Update to the Covenant Health cyberattack in May that affected a few hospitals in Maine and New Hampshire:
Qilin has added Covenant to its leak site. The 8 screengabs they provide as POC all related to employee/personnel info.
They do not make any specific claims about amount of data or whether patient data was also acquired.
McLaren provides written notice to 743,131 patients after ransomware attack in July 2024:
#HealthSec #databreach #encryption #extortion #transparency #incidentresponse
This was their second ransomware attack in a year. Personal injury lawyers are already recruiting plaintiffs.
"The minister disclosed that hackers encrypted the NHIS and demanded payment, assuring MPs 'the hackers won’t damage the information on the NHIS. ' "
That's from the Tonga Ministry of Health commenting on encryption of its national health information system and ransom demand.
https://talanoaotonga.to/health-ministrys-information-system-hit-by-ransomware-attack/
There is no explanation of how she knows that the (unnamed) hackers won't damage the information on the system.
The system is currently offline so I can't even email the ministry to ask.
Alleged Geisinger hacker will defend himself pro se.
What's that old adage about someone defending themself instead of using a lawyer? That they have a fool for a client?
I've uploaded two of his filings -- the motion to defend pro se, which was granted, and now an emergency motion to be temporarily released from prison because... well, he gives some reasons. You'll see.
https://databreaches.net/2025/06/18/alleged-geisinger-hacker-will-defend-himself-pro-se/
And fwiw, Nuance never responded to my inquiries at the time of his arrest asking about what kind of background check they had done because his history revealed a number of past run-ins with the law.
#databreach #healthsec #businessassociate #HIPAA #insiderthreat #idtheft #fraud
Tallahassee Memorial Healthcare reveals it was impacted by Cerner/Legacy Oracle cyberattack:
In April, Union Health System in Indiana notified HHS that almost 263,000 of its patients had been affected by the incident.
So far, these are the only two reports I've found related to the incident. But I am betting there are a lot more we don't yet know about.
I haven't found any threat actor or group claiming responsibility for the attack or leaking any data from it.
IMPACT: 170 patients harmed as a result of Qilin’s ransomware attack on NHS vendor Synnovis:
https://www.gazetteandherald.co.uk/news/national/25248263.170-patients-harmed-result-cyber-attack/
This updates numbers reported in January. HSJ article is behind paywall though.
Episource is notifying 5.4 million patients of a cyberattack in January:
Some media call this a #ransomware attack, but Episource does not mention any encryption of data and is silent on that question or any mention of any ransom demand. I cannot find any gang who has claimed responsibility for this incident or that has added it to any leak site.
NEW by me:
Plastic surgeons often store nude photos of patients with their identity information. When would we call that “negligent?”
Defense counsel for Hankins & Sohn claims that the attack they experienced in February 2023 was "unforeseeable." Was it really?
#HealthSec #databreach #extortion #HIPAA #cybersecurity #infosecurity #phishing
Jackson Health System has disclosed another insider-wrongdoing breach. This one affected about 2000 patients. The employee's motivation was reportedly related to boosting their personal healthcare business.
In their notice, JHS tries to portray themself as a victim. That didn't go over too well with me, as this is not the first time they have had a long-running insider wrongdoing breach.
In 2019, they settled HHS OCR charges after three breaches -- one of which involved insider wrongdoing over 5 years that affected 24k patients. There was no corrective action plan as part of the settlement. Perhaps there should have been?
#databreach #healthsec #insiderthreat #HIPAA #SecurityRule #insiderwrongdoing
It looks like the Gunra ransomware gang is escalating its leak of data from American Hospital Dubai ("AHD"). Their spokesperson informs me that they are planning to leak the data on the clearnet so more people will have access to downloading it.
AHD did not respond to my email inquiries yesterday. A second request was emailed to them this morning.
Background on this attack and AHD's internal communications about the breach:
#databreach #ransomware #incidentresponse #healthsec #UAE #Gunra
Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach:
#HealthSec #databreach #ransomware #transparency #notification #HIPAA #disclosure
Ransomware group Gunra claims to have exfiltrated 450 million patient records from American Hospital Dubai.:
To make matters worse, AHD communicated about the breach and their incident response while the attackers still had access.
#databreach #ransomware #healthsec #cybersecurity #transparency #incidentresponse #Gunra
Another sickening insider-wrongdoing case in the healthcare sector:
North Shore University Sleep Disorders Center employee charged with secretly recording patients in restrooms:
https://databreaches.net/2025/06/04/north-shore-university-sleep-disorders-center-employee-charged-with-secretly-recording-patients-in-restrooms/
The employee was actually arrested back in 2024, but some of the details have only been coming out in the past month or so.
Texas gastroenterology and surgical practice victim of ransomware attack:
InterLock has dumped a lot of data with #PHI from Texas Digestive Specialists. The medical group does not appear to have either confirmed nor denied any claimed breach, but there are a ton of pathology reports on Texas Digestive Specialists letterhead that I saw in the tranche:
#databreach #ransomware #healthsec #HIPAA #cybersecurity #incidentresponse
Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.
#databreach #ransomware #IncidentManagement #disclosure #transparency #healthsec #HIPAA
DATE: May 28, 2025 at 05:39PM
SOURCE: HEALTHCARE INFO SECURITY
Direct article link at end of text block below.
Join us at the #HealthSec summit on June 3 and 4 in #Boston. Outstanding agenda and speakers examining the very latest #Healthcare #cybersecurity challenges and opportunities. Register here: https://t.co/nFAv0K8yI3
Here are any URLs found in the article text:
Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.
-------------------------------------------------
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
It sounds like Esse Health suffered a seriously impactful ransomware attack that affected their ability to access patient records and provide some patient care.
I have not seen any group claim responsibility for this attack (yet), but here is a media link and link to Esse Health's undated update notice:
https://www.firstalert4.com/2025/05/07/cyberattack-puts-healthcare-hold-hundreds-st-louis-metro/
https://www.essehealth.com/network-updates/
Correcting one of my posts: It was not Atrium Health that owned the data Jeremiah Fowler reported on to Website Planet. I heard from Atrium Health today and it was Carolina Anesthesiology, P.A., who owned the data that were exposed.
My corrected post is at:
https://databreaches.net/2025/04/24/no-need-to-hack-when-its-leaking/
(I can't believe it but I just had to correct my correction on the name of the actual owners. Please make this week be over.)
Updating an incident:
The InterLock ransomware gang has claimed responsibility for the DaVita attack. They claim to have exfiltrated 1,510 GB of data, 683,104 files, and 75,836 folders, and have leaked the file tree and some folder information.
#healthsec #ransomware #cybersecurity #DaVita #InterLock #databreach
No need to hack when it’s leaking: Atrium Health edition:
https://databreaches.net/2025/04/24/no-need-to-hack-when-its-leaking-atrium-health-edition/
#healthsec #leak #HIPAA #SecurityRule #databreach #cybersecurity
