Anchorage Neighborhood Health Center
May 9, 2025
•[ leak, healthcare ]
Anonymous group claims theft of ANHC patient records (10k, later 60k); FBI aware; at least one patient contacted with personal data. ANHC initiated investigation and took systems offline; scope/details pending.
Ontario Health atHome
April 13, 2025
•[ ransomware, data exfiltration, healthcare ]
Ontario Medical Supply (OMS), a vendor supporting Ontario Health atHomes home care supply operations, experienced a ransomware incident in 2025. Reporting described earliest observed access on March 17, 2025, followed by ransomware payload execution on April 13, 2025, after which OMS systems failed and the organization was locked out of a significant portion of servers. Internal reporting referenced impacts to roughly 200,000 patients and indicated breached data included names, contact information, and medical supplies/equipment ordered. OMS later stated only a limited amount of incomplete data was exfiltrated and said it found no evidence of misuse at the time of its statement.
Integrated Orthopedics of Arizona
April 7, 2025
•[ healthcare ]
The practice first detected unauthorized activity on April 7, 2025, and began notifying affected patients and regulators on August 11.
Fundamental Administrative Services, LLC
March 21, 2025
•[ hack, healthcare ]
On March 21, 2025, Fundamental Administrative Services, a healthcare management company based in Maryland, confirmed a data breach after discovering unauthorized access. Sensitive PII and PHI belonging to 56,235 patients was stolen, including SSNs, medical, and insurance data. No encryption or service disruption was reported.
Coastal Carolina Health Care
March 21, 2025
•[ unauthorized access, data breach, Social Security numbers ]
Coastal Carolina Health Care identified suspicious activity that disrupted access to some systems and later determined that an unauthorized actor accessed and acquired information from its network between March 21 and March 27, 2025. The exposed information included names and Social Security numbers for approximately 110,000 individuals.
Central Maine Healthcare
March 19, 2025
•[ hack, healthcare ]
An unauthorized actor accessed Central Maine Healthcares IT environment between March 19 and June 1, 2025, compromising sensitive patient data; systems were secured immediately and patient notifications began in late July 2025
Central Texas Pediatric Orthopedics
March 10, 2025
•[ data leak, healthcare ]
Austin pediatric orthopedics notified breach impacting ninety thousand patient records.
Yale New Haven Health
March 8, 2025
•[ data leak, healthcare ]
YNHHS reported that an unauthorized third party accessed its network and on March 8 2025 obtained copies of certain patient data. The health system disclosed the breach publicly on April 24 2025, stating 5.5M+ patients were affected. Data types vary by individual and may include demographics, patient type, medical record number, and in some cases Social Security numbers. No encryption or operational shutdown was reported.
Szpital MSWiA (Ministry of Interior Hospital) Kraków
March 8, 2025
•[ ransomware, malware, healthcare ]
Cyberattack on the Ministry of Interior hospital in Krakw encrypted administrative and medical IT systems, fully paralyzing patient care and access to records. Hospital departments began restoring systems by March 11, indicating ~3 days of disruption. No data exfiltration or perpetrator identified.
Szpital MSWiA (Ministry of Interior Hospital) Kraków
March 8, 2025
•[ ransomware, cyberattack, healthcare ]
Cyberattack on the Ministry of Interior hospital in Krakw encrypted administrative and medical IT systems, fully paralyzing patient care and access to records. Hospital departments began restoring systems by March 11, indicating ~3 days of disruption. No data exfiltration or perpetrator identified.
Central New York Cardiology
February 27, 2025
•[ data leak, healthcare ]
Practice reported a data breach impacting extensive patient PHI/PII per public notice.
DermCare Management (practice management company)
February 26, 2025
•[ hack, healthcare ]
Attack identified Feb 26, 2025; investigation confirmed Mar 3 that patient data may have been copied from DermCares network. At least 10 affiliated dermatology practices (mainly FL, plus TX) issued substitute notices; totals still being determined.
Oracle Health
February 20, 2025
•[ data leak, compromised credentials, healthcare ]
A breach at Oracle Health (formerly Cerner) exposed patient data from legacy EHR migration servers after attackers used compromised customer credentials to access and copy records. The incident, which began after January 22, 2025, was discovered on February 20, 2025. Impacted hospitals have been notified and face potential HIPAA obligations; Oracle has offered support but has not publicly acknowledged the full scope of the breach.
Goshen Medical Center
February 15, 2025
•[ ransomware, leak, malware ]
BianLian-attributed intrusion at Goshen Medical Center; files accessed on 02/15/2025, detected 03/04/2025; 456,385 affected with PHI/PII including SSNs and DL numbers; listed on BianLians leak site in March; no outage confirmed.
Bell Ambulance
February 13, 2025
•[ ransomware, data leak, healthcare ]
Bell Ambulance detected a network intrusion on Feb 13, 2025. Medusa ransomware claimed responsibility and data theft; HHS/state filings list ~114,000 impacted.
Vital Imaging Medical Diagnostic Centers
February 13, 2025
•[ hack, healthcare ]
A hacking incident on 13 Feb 2025 led to unauthorized access to Vital Imagings network, exposing sensitive personal and medical information of approximately 260,000 individuals. Notifications were sent in August 2025, and legal investigations are active.
Cistec
February 12, 2025
•[ ransomware, healthcare ]
Swiss healthcare software vendor reported ransomware; internal systems shut down; rebuilding underway.
St. Anthony Hospital (Chicago)
February 6, 2025
•[ data leak, healthcare, unauthorized access ]
St. Anthony Hospital in Chicago reported that on February 6, 2025 it discovered a data breach involving a small number of employee email accounts that had been accessed by an unauthorized actor. The compromised mailboxes contained personal and medical information such as names, addresses, dates of birth, Social Security numbers, medical record and account numbers, prescription details, and medical histories for roughly 6,679 individuals. The hospital engaged outside cybersecurity experts, reset credentials, and began notifying potentially affected patients and staff while offering guidance on credit monitoring. Officials said there was no evidence of misuse yet but warned people to remain vigilant for fraud or identity theft.
SimonMed Imaging
February 5, 2025
•[ ransomware, data leak, healthcare ]
Medusa claimed theft of 212GB of data impacting 1.2M patients after JanuaryFebruary attack window.
