π¨ Only 1.1% of healthcare organizations show low-risk email security π§ 170 email breaches affected 2.5M individuals in 2025 π 74% lack policies blocking spoofed messages π 41% in highest risk category for authentication
#CyberSecurity #Compliance #EmailSecurity #healthcare π
https://www.defensorum.com/email-security-risks-affecting-healthcare-organizations/
Paubox Research Identifies Email Security Risks Affecting Healthcare Organizations in 2026 - Defensorum
Email security failures continue to expose healthcare organizations to breaches and regulatory exposure, with research identifying authentication gaps, encryption weaknesses, and credential theft as contributing factors in healthcare email incidents heading into 2026. Email Remains a Primary Breach Vector in Healthcare Email remains a frequent entry point in healthcare breach incidents based on analysis of ... Read more
π¨ Former Nuance employee pleads guilty to accessing 1.2M Geisinger patient records πEmployee exploited existing credentials after termination π Names, birth dates, medical record numbers copied
#InsiderThreat #Healthcare #DataTheft π
https://www.defensorum.com/nuance-employee-unauthorized-access-geisinger-patient-records/
Former Nuance Employee Pleads Guilty to Unauthorized Access of Geisinger Patient Records - Defensorum
A former Nuance Communications employee pleaded guilty in federal court to obtaining information from a protected computer without authorization after accessing and copying data associated with more than 1.2 million Geisinger Health System patient records. Guilty Plea in Federal Court Max Vance, 46, of El Cajon, California, entered a guilty plea on February 27, 2026 ... Read more
π₯
#Rebound Orthopedics settles data breach case for $2.5M π 426,536 patients affected by February 2024 unauthorized access π³ SSNs, financial accounts, passport numbers compromised π
Claims deadline: May 28, 2026 π΅ Fund covers legal fees, monitoring, and class benefits
#DataBreach #Healthcare #PatientPrivacy π
https://www.defensorum.com/rebound-orthopedics-neurosurgery-data-breach/
Rebound Orthopedics & Neurosurgery Settles Data Breach Lawsuit For $2.5 Million - Defensorum
Orthopedic and neurosurgery practice, Rebound Orthopedics & Neurosurgery P.C. based in Vancouver, WA, agreed to a $2,500,000 settlement in a class action lawsuit over a February 2024 data breach that exposed the protected health information (PHI) of 426,536 patients. Security Incident Details Rebound Orthopedics & Neurosurgery experienced unauthorized access to its systems in February 2024, ... Read more
π¨ Data-only extortion attacks surge 1,100% in one year π
#ArcticWolf reports jump from 2% to 22% of incidents π» Attackers skip encryption, focus on data theft and threats π
#Ransomware and
#BEC still account for 90%+ of cases
#DataTheft #CyberSecurity #Compliance π
https://www.defensorum.com/data-extortion-attacks-2025/
Data-Only Extortion Attacks Increased Eleven Times in 2025 - Defensorum
Data-only extortion attacks increased elevenfold between November 2024 and November 2025, representing a measurable shift in cyber extortion activity documented in recent threat reporting. Report Findings Arctic Wolf released a 2026 threat report identifying a substantial rise in data-only extortion incidents during the most recent reporting period. The report found that data-only extortion incidents accounted ... Read more
π₯ Duly Health and Care settles tracking pixel lawsuit for $3.1M π» Healthcare website tracking practices under legal scrutiny π Patient portal activity allegedly shared with third parties π
Claims deadline: March 2, 2026
#Healthcare #PatientData #WebTracking #TrackingPixels π
https://www.defensorum.com/duly-health-and-care-data-breach-lawsuit/
Duly Health and Care Settles Data Breach Lawsuit for $3.1 Million - Defensorum
HIPAA-covered entity, Midwest Physician Administrative Services, LLC doing business as Duly Health and Care agreed to a $3.1 million settlement to resolve class action litigation related to the use of website tracking technology that allegedly disclosed patient information. Settlement Overview Midwest Physician Administrative Services, LLC d/b/a Duly Health and Care agreed to settle a class ... Read more
