Eholo Health
March 30, 2026
•[ data leak, vulnerability exploitation, medical records ]
XP95 claimed it stole 165 GB of data from Eholo Health, including more than 1.1 million medical notes and personal information tied to 601,308 users, after exploiting a vulnerability in the company's systems.
Centrum Medyczne Eskulap
March 24, 2026
•[ ransomware, medical records, encryption ]
Centrum Medyczne Eskulap reported that a ransomware attack on March 24, 2026 encrypted servers dedicated to patient services and blocked access to medical data and medical histories; reporting also said there was a high probability patient data may have been obtained before encryption, but no theft was confirmed.
Slavia Insurance
March 10, 2026
•[ data breach, medical records, vendor error ]
Czech insurer Slavia pojiovna reported that attackers obtained about 150 GB of sensitive data, including insurance documents, medical records, and direct communications with clients. The companys spokesperson attributed the incident to an error by a supplier/vendor and said the issue was detected by Slavias security systems and remediation steps were underway to prevent recurrence. Public reporting did not identify the attacker or provide counts of affected clients, but indicated the stolen data types are sensitive and could enable fraud or targeted extortion/phishing.
Orthopaedic Institute of Western Kentucky
March 6, 2026
•[ data breach, third-party vendor, medical records ]
Orthopaedic Institute of Western Kentucky disclosed a patient data breach tied to two separate security incidents at its third-party vendor Keystone Technologies. Reporting stated one incident occurred in April 2025 and another occurred between July and August 1, 2025, and that in both cases unauthorized parties accessed files containing patient information. The disclosure indicated the potentially exposed data could include medical records, Social Security numbers, and addresses. No threat actor attribution, precise access method, or affected-patient count was provided in the brief report.
MRO Corp.
January 20, 2026
•[ data breach, third-party vendor incident, healthcare ]
DataBreaches summarized a disclosure that a data breach at third-party medical records vendor MRO Corp. exposed personal and health information of patients tied to two Deaconess Health System hospitals in Western Kentucky (Deaconess Henderson Hospital and Deaconess Union County Hospital), as well as affected clinic patients whose records were subject to release-of-information requests. The health system stated the breach did not affect Deaconess internal systems or its electronic medical records platform; the incident was contained to the ROI vendor environment. The reporting did not enumerate specific data elements in the excerpt.
Medical Practice of Dr. Richard Swift
January 12, 2026
•[ malware, cyberattack, data leak ]
DataBreaches reported on a class action lawsuit alleging that a Manhattan plastic surgery practice run by Dr. Richard Swift was compromised by a malware-related cyberattack in 2025 and that sensitive patient information was posted online. The suit alleged that a site hosted outside the U.S. displayed personal identifiers and medical record details for at least 22 patients, and that affected patients only learned about the breach after attackers contacted them directly. DataBreaches noted the same threat actors were linked to attacks on other plastic surgery practices and described a recurring pattern where attackers approached patients with demands in exchange for removing posted information. Public reporting did not confirm whether the practice paid, and the article noted the leak site later appeared offline.
Catwig LLC d/b/a Victory Disability
October 27, 2025
•[ unauthorized access, data breach, Personally Identifiable Information (PII) ]
Catwig LLC (doing business as Victory Disability) stated it became aware in November 2025 of claims that an unknown party obtained information belonging to the firm. The company initiated an investigation with third-party cybersecurity specialists and notified federal law enforcement. The investigation concluded that an unknown party accessed a portion of Victory Disabilitys environment between October 27 and November 12, 2025 and may have viewed or copied certain information stored there. Potentially impacted data included names, contact information, Social Security numbers, and in some cases dates of birth and medical information (diagnosis, treatment, medications, lab results) if provided to Victory in connection with a case. The company reported filing notice with the California Attorney General and beginning written notifications on December 12, 2025.
Sentinel Security Life and Atlantic Coast Life
July 4, 2025
•[ unauthorized access, personally identifiable information, social security numbers ]
Sentinel Security Life Insurance Co. and Atlantic Coast Life Insurance Co. disclosed a cyber incident involving unauthorized access that occurred between April 7 and April 15, 2025. The companies reported that personally identifiable information associated with policyholders, beneficiaries, and other individuals connected to the firms may have been exposed. Potential data elements cited in reporting include names, Social Security numbers, taxpayer identification numbers, financial account information, dates of birth, medical records, and health insurance details; the companies stated they were unaware of misuse at the time of reporting.
The Children’s Center of Hamden
December 28, 2024
•[ data breach, data theft, unauthorized network activity ]
In late December 2024, The Childrens Center of Hamden detected unauthorized network activity later linked to the criminal group INC. The attack resulted in theft of sensitive patient and staff information including SSNs and medical records. No encryption reported. Public notice issued August 28 2025.
Bağcılar Training and Research Hospital
April 12, 2024
•[ cyber attack, medical records, ransomware ]
A cyber attack on the Baclar Training and Research Hospital in Istanbul compromises the confidential medical records, including X-ray scans and test results, taken at the hospital since 2007. It is rumored that the attackers asked for 200,000 dollars in exchange for the medical records.
