HCF Management
January 24, 2025
•[ ransomware, malware, healthcare ]
HCF Management healthcare facilities confirm a ransomware attack from the RansomHun group, with more than 70,000 patients affected.
Hospital El Cruce
January 24, 2025
•[ ransomware, malware, healthcare ]
The Hospital El Cruce is hit with a Medusa ransomware attack.
Centric.eu
January 24, 2025
•[ ransomware, technology ]
Ransomwaregroepering Clop claimt data van Centric in handen te hebben
Blessing Corporate Services Inc. (Blessing Health System)
January 22, 2025
•[ ransomware, data leak ]
Blessing Corporate Services reported a ransomware attack on January 22 2025 that stole and encrypted patient information for approximately 15,000 individuals. The breach disrupted some clinical operations before containment and was publicly disclosed in April 2025. No actor attribution has been made.
Alabama Ophthalmology Associates
January 22, 2025
•[ ransomware, data leak ]
Unauthorized access occurred Jan 2230, 2025; AOA later confirmed patient data was acquired. BianLian claimed responsibility; notifications began in April 2025.
Manpower
January 20, 2025
•[ ransomware, leak, malware ]
Manpower disclosed that a ransomware attack by RansomHub led to the theft of 500GB of files and the exposure of personal data from roughly 140000 individuals. The attackers listed Manpower on their leak site but later removed it, suggesting a ransom settlement.
Medical Associates of Brevard
January 18, 2025
•[ ransomware, malware, healthcare ]
{"richText":[{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"BianLian claimed MAB in Jan 2025; MABs review (by 07/07/2025) identified affected individuals and data types; HHS breach portal lists "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"246,711"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":" affected in a "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"Hacking/IT Network Server"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":" incident reported "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"09/05/2025"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"; no outage confirmed."}]}
Blacon High School
January 17, 2025
•[ ransomware, education ]
Blacon High School announces a temporary closure after falling victim to a "ransomware attack".
Loretto Hospital
January 17, 2025
•[ ransomware, data leak ]
On January 17 2025, RansomHouse gained unauthorized access to Loretto Hospitals network in Chicago and exfiltrated approximately 1.5 TB of sensitive data. The group listed the hospital on its leak site and released sample medical and billing files. No encryption occurred. The hospital later confirmed about 500 affected individuals in its HHS filing.
Town of Ulster
January 16, 2025
•[ ransomware, malware, government ]
The Town of Ulster discloses a ransomware attack.
Apex Custom Software
January 16, 2025
•[ ransomware, malware, technology ]
Apex Custom Software is hit with a ransomware attack.
Heart Centre
January 16, 2025
•[ ransomware, malware, healthcare ]
Heart Centre in Australia is hit with a DragonForce ransomware attack.
Bell & Graham
January 16, 2025
•[ ransomware, data leak ]
On 2025-01-16, Bell & Graham confirmed that the SafePay ransomware group stole approximately 15 GB of client data from its on-premises servers. The firm stated that files were taken but not encrypted, and live cloud systems were unaffected.
Insight Partners
January 16, 2025
•[ ransomware, social engineering, data leak ]
On January 16, 2025, Insight Partners detected a cyberattack following a social engineering intrusion first traced to October 2024. Attackers exfiltrated sensitive files related to funds, management companies, portfolio companies, banking and tax records, and personally identifiable data of employees, partners, and investors. More than 12,000 individuals were affected. The incident escalated into a ransomware attack, with systems partially encrypted before containment. No named threat group has been identified, but the actor is criminal and financially motivated.
Undisclosed Organization
January 15, 2025
•[ ransomware, malware ]
Researchers at Guidepoint Security detail an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network.
International AIDS Vaccine Initiative (IAVI)
January 15, 2025
•[ ransomware, malware, healthcare ]
The International AIDS Vaccine Initiative (IAVI) discloses a ransomware attack. The INC Ransom group claims responsibility.
Hue Central Hospital – On-Demand and International Treatment Center
January 15, 2025
•[ ransomware ]
In January 2025 the hospital information system of Hue Central Hospitals On-Demand and International Treatment Center was compromised, with around 500 GB of data encrypted and a ransom demanded for decryption; no public evidence of data exfiltration has been reported.
Multiple Organizations
January 13, 2025
•[ ransomware, misconfiguration, technology ]
Researchers at Halcyon identify a new ransomware campaign targeting Amazon S3 buckets, and leveraging AWS' Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt data, demanding ransom payments for the symmetric AES-256 keys required to decrypt it.
Teton Orthopaedics
January 12, 2025
•[ ransomware, malware, healthcare ]
Teton Orthopaedics discloses a DragonForce ransomware attack. A total of 13,409 people are affected by the incident.
Bpost
January 12, 2025
•[ ransomware, data leak, third-party ]
Reporting indicated that data attributed to Belgian postal operator bpost appeared on the TridentLocker ransomware leak site (about 30GB across thousands of files). Subsequent reporting cited a bpost spokesperson confirming a cyber incident and describing a limited data leak tied to a third-party exchange/platform used by a specific department (not linked to letters or parcels). The company stated it took immediate measures to contain the incident and said affected customers would be informed, while postal delivery operations were not expected to be endangered.
