NEW by me:

From bad to worse: Doctor Alliance hacked again by same threat actor

https://databreaches.net/2025/11/18/from-bad-to-worse-doctor-alliance-hacked-again-by-same-threat-actor/

This is a bad #databreach in terms of the #PII and #PHI acquired by the hacker, "Kazu," who is about to leak it all.
Oof.

Background: I reported on the first breach/attack a few days ago at https://databreaches.net/2025/11/12/doctor-alliance-data-breach-353gb-of-patient-files-allegedly-compromised-ransom-demanded/

When the CEO claimed it was all secured the same day, the hacker got ticked off and went back in and hacked them again.

#HealthSec #HIPAA #BusinessAssociate #thirdparty #vendor #hack #ransom #cybersecurity #incidentresponse

@zackwhittaker @campuscodi @euroinfosec @Hackread

NEW by me: Veradigm’s Breach Claims Under Scrutiny After Dark Web Leak

https://databreaches.net/2025/11/01/veradigms-breach-claims-under-scrutiny-after-dark-web-leak/

This breach may have affected 2M of Veradigm's clients' patients, but it's pretty much flown under the media radar, and its explanation of how the breach occurred didn't make sense to me after I took a look at a data tranche.

#HealthSec #BusinessAssociate #vendor #hack #incidentresponse #transparency #notification #Rhysida #Veradigm #SunflowerMedicalGroup #databreach

Integrated Oncology Network victim of phishing attack; multiple locations affected:

https://databreaches.net/2025/07/08/integrated-oncology-network-victim-of-phishing-attack-multiple-locations-affected/

No group seems to have claimed responsibility as yet and ION makes no mention of any extortion demand.

#healthsec #cybersecurity #businessassociate #databreach

Horizon Healthcare RCM is a business associate to numerous healthcare systems and entities.This past week, they disclosed that they were hit with a ransomware attack in December and that they paid to get the unnamed threat actor(s) to delete the stolen data.

So far, they have not disclosed any numbers and none of their affected clients (assuming,for now, that there are affected clients) have reported the incident to HHS or any regulators that I can spot.

This may or may not wind up being another big breach when we start finding out how many entities were affected and how many patients each. As always, going after third-party vendors is like "open sesame" for threat actors.

https://databreaches.net/2025/06/29/horizon-healthcare-rcm-discloses-ransomware-attack-in-december/

#HealthSec #databreach #ransomware #cybersecurity #businessassociate

Two more victims of the Cerner/Oracle Health legacy data breach have disclosed this month:

Tallahassee Memorial Hospital
https://www.tallahassee.com/story/money/2025/06/18/letter-tmh-data-breach-traced-to-past-data-migration-by-vendor/84252923007/

and

Mosaic Life Care
https://www.mymlc.com/Main/About-Mosaic-Life-Care/Media-and-Public-Relations/notice-of-oracle-healthcerner-data-security-incident/

Union Health had disclosed in April:
https://www.union.health/news/noticeoforaclehealthcernerdatasecurityincident

There are likely more disclosures to come.

#databreach #healthsec #businessassociate #legacy #cybersecurity

@campuscodi

NEW: Horizon Healthcare RCM discloses ransomware attack in December:

https://databreaches.net/2025/06/29/horizon-healthcare-rcm-discloses-ransomware-attack-in-december/

The attack did encrypt files and it seems that Horizon paid to get data deleted.

There is much we don't know yet, including how many patients total were affected, and which of their clients had affected patients.

See the post for more information.

#databreach #healthsec #ransomware #cybersecurity #businessassociate

@campuscodi

NEW: Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024:

https://databreaches.net/2025/06/28/texas-centers-for-infectious-disease-associates-notifies-individuals-of-data-breach-in-2024/

#HealthSec #databreach #cybersecurity #thirdparty #businessassociate #BianLian

NEW: Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected:

https://databreaches.net/2025/06/27/northern-light-health-patients-affected-by-security-incident-at-compumedics-10-healthcare-entities-affected/

#HealthSec #databreach #cybersecurity #businessassociate #thirdparty #vendor #Compumedics

Alleged Geisinger hacker will defend himself pro se.

What's that old adage about someone defending themself instead of using a lawyer? That they have a fool for a client?

I've uploaded two of his filings -- the motion to defend pro se, which was granted, and now an emergency motion to be temporarily released from prison because... well, he gives some reasons. You'll see.

https://databreaches.net/2025/06/18/alleged-geisinger-hacker-will-defend-himself-pro-se/

And fwiw, Nuance never responded to my inquiries at the time of his arrest asking about what kind of background check they had done because his history revealed a number of past run-ins with the law.

#databreach #healthsec #businessassociate #HIPAA #insiderthreat #idtheft #fraud

Episource is notifying 5.4 million patients of a cyberattack in January:

https://databreaches.net/2025/06/17/episource-notifying-5-4-million-patients-of-cyberattack-in-january/

Some media call this a #ransomware attack, but Episource does not mention any encryption of data and is silent on that question or any mention of any ransom demand. I cannot find any gang who has claimed responsibility for this incident or that has added it to any leak site.

#healthsec #databreach #businessassociate