I am a big fan of BakerHostetler's annual data security incident response reports because they are based on actual client experiences and data.

I just posted about their 2026 report, and commented on their healthcare sector data. As I had mentioned to @siguza, healthcare breaches tend to get higher ransom demands and higher settlements. Take a look at the 2025 data -- the highest initial ransom demand for a health entity client was $98M.

I'd love to know who the victim was and what TA or group demanded that much.

That said, the highest ransom actually paid for a healthcare sector breach by one of their clients last year was $5M.

Big delta.

My post: https://databreaches.net/2026/04/03/bakerhostetlers-2026-report-findings-from-1250-clients-breach-experiences-in-2025/

#ransomware #healthsec #incidentresponse #statistics #phishing #ransom #malware #databreach #cybersecurity

@campuscodi @amvinfe

Also NEW by me:

"If threat actors gave you a chance to redact the patient data they hacked before they leak it, would you take them up on the offer? Read about the Woundtech incident."

I've never encountered any threat actors spending so much time redacting patient data before they leak it -- and even giving their victim the opportunity to redact the hacked data tranche before the threat actors leak it.

Read more about this one at:

https://databreaches.net/2026/03/23/if-threat-actors-gave-you-a-chance-to-redact-the-patient-data-they-hacked-before-they-leak-it-would-you-take-them-up-on-the-offer-read-about-the-woundtech-incident/

#databreach #healthsec #woundtech #cybersecurity #redaction #incidentresponse #FulcrumSec

@zackwhittaker @campuscodi @euroinfosec @DysruptionHub @amvinfe

NEW, by me:

3.7 Million Telehealth Patients Allegedly Affected By Two Recent Breaches

An individual calling himself "Stuckin2019" or just "Stuck" claims responsibility for attacks on OpenLoop Health and Zealthy.

The former has notified the California AG's Office, but the latter has not notified any regulator as far as I can determine, and they haven't responded to inquiries.

Read more at:
https://databreaches.net/2026/03/23/3-7-million-telehealth-patients-allegedly-affected-by-two-recent-breaches/

#databreach #healthsec #cybersecurity #OpenLoop #Zealthy #HIPAA

@campuscodi @euroinfosec @jgreig

NEW by me:

Insightin Health discloses its second data security incident in two years:
https://databreaches.net/2026/03/10/insightin-health-discloses-its-second-data-security-incident-in-two-years/

#databreach #healthsec #thirdparty #dataleak #cybersecurity #HIPAA #SecurityRule

This has always been one of my nightmares, and it came true:

A New Zealand medication charting platform used by numerous providers was hacked. But not only was it hacked, but the attackers also changed some patients' names to "Charlie Kirk," and changed other patients' records to "deceased."

There has been no report of any extortion attempt.

#MediMap started investigating on Sunday afternoon when problems were first reported.

https://www.stuff.co.nz/nz-news/360942689/major-nz-health-app-breach-alive-patients-marked-deceased-names-changed-charlie-kirk

#databreach #healthsec #hack #cybersecurity

@campuscodi

OK, I feel sorry for this dentist, but I am really happy to see someone quickly informing patients about what happened and what they have done and are doing in response. I think his approach will go a long way to maintaining his patients' trust in him.

https://www.impartialreporter.com/news/25875061.dentist-speaks-practice-hit-cyber-attack/

#hack #healthsec #databreach #incidentresponse #GDPR #transparency #cybersecurity

When I rule the world, new ransomware/extortion gangs will have to take a number and wait until an existing one retires or gets arrested (preferably the latter).

Anyone have any info on the group calling itself "Insomnia?"

#databreach #healthsec #cybersecurity

I recently asked #HHS #OCR how any personnel and regional cuts would affect their investigation of breaches of the #HIPAA #SecurityRule and #Notification Rule.

They didn't exactly answer my question as to how many investigators have been laid off, but they did outline their priorities for 2026.

You can read their response to my inquiries in my new post at:

https://databreaches.net/2026/01/15/hhs-ocr-comments-on-its-2026-priorities/

#databreach #healthsec #cybersecurity #ransomware #hacking #risk

New Zealand's high court seems to be handing out injunctions to victim entities. Have they really considered the impact on press/journalism and whether such injunctions are effective at all?

In the past month, we have learned that Manage My Health, Canopy Health, and Neighbourly were all granted injunctions to prevent downloading or sharing of data.

But do these injunctions really protect consumers and patients? Well, no, not really if the criminals leak data anyway.

Is the court just enabling entities to claim they have done everything they can to protect patients or consumers (well, other than actually preventing the breaches)?

Maybe entities should only be granted injunctions if they can first demonstrate that they had reasonable security protections in place and MFA, etc.?

#healthsec #cybersecurity #injunctions #incidentresponse #databreach

Methodist Homes of Alabama and Northwest Florida is notifying residents and employees of its second data breach in seven months.

I wonder what #HHSOCR will do when they investigate.

https://databreaches.net/2026/01/08/methodist-homes-of-alabama-and-northwest-florida-is-notifying-residents-and-employees-of-its-second-data-breach-in-seven-months/

#HIPAA #SecurityRule #RiskAssessment #cybersecurity #healthsec