Undisclosed Arizona dermatology clinic
May 18, 2026
•[ healthcare data breach, medical data, HHS breach tracker ]
A small dermatology clinic in Arizona was reported in the HHS breach tracker as having suffered a healthcare data breach. The initial public figure of 3 million affected individuals was later corrected in the HHS tracker to 500 individuals; the clinic name, breach method, exposed data fields, and threat actor were not reported.
ChipSoft
April 7, 2026
•[ ransomware, healthcare, data breach ]
Embargo ransomware hit ChipSoft on April 7, 2026, disrupting its website and digital healthcare services, causing hospitals to disconnect or take ChipSoft-connected systems offline, and stealing medical personal data from several Dutch healthcare institutions; ChipSoft later said the stolen data had been destroyed.
ChipSoft
April 7, 2026
•[ ransomware, data breach, healthcare ]
ChipSoft was hit by a ransomware attack on April 7, 2026, causing hosted patient-facing and provider-facing digital services to be disconnected or taken offline while the company investigated and restored systems. ChipSoft later confirmed that personal and medical patient data from some Dutch healthcare customers had been stolen and said the stolen data was destroyed and not published.
Thayer Hotel at West Point
September 19, 2025
•[ unauthorized access, data breach, personally identifiable information ]
On 19 September 2025 the Thayer Hotel at West Point experienced unauthorized access to its computer systems, prompting a forensic investigation and containment measures. The hotel later confirmed that an Undetermined actor accessed systems holding data on roughly 33,053 individuals and that exposed information could include names, dates of birth, postal addresses, Social Security numbers, drivers license and passport numbers, state IDs, email addresses and some medical or financial data for guests and employees. A formal Notice of Data Security Incident dated 31 October 2025 describes the breach, and law firms have begun investigating potential claims while the hotel offers credit monitoring through Kroll.
Miljödata (IT supplier for municipalities)
August 23, 2025
•[ ransomware, data leak, personal data ]
Suspected ransomware attack against Swedish IT supplier Miljdata disrupted critical services for ~200 municipalities starting August 23, 2025. Systems were encrypted, and attackers threatened to leak stolen personal and medical data unless paid 1.5 BTC.
