#healthsec — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #healthsec, aggregated by home.social.
-
NEW:
Yesterday, the USAO in Maryland issued a press release stating that Matthew Bathula, a clinical pharmacy specialist, had been charged with unauthorized access and ID theft involving patients at "Company A" -- a medical system in Maryland. 195 patients have been notified.
If you read the DOJ presser, it alleges a lot of activities that go waaaay beyond the usual insider "snooping."
A little digging revealed that "Company A" is the University of Maryland Medical Center, where Bathula was employed during the years of alleged wrongdoing.
Read the presser and more at:
-
NEW:
Yesterday, the USAO in Maryland issued a press release stating that Matthew Bathula, a clinical pharmacy specialist, had been charged with unauthorized access and ID theft involving patients at "Company A" -- a medical system in Maryland. 195 patients have been notified.
If you read the DOJ presser, it alleges a lot of activities that go waaaay beyond the usual insider "snooping."
A little digging revealed that "Company A" is the University of Maryland Medical Center, where Bathula was employed during the years of alleged wrongdoing.
Read the presser and more at:
-
NEW:
Yesterday, the USAO in Maryland issued a press release stating that Matthew Bathula, a clinical pharmacy specialist, had been charged with unauthorized access and ID theft involving patients at "Company A" -- a medical system in Maryland. 195 patients have been notified.
If you read the DOJ presser, it alleges a lot of activities that go waaaay beyond the usual insider "snooping."
A little digging revealed that "Company A" is the University of Maryland Medical Center, where Bathula was employed during the years of alleged wrongdoing.
Read the presser and more at:
-
NEW:
Yesterday, the USAO in Maryland issued a press release stating that Matthew Bathula, a clinical pharmacy specialist, had been charged with unauthorized access and ID theft involving patients at "Company A" -- a medical system in Maryland. 195 patients have been notified.
If you read the DOJ presser, it alleges a lot of activities that go waaaay beyond the usual insider "snooping."
A little digging revealed that "Company A" is the University of Maryland Medical Center, where Bathula was employed during the years of alleged wrongdoing.
Read the presser and more at:
-
NEW:
Yesterday, the USAO in Maryland issued a press release stating that Matthew Bathula, a clinical pharmacy specialist, had been charged with unauthorized access and ID theft involving patients at "Company A" -- a medical system in Maryland. 195 patients have been notified.
If you read the DOJ presser, it alleges a lot of activities that go waaaay beyond the usual insider "snooping."
A little digging revealed that "Company A" is the University of Maryland Medical Center, where Bathula was employed during the years of alleged wrongdoing.
Read the presser and more at:
-
Almost one year after discovery, Sandhills Medical Foundation notifies 169,017 people affected by a cyberattack
This was an attack by INC Ransom, who dumped the data in June 2025. INC didn't tag it as an encryption invcident -- just as hack, exfil, ransom demand. So I'm not sure why it took Sandhills about a year to make notifications
-
If you were or are a federal employee or are a family member of one, you might want to read this and share it with others who might be concerned:
Trump’s Personnel Agency Is Asking for Federal Workers’ Medical Records
-
NEW by me:
Two Breaches, One Quarter: Valley Family Health Care’s Challenging Start to 2026
#databreach #healthsec #cybersecurity #infosec #HIPAA #Insomnia
-
I am a big fan of BakerHostetler's annual data security incident response reports because they are based on actual client experiences and data.
I just posted about their 2026 report, and commented on their healthcare sector data. As I had mentioned to @siguza, healthcare breaches tend to get higher ransom demands and higher settlements. Take a look at the 2025 data -- the highest initial ransom demand for a health entity client was $98M.
I'd love to know who the victim was and what TA or group demanded that much.
That said, the highest ransom actually paid for a healthcare sector breach by one of their clients last year was $5M.
Big delta.
#ransomware #healthsec #incidentresponse #statistics #phishing #ransom #malware #databreach #cybersecurity
-
Also NEW by me:
"If threat actors gave you a chance to redact the patient data they hacked before they leak it, would you take them up on the offer? Read about the Woundtech incident."
