Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Medical Data Leak. Show all posts
Tribal Clinics
Data Breach Medical Data Leak Ransomware attack Rhysida Ransomware Tribal Clinics

Rhysida Ransomware Hits California Tribal Clinics, Leaks SSNs and Medical Data

 

A recent ransomware attack has disrupted healthcare services and exposed sensitive patient data at the MACT Health Board, which operates clinics serving American Indian communities in California’s Sierra Foothills. The cybercriminal group Rhysida has claimed responsibility for the November 2025 breach and has listed MACT on its data leak site, demanding a ransom of eight bitcoin, valued at about 662,000 dollars at the time. Although MACT has notified affected patients, the organization has not confirmed Rhysida’s claims or disclosed how many individuals were impacted.

According to MACT’s notice to victims, an unauthorized party accessed some files on its systems between November 12 and November 20, 2025, leading to serious exposure of personal and medical information. Compromised data includes names, Social Security numbers, and detailed medical information such as diagnoses, doctors, insurance details, medications, test results, images, and records of care and treatment. In response, MACT is offering eligible victims free identity monitoring, recognizing the heightened risk of identity theft and fraud.

The attack caused significant operational disruption across MACT’s clinics starting November 20, 2025, affecting phone services, prescription ordering, and appointment scheduling. Phone lines were restored by December 1, but some specialized imaging services were still offline as of January 22, illustrating the long-term impact such incidents can have on patient care. The Board declined to answer detailed questions about the breach, including whether a ransom was paid or how the attackers infiltrated the network.

Rhysida, which emerged in May 2023, runs a ransomware-as-a-service model, providing its malware and infrastructure to affiliates who carry out attacks. Its ransomware both steals data and encrypts systems, with victims pressured to pay for deletion of stolen information and for decryption keys. The group has claimed responsibility for 102 confirmed attacks and an additional 157 unacknowledged incidents, with an average ransom demand of around 884,000 dollars. At least 24 of its confirmed attacks have targeted healthcare entities, compromising about 3.83 million records, including high-profile breaches at MedStar Health, Spindletop Center, and Cytek Biosciences.

The MACT incident highlights a broader surge in ransomware targeting US healthcare providers. Comparitech researchers documented 109 confirmed ransomware attacks against hospitals, clinics, and other care providers in 2025 alone, affecting nearly 8.9 million records. These attacks can force organizations back to pen-and-paper operations, trigger appointment cancellations, and even require patient diversions, putting both safety and privacy at risk. MACT, which serves five California counties—Mariposa, Amador, Alpine, Calaveras, and Tuolumne—through about a dozen clinics offering medical, dental, behavioral, optometry, and chiropractic care, now faces the dual challenge of restoring services and rebuilding trust with its community.
Read more »
Security threats
Hacking Mobile Medical Data Leak Mobile Security ransomware attacks Security threats

Ransomware Attacks Pose Significant Threats to the Security of Medical Devices

Cybercriminals are increasingly targeting health organizations of all sizes. The rise in healthcare-related cyberattacks suggests that smaller healthcare providers are experiencing a higher rate of cybercrime incidents. 

Recently Food and Drug Administration has disclosed that ransomware attacks targeting medical facilities are a major concern and what we are witnessing is only the visible tip of the iceberg in a much larger problem. 

Beyond headline-grabbing cyberattacks, there are hidden risks to patient safety caused by service providers who hack medical devices disguised as repair and maintenance. This dangerous method of hacking, whether it is intentional or reckless, poses significant cyber risks comparable to professional ransomware attacks. 

Unfortunately, medical devices for malicious purposes are often disregarded or not given enough attention by the medical device community, physicians, and patients who rely on these devices for critical life-saving treatments and services. 

Additionally, when examining the primary factors contributing to the rise in attacks on healthcare organizations, we can identify the following common reasons: 

  • Patient medical and billing information can be swiftly sold by malicious actors on the darknet for insurance fraud. 
  • The ability of ransomware to seize control of patient care and administrative systems increases the likelihood of substantial ransom payments. 
  • Tampering with internet-connected medical devices is a significant vulnerability. 

Following the report, the FDA stated that “Cybersecurity is a widespread issue affecting medical devices connected to the Internet, networks, and other devices. Cybersecurity is the process of preventing unauthorized access, modification, misuse or denial of use, or the unauthorized use of information that is stored, accessed, or transferred from a medical device to an external recipient.” 

The FDA's paper on improving cybersecurity practices for servicing medical devices explores how service entities can enhance the cybersecurity of these devices. 

According to the discussion paper, the FDA said that “defines service to be the repair and/or preventive or routine maintenance of one or more parts in a finished device, after distribution, for purposes of returning it to the safety and performance specifications established by the original equipment manufacturer (OEM) and to meet its original intended use.” 

