been viewed or copied. No encryption or operational disruption was reported.
Kaiser Permanente employees
December 15, 2024
•[ social, malware, healthcare ]
Researchers at Malwarebytes detect a malicious campaign targeting Kaiser Permanente employees via Google Search Ads.
Ottawa Family Physicians
December 10, 2024
•[ data leak, unencrypted data, healthcare ]
Between December 1015, 2024, an unauthorized actor accessed Ottawa Family Physicians systems and exfiltrated patient data from an internal server. The EMR database was not affected. Data types included personal identifiers, financial, and health information. No encryption was used, and no operational disruption occurred. The incident was reported to HHS on February 13, 2025.
Watsonville Community Hospital
December 4, 2024
•[ hack, healthcare ]
Watsonville Community Hospital continues operations amid ongoing investigation into a cyberattack.
Hamilton County Healthcare System
December 4, 2024
•[ data leak, healthcare, PII ]
Unauthorized actor breached Hamilton County Healthcare System servers in Dec 2024, stealing tens of thousands of patient records; breach verified through Maine AG notification and HIPAA disclosure.
PIH Health
December 1, 2024
•[ ransomware, malware, healthcare ]
Threat actors claim they stole 17 million patient records from PIH Health, a southern California regional healthcare provider that is still struggling with IT and phone systems outages that have been disrupting patient care since the organization was hit by a ransomware attack on Dec. 1.
Alder Hey Children’s Hospital
November 28, 2024
•[ ransomware, malware, healthcare ]
Alder Hey Childrens Hospital says it is investigating claims that its systems may have been breached and that patient records and other information was stolen, after the ransomware group INC Ransom adds Alder Hey to its leak site.
American Heart of Poland
November 28, 2024
•[ hack, healthcare ]
American Heart of Poland receives a fine of 330,000, after suffering a hacking incident.
Alder Hey Children’s Hospital
November 28, 2024
•[ ransomware, data leak, healthcare ]
Alder Hey Childrens Hospital says it is investigating claims that its systems may have been breached and that patient records and other information was stolen, after the ransomware group INC Ransom adds Alder Hey to its leak site.
Wirral University Teaching Hospital
November 25, 2024
•[ hack, healthcare ]
Major UK healthcare provider Wirral University Teaching Hospital (WUTH), part of the NHS Foundation Trust, suffers a cyberattack that causes a systems outage leading to postponing appointments and scheduled procedures.
Northwest Asthma & Allergy Center
November 12, 2024
•[ hack, phishing, healthcare ]
An unauthorized party accessed an employees email account on November 12, 2024, compromising sensitive patient data at Northwest Asthma & Allergy Center. The breach was discovered and contained by November 13. At least ~1,000 patients were notified by January 2, 2025, and the incident was reported to HHS OCR. Investigation did not find evidence of exfiltration beyond what was accessible via the compromised mailbox.
Guardian Healthcare
November 8, 2024
•[ ransomware, malware, healthcare ]
Guardian Healthcare is the victim of a Stormous ransomware attack. The threat actors leaked 3 GB of files, many of which contain protected health information (PHI) of patients.
Georgia Urology
October 25, 2024
•[ email compromise, healthcare, data leak ]
Georgia Urology disclosed unauthorized access to two employee Microsoft 365 email accounts that exposed patient PII/PHI; notification letters began March 27 2025.
DoctorsToYou
October 16, 2024
•[ ransomware, malware, healthcare ]
The RansomHub ransomware group adds a listing for DoctorsToYou in New York to their leak site. After they realize the organization is non-profit, they claim to return the data and provide a decryptor.
Central Kentucky Radiology
October 16, 2024
•[ data leak, healthcare, PII ]
Unauthorized actor accessed CKRs network Oct 1618 2024 and copied files; ~167k people impacted; notifications issued mid-June 2025; data stolen from Lexington-based servers; no encryption or operational shutdown confirmed.