I've never encountered any threat actors spending so much time redacting patient data before they leak it -- and even giving their victim the opportunity to redact the hacked data tranche before the threat actors leak it.
Read more about this one at:
#databreach #healthsec #woundtech #cybersecurity #redaction #incidentresponse #FulcrumSec
@zackwhittaker @campuscodi @euroinfosec @DysruptionHub @amvinfe
-
NEW, by me:
3.7 Million Telehealth Patients Allegedly Affected By Two Recent Breaches
An individual calling himself "Stuckin2019" or just "Stuck" claims responsibility for attacks on OpenLoop Health and Zealthy.
The former has notified the California AG's Office, but the latter has not notified any regulator as far as I can determine, and they haven't responded to inquiries.
Read more at:
https://databreaches.net/2026/03/23/3-7-million-telehealth-patients-allegedly-affected-by-two-recent-breaches/#databreach #healthsec #cybersecurity #OpenLoop #Zealthy #HIPAA
-
NEW by me:
Insightin Health discloses its second data security incident in two years:
https://databreaches.net/2026/03/10/insightin-health-discloses-its-second-data-security-incident-in-two-years/#databreach #healthsec #thirdparty #dataleak #cybersecurity #HIPAA #SecurityRule
-
This has always been one of my nightmares, and it came true:
A New Zealand medication charting platform used by numerous providers was hacked. But not only was it hacked, but the attackers also changed some patients' names to "Charlie Kirk," and changed other patients' records to "deceased."
There has been no report of any extortion attempt.
#MediMap started investigating on Sunday afternoon when problems were first reported.
-
OK, I feel sorry for this dentist, but I am really happy to see someone quickly informing patients about what happened and what they have done and are doing in response. I think his approach will go a long way to maintaining his patients' trust in him.
https://www.impartialreporter.com/news/25875061.dentist-speaks-practice-hit-cyber-attack/
#hack #healthsec #databreach #incidentresponse #GDPR #transparency #cybersecurity
-
When I rule the world, new ransomware/extortion gangs will have to take a number and wait until an existing one retires or gets arrested (preferably the latter).
Anyone have any info on the group calling itself "Insomnia?"
-
I recently asked #HHS #OCR how any personnel and regional cuts would affect their investigation of breaches of the #HIPAA #SecurityRule and #Notification Rule.
They didn't exactly answer my question as to how many investigators have been laid off, but they did outline their priorities for 2026.
You can read their response to my inquiries in my new post at:
https://databreaches.net/2026/01/15/hhs-ocr-comments-on-its-2026-priorities/
#databreach #healthsec #cybersecurity #ransomware #hacking #risk
-
New Zealand's high court seems to be handing out injunctions to victim entities. Have they really considered the impact on press/journalism and whether such injunctions are effective at all?
In the past month, we have learned that Manage My Health, Canopy Health, and Neighbourly were all granted injunctions to prevent downloading or sharing of data.
But do these injunctions really protect consumers and patients? Well, no, not really if the criminals leak data anyway.
Is the court just enabling entities to claim they have done everything they can to protect patients or consumers (well, other than actually preventing the breaches)?
Maybe entities should only be granted injunctions if they can first demonstrate that they had reasonable security protections in place and MFA, etc.?
#healthsec #cybersecurity #injunctions #incidentresponse #databreach
-
Methodist Homes of Alabama and Northwest Florida is notifying residents and employees of its second data breach in seven months.
I wonder what #HHSOCR will do when they investigate.
#HIPAA #SecurityRule #RiskAssessment #cybersecurity #healthsec
-
NEW: Virginia Urology Silent on Possible Data Breach as Purported Patient Data Begins to Leak:
-
Updated my post on the Anubis attack on Mid South Pulmonary Specialists after getting additional info from Anubis.
It seems they used their wiper to delete all of MSPS's backups, and then encrypted all of their systems.
That sounds pretty grim. MSPS has not posted anything (perhaps they can't) or issued any notice anywhere about whether patient care has been affected at all by any breach.