π₯
#CapitalHealth settles
#LockBit #ransomware case for $4.5M π° 503,071 patients affected across NJ and Pennsylvania facilities π
November 2023 attack exposed SSNs and medical records π³ Up to $5K reimbursement or ~$100 flat payment available π΅ Claims submission deadline: April 6, 2026
#DataBreach #Ransomware #Healthcare π
https://www.defensorum.com/capital-health-data-breach-lawsuit/
Capital Health Pays $4.5M to Settle Data Breach Lawsuit - Defensorum
Capital Health agreed to pay $4.5 million to resolve the class action lawsuit over a 2023 data breach that exposed patient data and other personal information. Data Breach Incident Capital Health experienced unauthorized access to its computer systems between November 11 and November 26, 2023, when an external actor gained access and used ransomware to ... Read more
π¨
#Comstar pays $515K settling
#HIPAA and state security violations π₯ Ambulance billing breach affected 585,621 individuals π»
#Ransomware attack exposed SSNs, financial data, medical evaluations π Multi-state investigation reveals inadequate security programs
#DataBreach #Healthcare #Compliance #DataProtection π
https://www.defensorum.com/comstar-hipaa-violations/
Comstar to Settle Alleged HIPAA Violations for $515,000 - Defensorum
The Massachusetts Attorney General is investigating Comstar, an ambulance billing and collections company in Massachusetts and determined to have failed to comply with the Massachusetts Data Security Regulations and the Health Insurance Portability and Accountability Act (HIPAA). Comstar is going to pay a $515,000 fine to settle the claimed violations. Comstarβs investigation involved a March ... Read more
π¨
#OCR launches 2026 risk management enforcement initiative π
#HIPAA Security Rule compliance focus on vulnerability patching π» Healthcare entities must maintain comprehensive IT asset inventories π Attack surface reduction requires removing unused software and accounts π Continuous effectiveness assessment critical for ongoing compliance
#Compliance #Healthcare #CyberSecurity π
https://www.defensorum.com/hipaa-covered-entities-strengthen-system-security/
OCR's Urges HIPAA-Covered Entities to Strengthen System Security - Defensorum
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published its 2026 quarterly cybersecurity newsletter where it prompted HIPAA-covered entities to take do something to strengthen system security and make it harder for hackers to access their systems and the sensitive data of patients and health plan members. The HIPAA Security ... Read more
π± TriZetto breach highlights multi-tier business associate risks π» Breach began November 2024, detected October 2025 βοΈ Total number of impacted organizations still undetermined
#DataBreach #Healthcare #HIPAA π
https://www.defensorum.com/healthcare-providers-trizetto-provider-solutions-data-breach/
List of Healthcare Providers Affected by TriZetto Provider Solutions Data Breach - Defensorum
TriZetto Provider Solutions, owned by Cognizant, which provides hospitals, doctors, and health systems with revenue management services, has began informing some healthcare clients regarding a recently discovered cybersecurity breach. On October 2, 2025, TriZetto Provider Solutions detected suspicious activity in a web portal while a few of its healthcare provider clients used it to access ... Read more
π¨
#Conduent Business Services breach affects 14.8M individuals π°
#SafePay ransomware group claimed 8.5 TB data theft π₯ Major health insurers including
#Premera,
#Humana impacted π $25M total breach costs projected by Q1 2026
#DataBreach #Healthcare #Ransomware #HIPAA π
https://www.defensorum.com/conduent-business-services-data-breach/
More Than 14.7M Individuals Affected by Conduent Business Services Data Breach - Defensorum
Conduent Business Services located in New Jersey had earlier sent a breach report to the Oregon Attorney General about a hacking incident in 2024 that affected 10.5 million people across the country. This is one of the biggest healthcare data breaches of 2025 with a significantly high victim count. The Texas Attorney General received a ... Read more
