Teton Orthopaedics
January 12, 2025
•[ ransomware, malware, healthcare ]
Teton Orthopaedics discloses a DragonForce ransomware attack. A total of 13,409 people are affected by the incident.
Ungava Tulattavik Health Centre (UTHC)
January 11, 2025
•[ cyberattack, data leak, healthcare ]
Ungava Tulattavik Health Center in Kuujjuaq (Nunavik, Quebec) disclosed it was the victim of a cyberattack in November 2025. The centre said the attack was blocked upon detection, but warned that files containing clinical and administrative information related to some people who use the health centre and some employees may have been stolen. The centre established a crisis unit, deployed enhanced surveillance/security tools, and worked with the Sret du Qubec, the Nunavik Regional Board of Health and Social Services, and Sant Qubecs Cyber Defence Operational Centre during the investigation. Officials advised users and employees to monitor bank accounts and watch for suspicious emails or calls while the incident response and review continued.
Lifebridge Health
January 10, 2025
•[ hack, phishing, healthcare ]
LifeBridge Health sent letters to patients and families about an email phishing incident that was discovered on Nov. 12.
Excelsior Orthopaedics
January 7, 2025
•[ ransomware, malware, healthcare ]
Excelsior Orthopaedics notifies approximately 357,000 people that their personal and health information was compromised in a data breach resulting from a ransomware attack that came to light in June 2024.
Stroboertje Food Bank
January 4, 2025
•[ financial, phishing, healthcare ]
Voedselbank Stroboertje in Merksem, een van de grootste voedselbanken van Antwerpen, is slachtoffer geworden van phishing. De organisatie zag inmiddels al meer dan 20.000 euro van hun rekening verdwijnen en zit met de handen in het haar. Ik denk zelfs dat we ons personeel niet gaan kunnen betalen, we gaan mensen moeten ontslaan deze maand.
Community Health Center (CHC)
January 2, 2025
•[ leak, healthcare ]
Community Health Center (CHC), a leading Connecticut healthcare provider, notifies over 1 million patients of a data breach that impacted their personal and health data.
Health Service Executive (HSE) – primary care services, Midlands (third-party processor)
January 2, 2025
•[ ransomware, third-party processor, data protection breach ]
DataBreaches summarized reporting that the Irish Health Service Executive confirmed a second ransomware attack occurred in February 2025, targeting a third-party processor and resulting in a data protection breach reported by HSE primary care services in the Midlands. The HSE stated there was no evidence that patients data was stolen in the incident, and the brief report did not describe prolonged operational disruption or specify what systems were encrypted. Based on the confirmation of a ransomware incident affecting a processor, this is coded as a disruptive event with limited publicly available detail on scope and duration.
MedSave Health Insurance
January 1, 2025
•[ leak, healthcare ]
A threat actor with the Moniker 0mid16B claims to have breached MedSave Health Insurance TPA Ltd (MedSave), stealing 561 gigabytes of databases, containing data of 10,617,943 people.
Visionworks
January 1, 2025
•[ leak, healthcare ]
The federal suit, which seeks class-action status, alleges a data breach exposed 40,000 customers' private data.
Middlesex Sheriff's Office
January 1, 2025
•[ data breach, protected health information, HIPAA ]
The Middlesex Sheriffs Office reported that a security breach occurred in January 2025 and that a comprehensive investigation (with state/federal law enforcement and private cybersecurity vendors) determined on November 19, 2025 that the incident involved unauthorized access to protected health information. The exposed PHI may have included names, home addresses, dates of birth, diagnoses, and other general health information related to individuals who may have received medical care through the Sheriffs Office. Public reporting indicated the breach represented a HIPAA-related incident; the organization did not specify the number of affected individuals in the public notice and did not disclose the initial access vector or whether any data was exfiltrated beyond unauthorized viewing/access.
Jupiter Medical Center (via third party health records vendor)
January 1, 2025
•[ data breach, healthcare, third party risk ]
Jupiter Medical Center issued a warning/notice describing a data breach tied to a data security incident dating back to January 2025. The report indicates the healthcare organization investigated the incident and proceeded with notification and remediation steps in 2026. Because the accessible source context here does not provide a clear affected-individual count or a detailed breakdown of data elements, the customer-data fields are coded as undetermined.
The Children’s Center of Hamden
December 28, 2024
•[ hack, healthcare ]
The Childrens Center of Hamden reported a December 2024 data-security incident in which an unauthorized actor acquired files from its systems, exposing PII/PHI for ~5.2k clients and staff; investigation ended June 29, 2025; notifications began Aug 12, 2025; credit monitoring offered.
Denton County MHMR Center (My Health, My Resources)
December 24, 2024
•[ data leak, healthcare ]
Denton County MHMR Center disclosed unauthorized access to its network occurring between December 24 and December 25, 2024. A forensic investigation determined that patient protected health information was accessed. The organization notified affected individuals and regulators in 2025; no attacker-caused operational disruption was publicly reported.
Sturgis Hospital
December 18, 2024
•[ hack, healthcare ]
Sturgis Hospital reported that unauthorized access was detected in part of its network in December 2024. The hospital determined that files containing personal and medical data may have been viewed or copied. No encryption or operational disruption was reported.
Kaiser Permanente employees
December 15, 2024
•[ social, malware, healthcare ]
Researchers at Malwarebytes detect a malicious campaign targeting Kaiser Permanente employees via Google Search Ads.
Ottawa Family Physicians
December 10, 2024
•[ data leak, unencrypted data, healthcare ]
Between December 1015, 2024, an unauthorized actor accessed Ottawa Family Physicians systems and exfiltrated patient data from an internal server. The EMR database was not affected. Data types included personal identifiers, financial, and health information. No encryption was used, and no operational disruption occurred. The incident was reported to HHS on February 13, 2025.
Watsonville Community Hospital
December 4, 2024
•[ hack, healthcare ]
Watsonville Community Hospital continues operations amid ongoing investigation into a cyberattack.
Hamilton County Healthcare System
December 4, 2024
•[ data leak, healthcare, PII ]
Unauthorized actor breached Hamilton County Healthcare System servers in Dec 2024, stealing tens of thousands of patient records; breach verified through Maine AG notification and HIPAA disclosure.
PIH Health
December 1, 2024
•[ ransomware, malware, healthcare ]
Threat actors claim they stole 17 million patient records from PIH Health, a southern California regional healthcare provider that is still struggling with IT and phone systems outages that have been disrupting patient care since the organization was hit by a ransomware attack on Dec. 1.
Alder Hey Children’s Hospital
November 28, 2024
•[ ransomware, malware, healthcare ]
Alder Hey Childrens Hospital says it is investigating claims that its systems may have been breached and that patient records and other information was stolen, after the ransomware group INC Ransom adds Alder Hey to its leak site.
