All Posts

Almost half of US states have passed comprehensive consumer data privacy protections that go beyond federal health privacy rules, known as  Health Insurance Portability and Accountability Act (HIPAA). The legislative push aims to close a widening security gap as more care, communication, and personal data move online — and beyond HIPAA’s limited scope. While the laws are designed to protect consumers, they’re also reshaping expectations around how healthcare organizations sho

St. Anthony Hospital is investigating a breach of its email system that may have exposed the personal information of 6,679 people. The Little Village hospital learned in February that an “unauthorized actor” accessed a small number of hospital employee email accounts, according to a statement from the hospital. Though the hospital is still investigating, with the help of cybersecurity experts, it has learned that information such as names, addresses, dates of birth, Social Se

The Russia-linked Cl0p ransomware cartel claims it has the data of numerous companies, with the UK's health system NHS, Mazda, Mazda USA, and Canon recently added to the gang’s ever-growing victim list. The companies were posted on Cl0p’s dark web leak site, which it uses to pressure victims into paying ransom. Automotive giant Mazda, the company’s US subsidiary, Mazda USA, and optics industry giant Canon all appeared on the leak site simultaneously. The National Health Servi

Regulatory risks are also increasing. AI-enabled monitoring spans national borders, third-party vendors and multiple data processing intermediaries. As global regulations evolve, healthcare organizations must comply with shifting frameworks for data protection, software validation, device certification and cross-border data transfer. The study emphasizes that without clarity, compliance failures could lead to legal, financial and reputational harm.

Across Canada, doctors and nurses are quietly using public artificial-intelligence (AI) tools like ChatGPT, Claude, Copilot and Gemini to write clinical notes, translate discharge summaries or summarize patient data. But even though these services offer speed and convenience, they also pose unseen cyber-risks when sensitive health information is no longer controlled by the hospital.

Across Canada, doctors and nurses are quietly using public artificial-intelligence (AI) tools like ChatGPT , Claude , Copilot  and Gemini to write clinical notes, translate discharge summaries or summarize patient data. But even though these services offer speed and convenience, they also pose unseen cyber-risks when sensitive health information is no longer controlled by the hospital.

A cyber-crime network in India exploited the simplest of password mistakes — “admin123” — to gain access to around 80 CCTV dashboards nationwide. Over a span of nine months, approximately 50,000 video clips were illegally obtained from hospitals, schools, malls and private residences, and sold on messaging platforms for between ₹700 to ₹4,000 each.

A US-based healthcare firm is warning patients about a data breach affecting 92,332 people. According to a new filing with the state of Maine, a “data security incident” has hit Oglethorpe, a firm that runs mental health and addiction recovery treatment facilities across three states. The Tampa, Florida-based company says an unauthorized third party has tapped into its network, and may have accessed first and last names, dates of birth, driver’s license numbers, Social Secur

EAU CLAIRE / MARSHFIELD (WQOW) -  Marshfield Clinic Health System is notifying patients whose data may have been affected in an August data breach. According to a Marshfield Clinic spokesperson, they became aware of unusual activity in employee email accounts around Aug. 27. An investigation found there was unauthorized access to the email accounts between Aug. 26 and 27. It is unclear if this breach impacted all Marshfield Clinic locations.

A cybercriminal group has claimed responsibility for one of the largest healthcare data breaches of 2025, announcing the theft of more than 1.24 million patient records from Doctor Alliance, a Dallas-based healthcare technology provider. The attackers released a 200 MB sample of the stolen data on public forums and are demanding a ransom for the deletion of the full dataset. This incident highlights the escalating threat facing the healthcare sector as cyberattacks surge nati

Wearables have become the wellness consumer’s most trusted sidekick and a major opportunity for brands that rely on real-time metrics and insights, but the data behind those devices still lives in a gray zone, and Washington has noticed. Senate Health, Education, Labor and Pensions Committee chair Bill Cassidy, MD (R-La.) has introduced the Health Information Privacy Reform Act, a bill that would bring new privacy standards to smartwatches, rings, trackers and health apps tha

When hackers target healthcare systems, medical devices can be high-impact casualties. Clinical technology is complex and multifaceted, incorporating online systems with hardware devices. The technology has led to advances in care and diagnostic success, but also increased potential vulnerabilities. When a network is knocked offline, medical devices can also be affected.

Humans are the weakest link in cybersecurity, and the healthcare industry is no exception. Healthcare workers may not think of themselves as part of the cybersecurity team, but they’re often the last line of defense for facilities when cyberattackers take aim, primarily because they’re often making decisions related to access and identity.

Omni Family Health has agreed to a $6.5 million class action lawsuit settlement to resolve claims it failed to prevent a 2024 data breach that compromised patient and employee information. The Omni Family Health settlement benefits individuals whose personal information was potentially compromised as a result of the data breach the company became aware of on Aug. 7, 2024. The settlement also benefits a subclass of the same individuals who resided in California at any time bet

WICHITA, Kan. (KSNW) — A lawsuit filed by the Nebraska Attorney General’s Office against three health care companies will move forward. On Thursday, Attorney General Mike Hilgers announced that the Lancaster County District Court denied a request to dismiss the lawsuit. In 2024, Change Healthcare, a company that processes payments for hospitals, doctors and medical clinics, suffered a catastrophic ransomware attack  that resulted in a data breach affecting over 192 million pe

On November 4, 2025, Senator Bill Cassidy (R-LA), chair of the Senate Health, Education, Labor, and Pensions (“HELP”) Committee, introduced the Health Information Privacy Reform Act (“HIPRA”). HIPRA seeks to extend protections similar to those provided under the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (collectively, “HIPAA”) to certain health information collected by entities not currently regulated by HIPAA.

PENNSYLVANIA (WHP) — The Pennsylvania Attorney General's Office has released a statement after a data breach leaked an unknown number of individual's personal information, including social security numbers and medical records. The AG's Office states that officials became aware on Aug. 9 that personal information belonging to certain individuals was potentially accessed without authorization.

Yale New Haven Health reached an $18 million settlement over a data breach that impacted over five million people earlier this year.   A Connecticut judge granted preliminary approval  last week for the settlement over the data breach that occurred in March 2025.

Synnovis, a leading UK pathology services provider, is notifying healthcare providers that a data breach occurred following a ransomware attack in June 2024, which resulted in the theft of some patients' data. Formerly known as Viapath, Synnovis was founded as GSTS Pathology  in 2009 . A new entity, called Synnovis, was created in  October 2022  as a partnership between international medical diagnostics provider SYNLAB, Guy's and St Thomas' NHS Foundation Trust, and King's Co

Just as the cybersecurity profession has evolved, so have the novelty and sophistication of the threats analysts fight. Years ago, threats were relatively static, so when they hit an organization, chances were the security software the security operations center (SOC) was using had a signature to handle it. As long as you weren’t patient zero—or at least under patient ten—there was a solution at your fingertips. Today, threat actors are a lot more adept at making the payload