Before The Breach

Yale New Haven Health reached an $18 million settlement over a data breach that impacted over five million people earlier this year.   A Connecticut judge granted preliminary approval  last week for the settlement over the data breach that occurred in March 2025.

Synnovis, a leading UK pathology services provider, is notifying healthcare providers that a data breach occurred following a ransomware attack in June 2024, which resulted in the theft of some patients' data. Formerly known as Viapath, Synnovis was founded as GSTS Pathology  in 2009 . A new entity, called Synnovis, was created in  October 2022  as a partnership between international medical diagnostics provider SYNLAB, Guy's and St Thomas' NHS Foundation Trust, and King's Co

Just as the cybersecurity profession has evolved, so have the novelty and sophistication of the threats analysts fight. Years ago, threats were relatively static, so when they hit an organization, chances were the security software the security operations center (SOC) was using had a signature to handle it. As long as you weren’t patient zero—or at least under patient ten—there was a solution at your fingertips. Today, threat actors are a lot more adept at making the payload

Healthcare leaders continue to treat cybersecurity as a technical safeguard instead of a strategic business function, according to the 2025 US Healthcare Cyber Resilience Survey by EY. The study, based on responses from 100 healthcare executives, outlines six areas where hospitals and health systems must act to close resilience gaps that threaten patient care  and operations.

Healthcare organizations' concerns about cyber threats were also mixed with complacency, according to a new survey from Travelers. And one analyst says too few providers are taking action to protect themselves and their patients against cyber risk.

The cybercriminals announced the attack on a popular data leak forum, which is often utilized to exchange stolen records. The attackers claim that the data was obtained recently and contains over 1.2 million records taken from Doctor Alliance, a healthcare technology firm that provides billing services to physicians.

India’s healthcare sector is witnessing a digital revolution. From electronic health records (EHRs) to telemedicine, cloud-based hospital information systems, and connected medical devices, patient care has never been more efficient or accessible. But with this convenience comes an unsettling reality: cybercriminals now see hospitals as a goldmine.

Healthcare organizations may think they’re HIPAA compliant, but a new report from email security company Paubox  shows that many are silently sending protected health information without encryption, many without even knowing it. What healthcare gets wrong about HIPAA and email security , calls out a dangerous disconnect: “Most healthcare organizations have policies and tools that appear to check every HIPAA box. The issue is a disconnect between configuration and verification

C.R. Pharmacy Services, which does business as CarePro Health Services, is set to pay a $1,300,000 settlement to resolve a class action lawsuit over a November 2023 data breach.   The CarePro Health Services class action settlement  received preliminary approval from the court on September 4, 2025 and covers approximately 151,499 individuals whose personal information was potentially compromised in the CarePro data breach .

According to the directorate's investigation, the hackers used stolen information to gain access to the targeted systems. A wave of cyberattacks targeting Israeli companies that provide IT services to businesses across the country, possibly connected to Iran , has been identified, the National Cyber Directorate said on Wednesday. The unsuccessful cyberattack targeting Shamir Medical Center on Yom Kippur earlier this month, which leaked emails containing sensitive patient inf

SINGAPORE – A new Bill which paves the way to mandate the sharing of patients’ health information among healthcare providers was introduced in Parliament on Nov 5 after two years of delay. Under the Health Information Bill (HIB), sharing of these details will mostly be done through a central repository called the National Electronic Health Record (NEHR) system.

I ’ve worked with healthcare organizations long enough to notice a pattern: Many treat HIPAA compliance as a finish line. Once they've checked off a few items, passed an audit or updated a document or two, it gets put on the shelf until something goes wrong. But the reality is different. HIPAA compliance isn’t a one-time task; it’s a moving target, especially as new tech stacks emerge, mobile apps become patient-facing and data is shared through third-party APIs more than eve

A woman has been charged after Scots patients had their private medical records accessed during an NHS data breach. Reports suggest around 100 patients in NHS Lothian could have had their records accessed as a result of the incident. The health board said it discovered patients in the region may have had their information "inappropriately accessed" during routine monitoring.

Heathrow  Airport, Marks & Spencer , Jaguar Land Rover, the British Library. These are some of the leading UK companies and institutions that have fallen victim to cyber crime  in the past couple of years. The repercussions have been serious – but it’s safe to say none of the attacks resulted in the death of innocent people. Yet that’s exactly what is happening with assaults on NHS  computer systems.

When cybercriminals attacked her hospital, a chief nursing officer I recently spoke with had a problem: How do patients call for help when all the technology is down? The solution was decidedly low-tech—cowbells distributed to each room so patients could ring when they needed assistance.

RENO, Nev. (KOLO) - Patients of OBGYN Associates are being warned that their health information may have been compromised in a security breach. Notification letters have been sent out to more than 62,000 patients, altering them of the breach. On or around Aug. 7, suspicious activity was detected and third party cybersecurity experts confirmed there had been unauthorized access to parts of it network where patient data was stored. Patients are being told their first and last n

Tampa-based Oglethorpe Inc. sent letters to more than 92,000 patients of their addiction treatment centers, a frightening letter: their private medical information was stolen. The theft happened in May, but those affected just learned about it on Friday, and it's already led to a lawsuit filed just hours ago.

The healthcare sector faces a rapidly increasing range of cybersecurity threats, with ransomware attacks emerging as one of the most significant. A combination of valuable patient data, interconnected medical devices, and small IT/cybersecurity operations staff, which spreads resources thin, can make healthcare organizations prime targets for threat actors. As healthcare operations become increasingly digitized—ranging from electronic health records (EHR) to telemedicine plat

Pomona Valley Hospital Medical Center in California has agreed to pay $600,000 to resolve all claims in class action litigation over its use of Meta Pixel and similar tracking technologies on its public website. According to the lawsuit, the tracking tools resulted in an impermissible disclosure of personally identifiable information to third parties such as Meta (Facebook).

Individuals who received a notice stating the Orthopedics Rhode Island Inc. data incident  that occurred in September 2024 may have compromised their personal information could be eligible to claim up to $5,000 from a class action settlement .