"Healthcare Interactive, a company that develops AI-based medical insurance benefit enrollment and billing solutions, confirmed last week that it experienced a data breach that involved personal data from customers being moved offsite by hackers.

The exact number of impacted individuals was not revealed. However, the company said stolen data included names, dates of birth, Social Security numbers, contact information and health insurance enrollment data—including ID numbers.

The company also said claims and patient care details were also compromised, including patient diagnoses, provider names, lab results, medical images and treatment plans.

Medical claims were also possibly taken, which includes things like account numbers and billing codes."

More at https://healthexec.com/topics/health-it/cybersecurity/ai-driven-medical-benefits-servicer-hit-data-breach

#databreach #healthsec #AI #cybersecurity

NEW: Archer Health was leaking protected health information. Criminals appear to have found it.

From the "No Need to Hack When It's Leaking" files:

https://databreaches.net/2025/09/26/archer-health-was-leaking-protected-health-information-criminals-appear-to-have-found-it/

#dataleak #databreach #healthsec #cybersecurity #HIPAA

NEW: Survival Flight reports second cybersecurity incident in less than a year:

https://databreaches.net/2025/09/18/survival-flight-reports-second-cybersecurity-incident-in-less-than-a-year/

#databreach #ransomware #healthsec #HIPAA #WorldLeaks

Kivimäki walks free during appeal over Vastaamo data breach:

https://www.helsinkitimes.fi/finland/finland-news/domestic/27889-kivimaeki-walks-free-during-appeal-over-vastaamo-data-breach.html

It was one of the most vicious and disturbing data breaches of all time. If I ruled the world, he'd never see the light of day for even one day.

For those seeking background, just search databreaches.net for "Vastaamo" and then "Kivimaki"

#healthsec #infosecuity #hack #extortion #Vastaamo #databreach

NEW by me: Idaho man who threatened his hacking victims appeals his sentence in Georgia:

This is an appeal by Robert Purbeck, aka "Lifelock" aka "Studmaster."

It is an interesting case to watch because the judge was so disturbed by the defendant's threatening emails to his victims and references to the victims' children that he did not impose the sentence the prosecution had recommended as part of the plea deal. He sentenced Purbeck to the maximum the law allowed, which was even higher than the upper end of the sentencing guidelines for the defendant's offense level.

Purbeck appealed on the grounds that the prosecutor had a duty to really advocate for the sentence agreed to in the plea deal but the prosecutor used inflammatory language and portrayed the defendant as an ongoing threat. There's also a second issue on appeal that I predict the defendant will prevail on as the special conditions of release announced in the sentencing hearing do not match what was published in the docket later.

But what this appeal really made me think about is whether there is anything in calculating offense level that adds levels if a hacker/threat actor threatens the victims. If there already is something like that, it wasn't factored into this defendant's offense level. Can any federal prosecutors, former federal prosecutors, or judges clarify that for me?

https://databreaches.net/2025/09/05/idaho-man-who-threatened-his-hacking-victims-appeals-his-sentence-in-georgia/

#databreach #extortion #healthsec #RobertPurbeck #Lifelock #11CA

The DaVita ransomware incident has another update:

DaVita submitted a report to HHS on August 1 that has just shown up on HHS's public breach tool. It indicates that DaVita reported the incident to them as affecting
2,689,826 patients. That makes it the 3rd largest incident reported to HHS so far this year.

Previous post on this incident with background on their other incidents over the years at https://databreaches.net/2025/08/05/more-than-1-million-patients-affected-by-davita-ransomware-attack-those-are-preliminary-numbers/

#databreach #ransomware #HealthSec #HIPAA #HITECH #DaVita #InterLock

NEW: MPOWERHealth victim of cyberattack; protected health information involved

https://databreaches.net/2025/08/21/mpowerhealth-victim-of-cyberattack-protected-health-information-involved/

Today's reminder to empty the Recycle Bin.

#HealthSec #databreach #hack #cybersecurity #infosecurity #WorldLeaks

First it looked like Clinical Diagnostics (Eurofins) had paid Nova ransomware gang not to leak the Dutch patient data for 485k women in cancer screening program. Nova even confirmed they got paid to a news outlet (which in and of itself is weird, as most gangs will not acknowledge payment).

But then yesterday, Nova changed the listing and seems to now be demanding more payment because the police got involved?

It's very hard to figure out what Nova is saying in their broken English and translations of where they now write in Russian. See what you think:

https://databreaches.net/2025/08/19/when-a-deal-is-not-a-done-deal-nova-demands-higher-payment-from-clinical-diagnostics/

#databreach #ransomware #healthsec #incidentresponse

More than 1 million patients affected by DaVita ransomware attack; those are preliminary numbers:

The ransomware attack was by InterLock in March. DaVita is first starting to notify regulators and patients now, it seems.

The incident is not yet up on HHS's public breach tool so we do not yet have a total number affected.

https://databreaches.net/2025/08/05/more-than-1-million-patients-affected-by-davita-ransomware-attack-those-are-preliminary-numbers/

#databreach #ransomware #healthsec #cybersecurity