A widely used patient portal in New Zealand reported a cyber breach two days before the New Year, affecting up to 126,000 people. On New Year's Day, private company Manage My Health disclosed that it had been notified of unauthorised access to its patient portal application on 30 December. In an update two days later, it said that an independent forensic analysis found one module within the app, Health Documents, was compromised while the rest of its system was "secure and

STATEN ISLAND, N.Y. — Northwell Staten Island University Hospital has agreed to settle a class action lawsuit over a data breach that exposed the personal information of more than 35,000 patients. The Medibase Group Inc. — a vendor that provides health care solutions, technical assistance and business office solutions — discovered the breach in May 2024, court documents indicate.

Issaqueena Pediatric Dentistry in South Carolina, Enhabit Home Health & Hospice in Texas, and AltaMed Health Services in California have announced that patient data has potentially been compromised in ransomware attacks.

It is no secret that cybercriminals commonly target the healthcare sector due to the valuable, sensitive data these organizations collect and store. While 2025 recorded the greatest number of data breaches to date, current statistics show healthcare-specific breaches decreased by 4.3% year-over-year, according to data from the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR). However, the HIPPA Journal’s 2025 Healthcare Data Breach Report notes t

Carespring Health Care Management in Ohio and LifeBridge Health in Maryland have agreed to settle class action lawsuits stemming from data breaches. Carespring Health Care Management Carespring Health Care Management has agreed to settle a class action lawsuit stemming from an October 2023 cyberattack and data breach. Hackers gained access to the protected health information of 64,609 individuals , including names, dates of birth, Social Security numbers, financial informatio

On May 22, 2025, Emanuel Medical Center detected suspicious activity on its computer systems. The investigation revealed that an unauthorized third party accessed a portion of the hospital’s systems between May 21 and May 24, 2025. Sensitive files containing personal and health information were present in the affected systems. After discovering the breach, Emanuel Medical Center secured its systems, engaged cybersecurity experts, and notified law enforcement. A data-review fi

Managed Care Advisors and Sedgwick Government Solutions recently announced a cybersecurity incident involving unauthorized access to a corporate Secure File Transfer Protocol (SFTP) server that contained personal and protected health information. Files on the server were encrypted with ransomware. Sedgwick Government Solutions, which acquired Managed Care Advisors in 2021, is a Bethesda, MD-based federal government contractor that provides workers’ compensation and managed ca

Academic Urology & Urogynecology of Arizona, a division of Palo Verde Hematology and Oncology that serves patients throughout Arizona, has announced a significant data breach, potentially affecting 73,281 current and former patients. Unauthorized access to its computer network was detected on or around May 22, 2025. Steps were taken to secure its network to prevent further unauthorized access, and third-party cybersecurity experts were engaged to conduct a forensic investigat

Healthcare data breaches discovered in calendar year 2025 that affected fewer than 500 individuals must be reported to the HHS’ Office for Civil Rights by March 1, 2026. The HIPAA Breach Notification Rule requires data breaches affecting 500 or more individuals to be reported to OCR within 60 days of the discovery of a data breach. Individuals must also be notified within 60 days, and a notice must be submitted to prominent media outlets where the affected individuals are lo

While the health system stated it has no evidence that the information has been used for identity theft or fraud, it is offering resources to help individuals protect their data. News Center 7 previously reported that the organization became aware of suspicious activity within its network systems on or about May 20, 2025. The health network said that unauthorized access occurred between April 9, 2025, and May 20, 2025.

A Morris County company that provides administrative services for businesses and government agencies has agreed to cooperate with investigators seeking information about a massive data breach that exposed millions of individuals’ sensitive personal and medical information. Conduent Business Services, based in Florham Park, first discovered that its network had been compromised in January 2025, according to a notice on the company’s website.

CAMARILLO, Calif., Dec. 2, 2025 /PRNewswire/ — Gold Coast Health Plan (GCHP) recently discovered that one of its contracted business partners suffered a cyberattack that resulted in the potential disclosure of member information to an unauthorized third party. Conduent Business Solutions, a longtime administrative services vendor for GCHP, reported that the cyberattack compromised a single employee’s email account, permitting the attacker to gain access to some files between

(The Center Square) — A coalition of New York business groups is urging Gov. Kathy Hochul to veto a "restrictive" data privacy bill they say would drive up costs for health care consumers. The New York Health Information Privacy Act calls for extending the state's existing protections for personal health information beyond the scope of federal HIPAA regulations. The legislation would make it illegal to sell an individual’s regulated health information without their consent an

ChristianaCare has announced that a cybersecurity incident of its third-party electronic medical records vendor Oracle Health, formerly Cerner Corp., exposed patients' information and medical records. Delaware's largest health care provider did not release the number of affected patients, but letters are being mailed to patients whose information was involved in this incident. The data varied by patient, but it could include names; Social Security numbers; and patient medic

One of the county’s largest mental health service providers says the protected health information of some clients was shared without authorization. Metrocare Services reported that nearly 8,600 clients may have been affected. The company said the issue began Sept. 9 when an employee sent an encrypted email from a work account to their personal email address, which was later shared on an unauthorized network. "We thoroughly investigated this incident and worked with the emplo

Computer services that nursing homes utilize, as well as several other private companies, were targeted in an ongoing cyberattack Nursing homes have fallen victim to a series of cyber attacks, the National Cyber Directorate announced on Thursday. Computer services that nursing homes utilize, as well as several other private companies, were targeted in an ongoing attack, prompting a response from the National Cyber Directorate , the Health Ministry, and the Social Affairs Min

A group of 10 individuals has filed a consolidated lawsuit against Frederick Health regarding a ransomware attack in January, claiming their personal information has been misused since the incident. The latest complaint filed on Oct. 23 comes after Montgomery County Circuit Court Judge Harry Storm granted multiple plaintiffs the ability to consolidate their cases regarding the attack.

In a startling revelation that has sent waves across the healthcare and tech industries, Conduent, a leading business services provider, has confirmed a significant data breach impacting its healthcare division. This unprecedented incident has resulted in the exposure of 10.5 million records, raising questions about data security protocols and inviting serious legal scrutiny. In this blog post, we delve into the depths of the breach, its implications, and the ensuing legal co

Geisinger Health and Nuance Communications have agreed to a proposed settlement of a class action lawsuit related to a patient data breach. The breach, which occurred around Nov. 29, 2023, involved a former Nuance employee accessing the health system's records and the personal information of more than one million patients two days after their job terminated. The Pennsylvania Court granted preliminary approval of a $5 million class action settlement on Tuesday and scheduled a

St. Anthony Hospital is investigating a breach of its email system that may have exposed the personal information of 6,679 people. The Little Village hospital learned in February that an “unauthorized actor” accessed a small number of hospital employee email accounts, according to a statement from the hospital. Though the hospital is still investigating, with the help of cybersecurity experts, it has learned that information such as names, addresses, dates of birth, Social Se