NEW by me:

From bad to worse: Doctor Alliance hacked again by same threat actor

https://databreaches.net/2025/11/18/from-bad-to-worse-doctor-alliance-hacked-again-by-same-threat-actor/

This is a bad #databreach in terms of the #PII and #PHI acquired by the hacker, "Kazu," who is about to leak it all.
Oof.

Background: I reported on the first breach/attack a few days ago at https://databreaches.net/2025/11/12/doctor-alliance-data-breach-353gb-of-patient-files-allegedly-compromised-ransom-demanded/

When the CEO claimed it was all secured the same day, the hacker got ticked off and went back in and hacked them again.

#HealthSec #HIPAA #BusinessAssociate #thirdparty #vendor #hack #ransom #cybersecurity #incidentresponse

@zackwhittaker @campuscodi @euroinfosec @Hackread

NEW by me: Veradigm’s Breach Claims Under Scrutiny After Dark Web Leak

https://databreaches.net/2025/11/01/veradigms-breach-claims-under-scrutiny-after-dark-web-leak/

This breach may have affected 2M of Veradigm's clients' patients, but it's pretty much flown under the media radar, and its explanation of how the breach occurred didn't make sense to me after I took a look at a data tranche.

#HealthSec #BusinessAssociate #vendor #hack #incidentresponse #transparency #notification #Rhysida #Veradigm #SunflowerMedicalGroup #databreach

Integrated Oncology Network victim of phishing attack; multiple locations affected:

https://databreaches.net/2025/07/08/integrated-oncology-network-victim-of-phishing-attack-multiple-locations-affected/

No group seems to have claimed responsibility as yet and ION makes no mention of any extortion demand.

#healthsec #cybersecurity #businessassociate #databreach

Horizon Healthcare RCM is a business associate to numerous healthcare systems and entities.This past week, they disclosed that they were hit with a ransomware attack in December and that they paid to get the unnamed threat actor(s) to delete the stolen data.

So far, they have not disclosed any numbers and none of their affected clients (assuming,for now, that there are affected clients) have reported the incident to HHS or any regulators that I can spot.

This may or may not wind up being another big breach when we start finding out how many entities were affected and how many patients each. As always, going after third-party vendors is like "open sesame" for threat actors.

https://databreaches.net/2025/06/29/horizon-healthcare-rcm-discloses-ransomware-attack-in-december/

#HealthSec #databreach #ransomware #cybersecurity #businessassociate

Two more victims of the Cerner/Oracle Health legacy data breach have disclosed this month:

Tallahassee Memorial Hospital
https://www.tallahassee.com/story/money/2025/06/18/letter-tmh-data-breach-traced-to-past-data-migration-by-vendor/84252923007/

and

Mosaic Life Care
https://www.mymlc.com/Main/About-Mosaic-Life-Care/Media-and-Public-Relations/notice-of-oracle-healthcerner-data-security-incident/

Union Health had disclosed in April:
https://www.union.health/news/noticeoforaclehealthcernerdatasecurityincident

There are likely more disclosures to come.

#databreach #healthsec #businessassociate #legacy #cybersecurity

@campuscodi

NEW: Horizon Healthcare RCM discloses ransomware attack in December:

https://databreaches.net/2025/06/29/horizon-healthcare-rcm-discloses-ransomware-attack-in-december/

The attack did encrypt files and it seems that Horizon paid to get data deleted.

There is much we don't know yet, including how many patients total were affected, and which of their clients had affected patients.

See the post for more information.

#databreach #healthsec #ransomware #cybersecurity #businessassociate

@campuscodi

NEW: Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024:

https://databreaches.net/2025/06/28/texas-centers-for-infectious-disease-associates-notifies-individuals-of-data-breach-in-2024/

#HealthSec #databreach #cybersecurity #thirdparty #businessassociate #BianLian

NEW: Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected:

https://databreaches.net/2025/06/27/northern-light-health-patients-affected-by-security-incident-at-compumedics-10-healthcare-entities-affected/

#HealthSec #databreach #cybersecurity #businessassociate #thirdparty #vendor #Compumedics

Alleged Geisinger hacker will defend himself pro se.

What's that old adage about someone defending themself instead of using a lawyer? That they have a fool for a client?

I've uploaded two of his filings -- the motion to defend pro se, which was granted, and now an emergency motion to be temporarily released from prison because... well, he gives some reasons. You'll see.

https://databreaches.net/2025/06/18/alleged-geisinger-hacker-will-defend-himself-pro-se/

And fwiw, Nuance never responded to my inquiries at the time of his arrest asking about what kind of background check they had done because his history revealed a number of past run-ins with the law.