These crimes have caused various disruptions, such as missed chemotherapy appointments, delayed ambulances, and sometimes the services devices do not work and it increases the risks of not getting treatment or health services at the right time. 

Ransomware attacks are very dangerous methods of cyberattacks that are getting their foot in every industry. For instance, the May ransomware attack on Colonial Pipeline resulted in gas shortages and panic buying. 

Nevertheless, hackers targeted the JBS meat processing company, raising concerns about potential meat shortages and the vulnerability of essential food providers. In another incident, the Baltimore County Public Schools system experienced a ransomware attack last fall, forcing a two-day halt to virtual classes.

Cybersecurity has a huge impact on every facet of the healthcare industry, encompassing the protection of confidential health data, insurance rates, and patient care. It is becoming essential for medical and device manufacturing companies to advance their methods against increasing cyber threats.
Read more »
Sensitive data
cybercriminals Data Breach Data Theft Hackers Medical Data Leak Sensitive data

 Cyberattack Logan Health and Server Intrusion 

 

A sophisticated intrusion on the IT systems resulted in the compromise of a file server containing protected health information of Logan Health Medical Center which recently notified 213,543 patients, workers, and business associates warning the personal and health data may have been accessed by criminals.

Logan Health Medical Center, according to a letter, first observed evidence of illegal behavior on one of its servers on November 22, 2021. As a result, the hospital solicited the help of outside forensic experts to investigate the magnitude of the event and as to whether any sensitive personal information had been exposed. 

Logan Health CEO Craig Lambrecht reminded staff of its "vital responsibility in protecting patients' sensitive health information" in an email to employees, as well as a series of reminders on password security and responding with emails from unknown senders. 

Logan Health Medical Center confirmed on January 5, 2022, how an unauthorized party had gained access to files containing protected health information about specific staff and patients. On February 22, 2022, Logan Health began sending out data breach notification letters to all factions whose knowledge was contained in the affected files. 

After gaining access to a computer network, a cybercriminal can see and delete any data stored on the stolen servers. While most organizations can determine which files were accessed in the event of a data breach, it may not be able to determine which files the hacker really visited or whether any data was removed. 

The investigation into the Logan Health Medical Center data breach is still in its early stages. There is currently no proof of Logan Health being legally liable for the data breach. However, as more information about the breach surfaces, this could change. 

You can defend oneself from data theft or other forms of fraud by doing the following:

  • Determine what information has been tampered with.
  • Limit Who Has Access to Your Accounts in the future. 
  • Take steps to safeguard your credit and financial accounts.
  • Monitor your credit report and financial accounts regularly.
Read more »
User Security
Data Breach Data Compromise Data Leak Health Information Medical Data Leak Medical Devices User Data User Privacy User Security

40M+ People had Health Information Leaked in 2021

 

This year, data breaches compromised the personal health data of almost 40 million people in the United States, a substantial increase from 2020 and a continuation of a pattern towards more and more health data hacks and leaks. 

Any health data breaches affecting 500 or more persons must be reported to the Office for Civil Rights at the Department of Health and Human Services, which makes the breaches public. As per the office's database, 578 breaches have been reported so far this year. Although this is less than the 599 breaches disclosed in 2020, the breaches last year only impacted approximately 26 million people. 

According to a survey from security firm Bitglass, hacking or other IT accidents have been the primary cause of people's health records being exposed since 2015. Before it, the majority of data breaches were caused by lost or stolen devices. 

The transition occurred in line with the federal rules in the United States requiring healthcare companies to adopt electronic medical records, as well as a broader shift toward digital instruments in healthcare, such as internet-connected monitoring. In the black market, medical records are valuable because they contain information that is more difficult to alter than a credit card and can be used to establish false medical claims or acquire medications. 

Patients may be harmed in several ways as a result of these breaches: their personal information may be revealed, and they may be forced to cope with the financial consequences of having their medical identity stolen. 

Hacking and attacks on healthcare institutions that shut down hospital computer systems might make it more difficult for hospitals to provide high-quality care, which can be hazardous to patients. According to research, more people die in hospitals as a result of data breaches, even if the incident does not result in a computer system shutdown. 

Although the risk of cyberattacks is increasing, many healthcare companies have not prioritised cybersecurity investment. A cyberattack on the Florida Healthy Kids Corporation health plan, for instance, resulted in the exposure of 3.5 million people's personal data in 2021. 

