Fyzical Acquisition Holdings LLC
January 9, 2025
•[ unauthorized access, email compromise ]
Unauthorized access to FYZICALs email environment was detected on December 9 2024 triggering an investigation that concluded in November 2025 Breach notifications were issued to affected individuals and state authorities in December 2025
Ribbon Communications Inc.
January 1, 2025
•[ data leak, unauthorized access ]
U.S. telecom backbone provider Ribbon Communications reported that a nation-state actor infiltrated its environment around Jan 2025, maintaining persistence until discovery in Sept 2025; investigation confirmed unauthorized access to two employee laptops containing limited customer files; no material network breach or data destruction confirmed.
Middlesex Sheriff's Office
January 1, 2025
•[ data breach, protected health information, HIPAA ]
The Middlesex Sheriffs Office reported that a security breach occurred in January 2025 and that a comprehensive investigation (with state/federal law enforcement and private cybersecurity vendors) determined on November 19, 2025 that the incident involved unauthorized access to protected health information. The exposed PHI may have included names, home addresses, dates of birth, diagnoses, and other general health information related to individuals who may have received medical care through the Sheriffs Office. Public reporting indicated the breach represented a HIPAA-related incident; the organization did not specify the number of affected individuals in the public notice and did not disclose the initial access vector or whether any data was exfiltrated beyond unauthorized viewing/access.
EyeCare Partners
January 1, 2025
•[ email compromise, unauthorized access, data breach ]
EyeCare Partners disclosed that an unauthorized third party accessed certain ECP-managed email accounts between December 3, 2024 and January 28, 2025. The accessed files may have contained personal identifiers and limited health-related information, including addresses, dates of birth, Social Security numbers, drivers license numbers, health plan information, and limited clinical information; the notice emphasized that full medical records and detailed clinical information were not impacted. The organization reported the incident to Massachusetts regulators on February 4, 2026 and began outreach and remediation steps consistent with an email-system compromise.
Beacon Health Three Rivers
December 2, 2024
•[ unauthorized access, third-party breach ]
Vendor Cps Solutions reported unauthorized email access Dec 24; hospital notified patients.
Eckerd Youth Alternatives Inc
November 11, 2024
•[ unauthorized access, network intrusion, data breach ]
Eckerd Connects reported that it observed suspicious activity within its network environment on or around November 11, 2024. In response, it took steps to mitigate the threat (including taking certain systems offline) and engaged outside specialists to investigate. Following an extensive forensic investigation and manual document review, Eckerd Connects determined on November 17, 2025 that personal information may have been accessed or acquired by an unauthorized party during the period from November 3, 2024 through November 11, 2024. Potentially involved data elements include first/last name, address, date of birth, Social Security number, drivers license/state ID number, tax identification number, and medical information.
Methodist Homes of Alabama and Northwest Florida
October 2, 2024
•[ unauthorized access, healthcare data breach, network incident ]
Methodist Homes of Alabama and Northwest Florida reported an incident involving unauthorized access to its network between October 2 and October 14, 2024. The organization notified HHS on January 30, 2025 that 908 patients were affected, and later notified the Maine Attorney Generals Office in October 2025 that the incident affected 25,579 individuals in total.
19 stations, including London Cannon Street, London Bridge, Charing Cross, Clapham Junction, Euston, King’s Cross, Liverpool Street, Paddington, Victoria, Waterloo, Reading, Guildford, Manchester Piccadilly, Liverpool Lime Street, Birmingham New Street, Leeds, Bristol Temple Meads, Edinburgh Waverley, Glasgow Central
September 26, 2024
•[ cyber-security incident, public Wi-Fi hacking, defacement ]
U.K. transport officials and police say they are investigating a cyber-security incident that hit the public Wi-Fi networks at the countrys biggest railway stations and displayed an anti-Islam message in the login page.
Lebanon’s telecoms networks
September 23, 2024
•[ hacking, telecommunications, cyber warfare ]
Israeli military officials warn residents in southern Lebanon and parts of Beirut to evacuate villages and neighbourhoods, sparking concerns that Israel had hacked into its northern neighbours telecommunications networks.