#HIPAA #healthsec #cybersecurity #databreach #ransomware #Anubis #wiper #backups #incidentresponse
-
Anubis hasn't really had a lot of media coverage, but @amvinfe's post about the attack on Mid South Pulmonary & Sleep Specialists was a wake-up call for me. So I took a look at Anubis's dark web leak site and saw they added -- and leaked -- five U.S. healthcare entities in November.
Given that they are not loath to encrypt and wipe victims' data... well... yikes.
#databreach #ransomware #Anubis #HealthSec #cybersecurity #HIPAA #wiper
-
NEW by me:
From bad to worse: Doctor Alliance hacked again by same threat actor
This is a bad #databreach in terms of the #PII and #PHI acquired by the hacker, "Kazu," who is about to leak it all.
Oof.Background: I reported on the first breach/attack a few days ago at https://databreaches.net/2025/11/12/doctor-alliance-data-breach-353gb-of-patient-files-allegedly-compromised-ransom-demanded/
When the CEO claimed it was all secured the same day, the hacker got ticked off and went back in and hacked them again.
#HealthSec #HIPAA #BusinessAssociate #thirdparty #vendor #hack #ransom #cybersecurity #incidentresponse
-
NEW: Doctor Alliance Data Breach: 353GB of Patient Files Allegedly Compromised, Ransom Demanded
#databreach #ransom #healthsec #HIPAA #HITECH #Business_Associate
-
NEW by me: Veradigm’s Breach Claims Under Scrutiny After Dark Web Leak
https://databreaches.net/2025/11/01/veradigms-breach-claims-under-scrutiny-after-dark-web-leak/
This breach may have affected 2M of Veradigm's clients' patients, but it's pretty much flown under the media radar, and its explanation of how the breach occurred didn't make sense to me after I took a look at a data tranche.
#HealthSec #BusinessAssociate #vendor #hack #incidentresponse #transparency #notification #Rhysida #Veradigm #SunflowerMedicalGroup #databreach
-
NEW by me: Another plastic surgery practice fell prey to a cyberattack that acquired patient photos and info:
#databreach #healthsec #cybersecurity #HIPAA #hack #exfiltration
-
I was checking the website of Legacy Health, LLC to see if they had posted a substitute notice about a breach they had reported to the Texas Attorney General's Office. There was no notice about the breach, but by golly, they had a graphic claiming they have a HIPAA SEAL OF COMPLIANCE and are HIPAA VERIFIED.
The shield also says "Compliancy group" as if that's a thing...?
Why oh why, hasn't HHS or the FTC or both ever cracked down on this misleading shite?
-
NEW: Protected health information of 462,000 members of Blue Cross Blue Shield of Montana was involved in the massive Conduent data breach that occurred between October 2024 and January 2025.
Montana wants to know why this wasn't reported to the state sooner. We'd like to know that, too.
-
NEW: Protected health information of 462,000 members of Blue Cross Blue Shield of Montana was involved in the massive Conduent data breach that occurred between October 2024 and January 2025.
Montana wants to know why this wasn't reported to the state sooner. We'd like to know that, too.
-
NEW: Protected health information of 462,000 members of Blue Cross Blue Shield of Montana was involved in the massive Conduent data breach that occurred between October 2024 and January 2025.
Montana wants to know why this wasn't reported to the state sooner. We'd like to know that, too.
-
NEW: Protected health information of 462,000 members of Blue Cross Blue Shield of Montana was involved in the massive Conduent data breach that occurred between October 2024 and January 2025.
Montana wants to know why this wasn't reported to the state sooner. We'd like to know that, too.
-
NEW: Protected health information of 462,000 members of Blue Cross Blue Shield of Montana was involved in the massive Conduent data breach that occurred between October 2024 and January 2025.
Montana wants to know why this wasn't reported to the state sooner. We'd like to know that, too.
-
Watsonville Community Hospital had a data breach -- or two. It would be helpful to know which.
Entities that just ignore repeated inquiries should not count on the story going away. We will publish what we know and point out what we don't know because of an entity's lack of transparency.
