#MercyOne patients are now being notified of the #Veradigm breach that I reported on November 1.

MercyOne news coverage: https://www.kcci.com/article/mercyone-patients-alerted-to-veradigm-data-breach/69690293

Veradigm reported the breach to several state attorneys general on September 22, 2025, stating that it first learned of the breach on July 1, 2025.

Unless Rhysida messed up a data dump, the breach occurred on December 15, 2024, and was discovered by Sunflower Medical Group (SMG) on January 7, 2025.

Examination of the data tranche from Rhysida's attack on SMG revealed data from Veradigm clients, including Mercy Clinics in Des Moines and Mercy Centerville. Both are connected to the MercyOne health system. (Screenshot showing Mercy Clinics and Mercy Centerville was in my reporting at https://databreaches.net/2025/11/01/veradigms-breach-claims-under-scrutiny-after-dark-web-leak/ )

If HHS OCR hasn't done a proper investigation of this incident, I hope they do. If Rhysida screwed up and combined two dumps in one tranche, that's one thing, but if Rhysida did not screw up in their data leak, Veradigm's version of the breach didn't (and still doesn't) make a lot of sense.

#databreach #ransomware #incidentresponse #transparency

NEW by me: Veradigm’s Breach Claims Under Scrutiny After Dark Web Leak

https://databreaches.net/2025/11/01/veradigms-breach-claims-under-scrutiny-after-dark-web-leak/

This breach may have affected 2M of Veradigm's clients' patients, but it's pretty much flown under the media radar, and its explanation of how the breach occurred didn't make sense to me after I took a look at a data tranche.

#HealthSec #BusinessAssociate #vendor #hack #incidentresponse #transparency #notification #Rhysida #Veradigm #SunflowerMedicalGroup #databreach