NEW:

Yesterday, the USAO in Maryland issued a press release stating that Matthew Bathula, a clinical pharmacy specialist, had been charged with unauthorized access and ID theft involving patients at "Company A" -- a medical system in Maryland. 195 patients have been notified.

If you read the DOJ presser, it alleges a lot of activities that go waaaay beyond the usual insider "snooping."

A little digging revealed that "Company A" is the University of Maryland Medical Center, where Bathula was employed during the years of alleged wrongdoing.

Read the presser and more at:

https://databreaches.net/2026/05/02/maryland-pharmacist-indicted-on-unauthorized-computer-access-related-to-u-maryland-medical-center/

#databreach #IDtheft #HIPAA #infosec #insider #healthsec

Almost one year after discovery, Sandhills Medical Foundation notifies 169,017 people affected by a cyberattack

This was an attack by INC Ransom, who dumped the data in June 2025. INC didn't tag it as an encryption invcident -- just as hack, exfil, ransom demand. So I'm not sure why it took Sandhills about a year to make notifications

https://databreaches.net/2026/04/29/almost-one-year-after-discovery-sandhills-medical-foundation-notifies-169017-people-affected-by-a-cyberattack/

#databreach #HIPAA #incidentresponse #INCransom #healthsec

If you were or are a federal employee or are a family member of one, you might want to read this and share it with others who might be concerned:

Trump’s Personnel Agency Is Asking for Federal Workers’ Medical Records

https://kffhealthnews.org/news/article/trump-opm-federal-workers-medical-records-privacy/view/republish/

#privacy #healthsec #workplace #infosec

NEW by me:

Two Breaches, One Quarter: Valley Family Health Care’s Challenging Start to 2026

https://databreaches.net/2026/04/06/two-breaches-one-quarter-valley-family-health-cares-challenging-start-to-2026/

#databreach #healthsec #cybersecurity #infosec #HIPAA #Insomnia

I am a big fan of BakerHostetler's annual data security incident response reports because they are based on actual client experiences and data.

I just posted about their 2026 report, and commented on their healthcare sector data. As I had mentioned to @siguza, healthcare breaches tend to get higher ransom demands and higher settlements. Take a look at the 2025 data -- the highest initial ransom demand for a health entity client was $98M.

I'd love to know who the victim was and what TA or group demanded that much.

That said, the highest ransom actually paid for a healthcare sector breach by one of their clients last year was $5M.

Big delta.

My post: https://databreaches.net/2026/04/03/bakerhostetlers-2026-report-findings-from-1250-clients-breach-experiences-in-2025/

#ransomware #healthsec #incidentresponse #statistics #phishing #ransom #malware #databreach #cybersecurity

@campuscodi @amvinfe

Also NEW by me:

"If threat actors gave you a chance to redact the patient data they hacked before they leak it, would you take them up on the offer? Read about the Woundtech incident."

I've never encountered any threat actors spending so much time redacting patient data before they leak it -- and even giving their victim the opportunity to redact the hacked data tranche before the threat actors leak it.

Read more about this one at:

https://databreaches.net/2026/03/23/if-threat-actors-gave-you-a-chance-to-redact-the-patient-data-they-hacked-before-they-leak-it-would-you-take-them-up-on-the-offer-read-about-the-woundtech-incident/

#databreach #healthsec #woundtech #cybersecurity #redaction #incidentresponse #FulcrumSec

@zackwhittaker @campuscodi @euroinfosec @DysruptionHub @amvinfe

NEW, by me:

3.7 Million Telehealth Patients Allegedly Affected By Two Recent Breaches

An individual calling himself "Stuckin2019" or just "Stuck" claims responsibility for attacks on OpenLoop Health and Zealthy.

The former has notified the California AG's Office, but the latter has not notified any regulator as far as I can determine, and they haven't responded to inquiries.

Read more at:
https://databreaches.net/2026/03/23/3-7-million-telehealth-patients-allegedly-affected-by-two-recent-breaches/

#databreach #healthsec #cybersecurity #OpenLoop #Zealthy #HIPAA

@campuscodi @euroinfosec @jgreig

NEW by me:

Insightin Health discloses its second data security incident in two years:
https://databreaches.net/2026/03/10/insightin-health-discloses-its-second-data-security-incident-in-two-years/

#databreach #healthsec #thirdparty #dataleak #cybersecurity #HIPAA #SecurityRule

This has always been one of my nightmares, and it came true:

A New Zealand medication charting platform used by numerous providers was hacked. But not only was it hacked, but the attackers also changed some patients' names to "Charlie Kirk," and changed other patients' records to "deceased."

There has been no report of any extortion attempt.

#MediMap started investigating on Sunday afternoon when problems were first reported.

https://www.stuff.co.nz/nz-news/360942689/major-nz-health-app-breach-alive-patients-marked-deceased-names-changed-charlie-kirk

#databreach #healthsec #hack #cybersecurity

@campuscodi

OK, I feel sorry for this dentist, but I am really happy to see someone quickly informing patients about what happened and what they have done and are doing in response. I think his approach will go a long way to maintaining his patients' trust in him.

https://www.impartialreporter.com/news/25875061.dentist-speaks-practice-hit-cyber-attack/

#hack #healthsec #databreach #incidentresponse #GDPR #transparency #cybersecurity