Before The Breach

A cyber-crime network in India exploited the simplest of password mistakes — “admin123” — to gain access to around 80 CCTV dashboards nationwide. Over a span of nine months, approximately 50,000 video clips were illegally obtained from hospitals, schools, malls and private residences, and sold on messaging platforms for between ₹700 to ₹4,000 each.

A US-based healthcare firm is warning patients about a data breach affecting 92,332 people. According to a new filing with the state of Maine, a “data security incident” has hit Oglethorpe, a firm that runs mental health and addiction recovery treatment facilities across three states. The Tampa, Florida-based company says an unauthorized third party has tapped into its network, and may have accessed first and last names, dates of birth, driver’s license numbers, Social Secur

EAU CLAIRE / MARSHFIELD (WQOW) -  Marshfield Clinic Health System is notifying patients whose data may have been affected in an August data breach. According to a Marshfield Clinic spokesperson, they became aware of unusual activity in employee email accounts around Aug. 27. An investigation found there was unauthorized access to the email accounts between Aug. 26 and 27. It is unclear if this breach impacted all Marshfield Clinic locations.

A cybercriminal group has claimed responsibility for one of the largest healthcare data breaches of 2025, announcing the theft of more than 1.24 million patient records from Doctor Alliance, a Dallas-based healthcare technology provider. The attackers released a 200 MB sample of the stolen data on public forums and are demanding a ransom for the deletion of the full dataset. This incident highlights the escalating threat facing the healthcare sector as cyberattacks surge nati

Wearables have become the wellness consumer’s most trusted sidekick and a major opportunity for brands that rely on real-time metrics and insights, but the data behind those devices still lives in a gray zone, and Washington has noticed. Senate Health, Education, Labor and Pensions Committee chair Bill Cassidy, MD (R-La.) has introduced the Health Information Privacy Reform Act, a bill that would bring new privacy standards to smartwatches, rings, trackers and health apps tha

When hackers target healthcare systems, medical devices can be high-impact casualties. Clinical technology is complex and multifaceted, incorporating online systems with hardware devices. The technology has led to advances in care and diagnostic success, but also increased potential vulnerabilities. When a network is knocked offline, medical devices can also be affected.

Humans are the weakest link in cybersecurity, and the healthcare industry is no exception. Healthcare workers may not think of themselves as part of the cybersecurity team, but they’re often the last line of defense for facilities when cyberattackers take aim, primarily because they’re often making decisions related to access and identity.

Omni Family Health has agreed to a $6.5 million class action lawsuit settlement to resolve claims it failed to prevent a 2024 data breach that compromised patient and employee information. The Omni Family Health settlement benefits individuals whose personal information was potentially compromised as a result of the data breach the company became aware of on Aug. 7, 2024. The settlement also benefits a subclass of the same individuals who resided in California at any time bet

WICHITA, Kan. (KSNW) — A lawsuit filed by the Nebraska Attorney General’s Office against three health care companies will move forward. On Thursday, Attorney General Mike Hilgers announced that the Lancaster County District Court denied a request to dismiss the lawsuit. In 2024, Change Healthcare, a company that processes payments for hospitals, doctors and medical clinics, suffered a catastrophic ransomware attack  that resulted in a data breach affecting over 192 million pe

On November 4, 2025, Senator Bill Cassidy (R-LA), chair of the Senate Health, Education, Labor, and Pensions (“HELP”) Committee, introduced the Health Information Privacy Reform Act (“HIPRA”). HIPRA seeks to extend protections similar to those provided under the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (collectively, “HIPAA”) to certain health information collected by entities not currently regulated by HIPAA.

PENNSYLVANIA (WHP) — The Pennsylvania Attorney General's Office has released a statement after a data breach leaked an unknown number of individual's personal information, including social security numbers and medical records. The AG's Office states that officials became aware on Aug. 9 that personal information belonging to certain individuals was potentially accessed without authorization.

Yale New Haven Health reached an $18 million settlement over a data breach that impacted over five million people earlier this year.   A Connecticut judge granted preliminary approval  last week for the settlement over the data breach that occurred in March 2025.

Synnovis, a leading UK pathology services provider, is notifying healthcare providers that a data breach occurred following a ransomware attack in June 2024, which resulted in the theft of some patients' data. Formerly known as Viapath, Synnovis was founded as GSTS Pathology  in 2009 . A new entity, called Synnovis, was created in  October 2022  as a partnership between international medical diagnostics provider SYNLAB, Guy's and St Thomas' NHS Foundation Trust, and King's Co

Just as the cybersecurity profession has evolved, so have the novelty and sophistication of the threats analysts fight. Years ago, threats were relatively static, so when they hit an organization, chances were the security software the security operations center (SOC) was using had a signature to handle it. As long as you weren’t patient zero—or at least under patient ten—there was a solution at your fingertips. Today, threat actors are a lot more adept at making the payload

Healthcare leaders continue to treat cybersecurity as a technical safeguard instead of a strategic business function, according to the 2025 US Healthcare Cyber Resilience Survey by EY. The study, based on responses from 100 healthcare executives, outlines six areas where hospitals and health systems must act to close resilience gaps that threaten patient care  and operations.

Healthcare organizations' concerns about cyber threats were also mixed with complacency, according to a new survey from Travelers. And one analyst says too few providers are taking action to protect themselves and their patients against cyber risk.

The cybercriminals announced the attack on a popular data leak forum, which is often utilized to exchange stolen records. The attackers claim that the data was obtained recently and contains over 1.2 million records taken from Doctor Alliance, a healthcare technology firm that provides billing services to physicians.

India’s healthcare sector is witnessing a digital revolution. From electronic health records (EHRs) to telemedicine, cloud-based hospital information systems, and connected medical devices, patient care has never been more efficient or accessible. But with this convenience comes an unsettling reality: cybercriminals now see hospitals as a goldmine.

Healthcare organizations may think they’re HIPAA compliant, but a new report from email security company Paubox  shows that many are silently sending protected health information without encryption, many without even knowing it. What healthcare gets wrong about HIPAA and email security , calls out a dangerous disconnect: “Most healthcare organizations have policies and tools that appear to check every HIPAA box. The issue is a disconnect between configuration and verification

C.R. Pharmacy Services, which does business as CarePro Health Services, is set to pay a $1,300,000 settlement to resolve a class action lawsuit over a November 2023 data breach.   The CarePro Health Services class action settlement  received preliminary approval from the court on September 4, 2025 and covers approximately 151,499 individuals whose personal information was potentially compromised in the CarePro data breach .