Dr. F.H. Wigmore Regional Hospital patients
July 1, 2024
•[ insider threat, unauthorized access, privacy breach ]
Saskatchewans Information and Privacy Commissioner found a privacy breach at Dr. F.H. Wigmore Regional Hospital where an emergency department unit clerk inappropriately accessed their own health record and the records of 98 other people, for a total of 102 accesses between July 2024 and June 2025. The decision found the employee also disclosed information learned from records in at least two instances, including sharing private health information with a co-worker and texting a family member about another relatives hospital admission.
Humboldt Independent Practice Association (IPA)
June 26, 2024
•[ data leak, healthcare, unauthorized access ]
Between June 26 and July 1 2024, an unauthorized actor accessed a Humboldt Independent Practice Association email account containing protected health information. Exposed data may include patient names, contact details, birth dates, diagnoses, insurance, and identification numbers. No evidence of encryption or confirmed data exfiltration has been reported. The breach was disclosed to HHS in November 2024 and publicly announced on February 15 2025.
Maryhaven, Inc.
May 30, 2024
•[ data leak, healthcare, unauthorized access ]
Maryhaven, a behavioral health and addiction treatment provider in Ohio, detected unauthorized access to its systems on June 1 2024. An unknown actor accessed and exfiltrated patient and employee PHI/PII data (~7,000 records). No encryption or operational disruption occurred. Disclosure issued April 11 2025 through Cyberscout/TransUnion.
First Contact Health
May 1, 2024
•[ phishing, unauthorized access, health data ]
Guernseys Office of the Data Protection Authority (ODPA) sanctioned First Contact Health after cyber criminals successfully targeted an employee email account in a phishing attack, gaining unauthorized access to confidential health data. The practice reported the breach to the ODPA in May 2024, and the unauthorized access was believed to have occurred at least five months earlier. The enforcement action cited failures in key security controls intended to prevent phishing-based account compromise.
Gastroenterology Associates Of Central Florida
April 11, 2024
•[ data leak, unauthorized access ]
Orlando practice disclosed network intrusion exposing patient data including identifiers and health information.
Telefónica
March 1, 2024
•[ cyberattack, data leak, unauthorized access ]
Telefnica investigates the claims of a possible cyberattack occurred in March that allowed criminals to access more than 2 million records of clients and collaborators of the company.
Okanagan-Skaha school district
February 13, 2024
•[ unauthorized access, cyberattack, service disruption ]
On 13 February 2024 Okanagan Skaha School District detected unusual activity in its information systems, confirmed that an unauthorized third party had accessed school district technology systems and proactively took network services offline. The incident knocked out phones and email across School District 67 and also affected the Penticton Seniors Drop-In Centre that shared the network, though teaching continued in person and the
Rödl Management, Inc.
February 9, 2024
•[ unauthorized access, data leak, personal data exposure ]
Rdl Management, Inc., an Atlanta-based professional services firm, reported unauthorized access to its network systems between January 30 and February 9 2024, resulting in exposure of personal data; no encryption or operational disruption reported.
St. Joseph’s College Of Maine
January 24, 2024
•[ data leak, unauthorized access ]
College confirmed unauthorized network access in 20232024; notices sent March 2025.
Legacy Professionals LLP
January 4, 2024
•[ data leak, unauthorized access ]
Legacy Professionals LLP, an Illinois-based accounting and audit firm, reported that sensitive personal information in its custody may have been accessed and acquired following suspicious activity detected on its computer network in late April 2024. The firm investigated and determined an unauthorized third party may have viewed and obtained certain information. Legacy then reviewed the affected data to identify impacted individuals, completing its review on 01/06/2025, and began mailing breach notification letters on 02/27/2025. Information potentially exposed was described as varying by individual and included names, Social Security numbers, and financial account numbers. Public filings referenced in reporting suggested Legacy provided affected individuals with credit monitoring services. Specific technical details such as the attack vector, the duration of unauthorized access, and whether data was exfiltrated beyond the identified categories were not publicly disclosed.