#databreach #healthsec #businessassociate #HIPAA #insiderthreat #idtheft #fraud

Episource is notifying 5.4 million patients of a cyberattack in January:

https://databreaches.net/2025/06/17/episource-notifying-5-4-million-patients-of-cyberattack-in-january/

Some media call this a #ransomware attack, but Episource does not mention any encryption of data and is silent on that question or any mention of any ransom demand. I cannot find any gang who has claimed responsibility for this incident or that has added it to any leak site.

#healthsec #databreach #businessassociate

In May 2024, medical billing and revenue cycle management firm ALN Medical Management disclosed a third-party breach. They've recently supplemented their disclosure and are sending out many more notification letters. The total number of patients affected by the incident now stands at more than 1.8 million.

The third party provider was never named.

But because two notification letters arrived here yesterday, I am wondering how far back the third party's stored data goes. ALN's disclosure never tells us that, but the letters arriving here yesterday were for people who haven't lived at this address for a decade or so.

https://databreaches.net/2025/05/29/update-aln-medical-managements-data-breach-total-soars-to-more-than-1-8-million-patients-affected/

#databreach #BusinessAssociate #HIPAA

HCF Management healthcare facilities hit by ransomware attack; more than 70,000 patients affected:

https://databreaches.net/2025/01/24/hcf-management-healthcare-facilities-hit-by-ransomware-attack-more-than-70000-patients-affected/

#ransomware #databreach #healthsec #businessassociate #disclosure #transparency #notification #RansomHub

@JayeLTee Take a look at this -- Khalil Center really responded quickly to responsible disclosure:

https://databreaches.net/2025/01/03/khalil-centers-impressively-rapid-incident-response/

#dataleak #ransom #incidentresponse #HIPAA #disclsoure #businessassociate #vendorsecurity

Medusa also claims to have hit American Medical Billing in Illinois. Medusa provides a number of internal files, including insurance. They are asking $150k to either delete all the data or download all the data.

I'm somewhat surprised that they are asking (only) 10k more for medically related info than for the school district listing.

#HealthSec #databreach #cybersecurity #HIPAA #BusinessAssociate

@ValeryMarchive So far, I haven't found any other entities reporting that they were affected by an attack on National Diagnostic Imaging. Was Birth Choice of San Marcos their only client/provider affected? It seems unlikely. There's no notice on NDI's website about any breach and nothing reported to HHS that I can find so far.

I've submitted an inquiry to NDI but no reply was immediately available.

#healthsec #HIPAA #BusinessAssociate #cybersecurity

Well, I can't say I'm surprised, but Nuance Communications hasn't responded to my inquiries about their former employee, who has been charged federally for unauthorized access to Geisinger patient data days after his employment was terminated.

When I looked at court filings, I wondered whether he had ever been subjected to a criminal background check. So I asked Nuance some questions, including whether they terminated his access when they ended his employment.

Read more at https://databreaches.net/2024/06/25/when-the-insider-threat-is-at-your-vendor-could-you-discover-it-quickly/

#databreach #cybersecurity #hipaa #businessassociate

Parathon by JDA e-Health: what we still don’t know about their July ransomware incident:
https://www.databreaches.net/parathon-by-jda-e-health-what-we-still-dont-know-about-their-july-ransomware-incident/

#ransomware #Akira #incidentresponse #transparency #businessassociate #vendor #HIPAA #HITECH #HealthSec #cybersecurity

@brett @jgreig @BleepingComputer @amvinfe

The Perry Johnson & Associates (PJ&A) breach that affected 1.2 million patients of Cook County Health in Illinois also affected millions of Northwell Health patients on Long Island,

https://www.databreaches.net/pja-data-breach-also-affected-millions-of-northwell-health-patients/

PJ&A is a medical transcription service so lots of #PII and #PHI appear to be involved in this one.

The actual breach/exfil occurred months ago. So far, I've not found any attribution, any indication of any extortion/ransom demand, or any group claiming responsibility for this one.

#databreach #HealthSec #HIPAA #BusinessAssociate #infosec

@BleepingComputer @campuscodi @jgreig @briankrebs @brett @euroinfosec

Hunter Biden business associate testifies he has no knowledge of wrongdoing by Joe Biden

https://www.msnbc.com/morning-joe/watch/hunter-biden-business-associate-testifies-he-has-no-knowledge-of-wrongdoing-by-joe-biden-190009413652

#MSNBC #HunterBiden #JoeBiden #businessassociate #wrongdoing #testimony #Politics #News