#databreach #ransom #extortion #transparency #incidentresponse #healthsec #HIPAA #HITECH
-
This is the first HIPAA-regulated entity I've seen report that they were affected by the #Salesforce campaign.
They report that 2,095 people were affected, but the elements they report could be just PII, so I'm not sure if it's patient data or not.
I've reached out to HHS to ask whether they have been getting any reports related to Salesforce, but let's see if they answer me.
Here's the notification from Rectangle Health: https://mm.nh.gov/files/uploads/doj/remote-docs/rectangle-health-20251008.pdf
They don't make any mention of any ransom demand.
Maybe I can get ShinyHunters to tell me more about this one. We'll see...
#HIPAA #databreach #Salesforce #BusAssociate #ThirdParty #HITECH #healthsec
-
"Healthcare Interactive, a company that develops AI-based medical insurance benefit enrollment and billing solutions, confirmed last week that it experienced a data breach that involved personal data from customers being moved offsite by hackers.
The exact number of impacted individuals was not revealed. However, the company said stolen data included names, dates of birth, Social Security numbers, contact information and health insurance enrollment data—including ID numbers.
The company also said claims and patient care details were also compromised, including patient diagnoses, provider names, lab results, medical images and treatment plans.
Medical claims were also possibly taken, which includes things like account numbers and billing codes."
-
@amvinfe It doesn't make sense that the covered entity would store 270k Social Security Numbers. And it makes even less sense that they'd store numbers that aren't valid SSNs. I'd really wish BBJI would respond to your inquiries.
-
NEW: Archer Health was leaking protected health information. Criminals appear to have found it.
From the "No Need to Hack When It's Leaking" files:
-
NEW: Survival Flight reports second cybersecurity incident in less than a year:
-
Kivimäki walks free during appeal over Vastaamo data breach:
It was one of the most vicious and disturbing data breaches of all time. If I ruled the world, he'd never see the light of day for even one day.
For those seeking background, just search databreaches.net for "Vastaamo" and then "Kivimaki"
#healthsec #infosecuity #hack #extortion #Vastaamo #databreach
-
NEW by me: Idaho man who threatened his hacking victims appeals his sentence in Georgia:
This is an appeal by Robert Purbeck, aka "Lifelock" aka "Studmaster."
It is an interesting case to watch because the judge was so disturbed by the defendant's threatening emails to his victims and references to the victims' children that he did not impose the sentence the prosecution had recommended as part of the plea deal. He sentenced Purbeck to the maximum the law allowed, which was even higher than the upper end of the sentencing guidelines for the defendant's offense level.
Purbeck appealed on the grounds that the prosecutor had a duty to really advocate for the sentence agreed to in the plea deal but the prosecutor used inflammatory language and portrayed the defendant as an ongoing threat. There's also a second issue on appeal that I predict the defendant will prevail on as the special conditions of release announced in the sentencing hearing do not match what was published in the docket later.
But what this appeal really made me think about is whether there is anything in calculating offense level that adds levels if a hacker/threat actor threatens the victims. If there already is something like that, it wasn't factored into this defendant's offense level. Can any federal prosecutors, former federal prosecutors, or judges clarify that for me?
#databreach #extortion #healthsec #RobertPurbeck #Lifelock #11CA
-
NEW: Six months after discovering an attack, Northwest Radiologists notifies almost 350,000 Washington State residents
#databreach #incident_management #healthsec #HIPAA #SecurityRule #PrivacyRule
-
Integrated Oncology Network victim of phishing attack; multiple locations affected:
No group seems to have claimed responsibility as yet and ION makes no mention of any extortion demand.
-
Horizon Healthcare RCM is a business associate to numerous healthcare systems and entities.This past week, they disclosed that they were hit with a ransomware attack in December and that they paid to get the unnamed threat actor(s) to delete the stolen data.
So far, they have not disclosed any numbers and none of their affected clients (assuming,for now, that there are affected clients) have reported the incident to HHS or any regulators that I can spot.