According to Health News Florida, an investigation conducted following the hack revealed that the plan's website had "significant vulnerabilities." However, experts suggest that the increase in attacks in 2020 and 2021, notably in ransomware attacks, is driving companies to take the threat more seriously.
Read more »
Ransomware
Cyber Attacks Healthcare system Medical Data Leak Medical Sector Passwords Ransomware

Medatixx Struck by Ransomware Attack, Customers Advised to Change Passwords

 

Medatixx, a German medical software provider whose products are used in around 21,000 health institutions, advises customers to update their application passwords, following a ransomware attack that damaged their entire operations. 

The business stressed that the impact has not reached clients and is restricted to their internal IT systems and shouldn't affect their PVS (practice management systems). Threat actors may have obtained Medatixx users' credentials, as it is uncertain what data was taken during the attack. 

As a result, Medatixx advises clients to take the following precautions to ensure that their practise management software stays secure: 
  • Change the user passwords on practise software. 
  • On all workstations and servers, change the Windows logon passwords 
  • Passwords for TI connectors should be changed. The aforementioned are preventative steps, according to the business, but they should be implemented as soon as possible. 
The following are the software products whose users should respond to this emergency immediately:  
  • easymed
  • medatixx
  • x.comfort
  • x.concept
  • x.isynet
  • x.vianova
About the attack

The ransomware attack on Mediatixx occurred last week, and the firm is still recovering, with just e-mail and central telephone services restored so far. Additionally, all regional sales partners and customer support lines are operational, allowing clients to contact corporate staff with any questions they may have. There is no confirmation when the corporation will resume normal operations. 

Furthermore, it is unknown whether the actors were able to get any customer, doctor, or patient information. The company states that it has alerted Germany's data protection authorities about the occurrence and will provide an update after the inquiry is completed. 

Medatixx explained in the translated advisory, "It is not known at this point whether or not, and to what extent any data was stolen. It can therefore not be ruled out that the data stored by us has been stolen." 

As per Heise Online, Mediatixx solutions are used in around 25% of all medical institutions in Germany, and this might be the country's largest hack ever in the healthcare system. Furthermore, according to the German news agency, the attackers could steal user credentials through remote maintenance systems.
Read more »
User Security
Data Breach Medical Data Leak Private Data Ransomware attack User Security

Personal Details of Las Vegas Cancer Center Patients Leaked in a Ransomware Attack

 

Las Vegas Cancer Center has announced that it suffered a ransomware attack over the Labor Day weekend. According to the administrators of the cancer center, the security breach was uncovered on September 07 when the entire staff returned to the office after the holiday. In the wake of the incident, the cancer center is notifying patients of ransomware attacks that may have exposed personal details of current and former patients.

“The breach was discovered when the office reopened on September 7th. LVCC immediately notified law enforcement and fully participated in an investigation by the FBI, and conducted its own internal investigation. LVCC also notified its electronic medical records vendor, which relies on the server data to build LVCC’s patient records database,” the news release stated. 

The attackers succeeded in encrypting data on the center's server despite LVCC’s server and computers being shielded by a firewall and multiple malware defense systems. Threat actors were able to access patient names, addresses, dates of birth, social security numbers, medical records, and insurance information as a result of the breach, according to the center. However, the center claims all patient details were stored in a proprietary format and were no longer of any use.

“All patient data was stored on the server in a format proprietary to LVCC’s electronic medical records system, and therefore likely not usable to the hackers. LVCC does not believe that any data was copied or transferred from its server, and has received no ransom demand from the hackers to unlock the data,” LVCC stated. 

Earlier this year in August, Indianapolis-based Eskenazi Health suffered a ransomware attack that compromised the personal details of the patients. Eskenazi officials discovered the attack when they noticed suspicious activity on their network. The ransomware attack led the hospital to go diversion, turning away ambulances, for several days in early August. 

A further investigation revealed that threat actors had secured access to the network on May 19 and launched the attack in a sophisticated manner by disabling the security protections to hide their activities.

Despite the data leak and ransom demand, the Eskenazi Health officials did not pay the hackers’ requested ransom. According to The American Hospital Association’s cybersecurity expert John Riggi, an estimated 30 percent of health care institutions pay the ransom when they are breached by a ransomware attack.
Read more »
Users' Credential
Beaumont Health Clop Ransomware Data Breach Data Stolen Healthcare Hack Medical Data Leak User Data User Privacy User Security Users' Credential

Beaumont Health: The Latest Victim of Accellion Breach

 

Beaumont Health, headquartered in Michigan, is the latest victim of the Accellion data breach, which began in December 2020 and has so far claimed 100 victims. Threat actors exploited zero-day vulnerabilities in Accellion's File Transfer Application (FTA), compromising the data of millions of patients. 

Approximately 1500 patients have been alerted by Beaumont Health that their personal information may have been compromised as a result of the December cyberattack on Accellion software. Beaumont hired Goodwin Procter LLP to offer legal services, and the firm used Accellion's File Transfer software to make massive transfers on behalf of its customers. 

