Search Results (protected health information (PHI))
QualDerm
December 23, 2025
•[ data breach, data leak, unauthorized access ]
SecurityWeek reported that QualDerm Partners is notifying more than 3.1 million people of a December 2025 breach discovered on Dec. 24, 2025. QualDerm said attackers had unauthorized access to its network for two days and exfiltrated data from a limited number of compromised systems. Stolen data included personal identifiers and health/insurance information such as names, addresses, dates of birth, email addresses, medical record numbers, doctor names, treatment/diagnosis information, health insurance information, dates of death, and in some cases government-issued ID information. QualDerm said its investigation is ongoing and it notified law enforcement and regulators.
Center for Life Resources
November 14, 2025
•[ unauthorized access, network intrusion, data breach ]
Center for Life Resources identified unauthorized access to its network in mid-November 2025 and determined that files containing sensitive personal and protected health information may have been accessed or copied, which was later disclosed in regulatory notifications.
Catwig LLC d/b/a Victory Disability
October 27, 2025
•[ unauthorized access, data breach, Personally Identifiable Information (PII) ]
Catwig LLC (doing business as Victory Disability) stated it became aware in November 2025 of claims that an unknown party obtained information belonging to the firm. The company initiated an investigation with third-party cybersecurity specialists and notified federal law enforcement. The investigation concluded that an unknown party accessed a portion of Victory Disabilitys environment between October 27 and November 12, 2025 and may have viewed or copied certain information stored there. Potentially impacted data included names, contact information, Social Security numbers, and in some cases dates of birth and medical information (diagnosis, treatment, medications, lab results) if provided to Victory in connection with a case. The company reported filing notice with the California Attorney General and beginning written notifications on December 12, 2025.
Mitchell County
October 16, 2025
•[ ransomware, unauthorized access, theft of personal information ]
Mitchell County detected ransomware on its computer network on October 20, 2025, after unauthorized access between October 16 and October 20. The incident encrypted files, disrupted email and phone systems for several days, and involved the theft of personal information and protected health information from Department of Social Services records.
Radiology Associates of Richmond
July 25, 2025
•[ data breach, unauthorized access, protected health information (PHI) ]
An unauthorized actor accessed Radiology Associates of Richmond's network environment on or about July 25, 2025, and files containing protected health information were acquired. RAR began notifying affected individuals on May 21, 2026; filings reported 266,183 affected individuals.
Monroe University
December 9, 2024
•[ data breach, network access, personally identifiable information (PII) ]
BleepingComputer reported that Monroe University disclosed that threat actors accessed its network for roughly two weeks (December 9 to December 23, 2024) and stole documents later determined to contain personal, financial, and health information. The university stated it determined on September 30, 2025 that certain individuals data was contained in the stolen files, and filings indicated 320,973 individuals were affected. Exposed data elements were described as varying by person and potentially including name, date of birth, Social Security number, drivers license or passport numbers, government ID numbers, medical and health insurance information, email or electronic account usernames and passwords, financial account information, and student-related data. Notifications were mailed beginning January 2, 2026.
Eckerd Youth Alternatives Inc
November 11, 2024
•[ unauthorized access, network intrusion, data breach ]
Eckerd Connects reported that it observed suspicious activity within its network environment on or around November 11, 2024. In response, it took steps to mitigate the threat (including taking certain systems offline) and engaged outside specialists to investigate. Following an extensive forensic investigation and manual document review, Eckerd Connects determined on November 17, 2025 that personal information may have been accessed or acquired by an unauthorized party during the period from November 3, 2024 through November 11, 2024. Potentially involved data elements include first/last name, address, date of birth, Social Security number, drivers license/state ID number, tax identification number, and medical information.