This may or may not wind up being another big breach when we start finding out how many entities were affected and how many patients each. As always, going after third-party vendors is like "open sesame" for threat actors.
https://databreaches.net/2025/06/29/horizon-healthcare-rcm-discloses-ransomware-attack-in-december/
#HealthSec #databreach #ransomware #cybersecurity #businessassociate
-
With great thanks to @masek and @JayeLTee and others who assisted or tried to, including Rogers ISP and law enforcement in Canada, we can finally say:
Bolton Walk-In Clinic patient data leak locked down!
Read about this very frustrating effort to get exposed patient data locked down:
https://databreaches.net/2025/06/30/bolton-walk-in-clinic-patient-data-leak-locked-down-finally/
#healthsec #PHIPA #HIPA #cybersecurity #infosec #incidentresponse #dataleak
-
@masek @JayeLTee For the life of me, I cannot understand why this got kicked over to the anti-rackets branch, but thank you for what you managed to accomplish.
I will post an update to this leak on my blog sometime this week, but in the interim:
Any patients of the Bolton Walk-In Clinic should consider filing a complaint with the provincial Privacy Commission and requesting an investigation into the clinic's failure to comply with medical privacy laws such as PHIPA. IMO, the IPC should also be asked to require the clinic to notify every patient whose unencrypted information was exposed.
Additional details about earlier efforts by @JayeLTee and I to get this leak secured can be found in my post at https://databreaches.net/2024/12/03/bolton-walk-in-clinic-in-ontario-lock-down-your-backup-already/
-
Two more victims of the Cerner/Oracle Health legacy data breach have disclosed this month:
Tallahassee Memorial Hospital
https://www.tallahassee.com/story/money/2025/06/18/letter-tmh-data-breach-traced-to-past-data-migration-by-vendor/84252923007/and
Mosaic Life Care
https://www.mymlc.com/Main/About-Mosaic-Life-Care/Media-and-Public-Relations/notice-of-oracle-healthcerner-data-security-incident/Union Health had disclosed in April:
https://www.union.health/news/noticeoforaclehealthcernerdatasecurityincidentThere are likely more disclosures to come.
#databreach #healthsec #businessassociate #legacy #cybersecurity
-
NEW: Horizon Healthcare RCM discloses ransomware attack in December:
https://databreaches.net/2025/06/29/horizon-healthcare-rcm-discloses-ransomware-attack-in-december/
The attack did encrypt files and it seems that Horizon paid to get data deleted.
There is much we don't know yet, including how many patients total were affected, and which of their clients had affected patients.
See the post for more information.
#databreach #healthsec #ransomware #cybersecurity #businessassociate
-
CMS warns Medicare providers of fraud scheme: https://www.cms.gov/training-education/medicare-learning-network/newsletter/2025-06-26-mlnc#_Toc201664984
Scammers are impersonating the Centers for Medicare & Medicaid Services and sending phishing fax requests for medical records and documentation, falsely claiming to be part of a Medicare audit.
I can see how medical records personnel or third-party records compliance vendors could be duped into providing records.
I wonder how seriously entities are taking this. Are they really warning all personnel who process medical records requests? I hope so.
#CMS #Medicare #MedRec #HealthSec #phishing #infosec #cybersecurity
-
NEW: Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024:
#HealthSec #databreach #cybersecurity #thirdparty #businessassociate #BianLian
-
NEW: Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected:
#HealthSec #databreach #cybersecurity #businessassociate #thirdparty #vendor #Compumedics
-
Alleged Geisinger hacker will defend himself pro se.
What's that old adage about someone defending themself instead of using a lawyer? That they have a fool for a client?
I've uploaded two of his filings -- the motion to defend pro se, which was granted, and now an emergency motion to be temporarily released from prison because... well, he gives some reasons. You'll see.
https://databreaches.net/2025/06/18/alleged-geisinger-hacker-will-defend-himself-pro-se/
And fwiw, Nuance never responded to my inquiries at the time of his arrest asking about what kind of background check they had done because his history revealed a number of past run-ins with the law.
#databreach #healthsec #businessassociate #HIPAA #insiderthreat #idtheft #fraud