Goodwin notified the healthcare provider on February 5 that patient data had been breached. Following the announcement of the Accellion breach, Goodwin conducted a digital forensics investigation and discovered that an unknown person had exploited a vulnerability in the application to obtain specific documents. 

“The potentially impacted information included a listing of roughly 1500 patients who had one of two procedures performed at a Beaumont Hospital,” mentioned in a statement issued on August 27 by Beaumont Health. 

“The list included the patient name, procedure name, physician name, the internal medical record number and the date of service. This incident is limited to these patients and does not affect all patients of Beaumont.” 

The healthcare provider also stated that the breach had no financial implications and neither Beaumont nor Goodwin had discovered any indication of the exposed data being exploited. 

On behalf of Beaumont, Goodwin contacted impacted people via mail on August 27 at their last known address to inform them about the data breach. The letter advises patients on the actions they should take to protect themselves from identity theft. 

“The notice letter specifies steps impacted individuals may take to protect themselves against identity fraud, including enrolling in complimentary credit monitoring services (if eligible), placing a fraud alert/security freeze on their credit files, obtaining free credit reports, remaining vigilant in reviewing financial account statements and credit reports for fraudulent or irregular activity on a regular basis and taking steps to safeguard themselves against medical identity theft,” stated Beaumont. 

“At Beaumont, protecting the privacy of personal information is a top priority,” the statement concluded. 

Goodwin is examining its data security policies and protocols in the aftermath of the incident. 

Accellion is now facing lawsuits

As the number of breaches escalates, Accellion is experiencing over a dozen lawsuits. In February, the Cybersecurity and Infrastructure Security Agency (CISA), together with security agencies in the United Kingdom, New Zealand, Singapore, and Australia, issued a warning to companies about the Accellion hack. 

Clop ransomware took responsibility for the assault and abused four previously unknown vulnerabilities. Some of the ransomware group's most recent victims include Kroger, Bombardier, Southern Illinois University School of Medicine, and Trillium Community Health Plan. 

In April, Trinity Health, located in Michigan, alerted over 580,000 patients that their information had been compromised. Demographic data, names, medical record numbers, and medical tests were among the information stolen. 

Centene also alerted over 1.3 million patients of the Accellion data leak in April. Contact information, birthdates, insurance ID numbers, and treatment information were all acquired by the hackers. 

During a major extortion attempt, the Clop ransomware published stolen data online, and some of the affected companies got emails from the intruders attempting to intensify extortion attempts. The number of victims continues to rise months after the initial attack.
Read more »
User Privacy
Data Breach Medical Data Leak third party User Data User Privacy

Data Breach at Third-Party Provider Exposed Medical Information of US Healthcare Patients

 

A data breach at a third-party provider has potentially leaked patients' confidential medical information from Northwestern Memorial HealthCare (NMHC) providers.

Unknown attackers obtained unauthorized access to a database managed by Elekta, a cloud-based platform that manages legally mandated cancer reporting to the States of Illinois. 

The healthcare provider, located in Chicago, reported the attackers copied the datasets, which included patient names, dates of birth, Social Security numbers, health insurance information, and medical record numbers, according to a security alert. 

The database also constituted of clinical information related to cancer treatment, including medical histories, physician names, dates of service, treatment plans, diagnoses, and/or prescription information. 

Those potentially affected are patients of Northwestern Medicine Central DuPage Hospital, Northwestern Medicine Delnor Community Hospital, Northwestern Medicine Huntley Hospital, Northwestern Medicine Kishwaukee Hospital, Northwestern Medicine Lake Forest Hospital, Northwestern Medicine McHenry Hospital, Northwestern Memorial Hospital, Northwestern Medicine Valley West Hospital, and Northwestern Medicine Valley West Hospital. 

According to the NMHC, no financial information was accessed. Patients who are suspected of being impacted will be notified via post. The NMHC will also provide free credit monitoring to people whose Social Security numbers have been compromised. 

NMHC also stated it was “re-evaluating its relationship with Elekta”. 

“Patients are encouraged to review their health insurer or healthcare provider statements and to contact them immediately if they see any services they did not receive. We regret that this incident occurred and are committed to protecting the security and privacy of patient information.” the statement reads. 

According to the company, the attackers did not get access to NMHC's systems, networks, or health records. The incident served as a harsh warning of the dangers of relying on third-party software or services.

A well-known example of what might happen as a result of a cyber-attack on a service provider is the Blackbaud event. The ransomware assault, which revealed the personal information of financial donors, impacted hundreds of nonprofit organizations and fundraising campaigns.
Read more »
Subscribe to: Comments (Atom)