π₯
#Deaconess Health System reports
#MediCopy vendor breach π Unauthorized access to cloud file-sharing platform π’ MediCopy manages ROI requests for 18-hospital system π³ SSNs, medical records, insurance information downloaded π³ Credit monitoring and identity theft protection offered
#Healthcare #DataProtection #HIPAA π
https://www.defensorum.com/medicopy-data-breach-deaconess-health-system/
MediCopy Data Breach Impacts Deaconess Health System - Defensorum
Deaconess Health System reported a data breach involving patient information shared with a third-party vendor, MediCopy, following unauthorized access to a cloud-based file-sharing platform. Incident Overview Deaconess Health System, based in Evansville, Indiana, disclosed a security incident affecting certain patients of Deaconess Union County Hospital in Morganfield, Kentucky and Deaconess Henderson Hospital in Henderson, Kentucky. ... Read more
π¨
#CISA issues emergency guidance after 12 PB deleted from 200K devices π» Iran-linked
#Handala group exploited
#Microsoft #Intune admin controls π±
#Windows devices, laptops, mobile phones targeted for deletion
#CyberSecurity #CloudSecurity #ZeroTrust π
https://www.defensorum.com/cisa-administrative-controls-microsoft-intune/
CISA Recommends Strict Administrative Controls of Microsoft Intune - Defensorum
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance instructing U.S. organizations to strengthen administrative controls in Microsoft Intune following a cyberattack on Stryker Corporation that involved data exfiltration and substantial data deletion. Incident Overview The incident involved Stryker Corporation, a U.S.-based medical technology company. A threat actor known as Handala is behind ... Read more
π¨ Only 1.1% of healthcare organizations show low-risk email security π§ 170 email breaches affected 2.5M individuals in 2025 π 74% lack policies blocking spoofed messages π 41% in highest risk category for authentication
#CyberSecurity #Compliance #EmailSecurity #healthcare π
https://www.defensorum.com/email-security-risks-affecting-healthcare-organizations/
Paubox Research Identifies Email Security Risks Affecting Healthcare Organizations in 2026 - Defensorum
Email security failures continue to expose healthcare organizations to breaches and regulatory exposure, with research identifying authentication gaps, encryption weaknesses, and credential theft as contributing factors in healthcare email incidents heading into 2026. Email Remains a Primary Breach Vector in Healthcare Email remains a frequent entry point in healthcare breach incidents based on analysis of ... Read more
π¨ Former Nuance employee pleads guilty to accessing 1.2M Geisinger patient records πEmployee exploited existing credentials after termination π Names, birth dates, medical record numbers copied
#InsiderThreat #Healthcare #DataTheft π
https://www.defensorum.com/nuance-employee-unauthorized-access-geisinger-patient-records/
Former Nuance Employee Pleads Guilty to Unauthorized Access of Geisinger Patient Records - Defensorum
A former Nuance Communications employee pleaded guilty in federal court to obtaining information from a protected computer without authorization after accessing and copying data associated with more than 1.2 million Geisinger Health System patient records. Guilty Plea in Federal Court Max Vance, 46, of El Cajon, California, entered a guilty plea on February 27, 2026 ... Read more
π₯
#Rebound Orthopedics settles data breach case for $2.5M π 426,536 patients affected by February 2024 unauthorized access π³ SSNs, financial accounts, passport numbers compromised π
Claims deadline: May 28, 2026 π΅ Fund covers legal fees, monitoring, and class benefits
#DataBreach #Healthcare #PatientPrivacy π
https://www.defensorum.com/rebound-orthopedics-neurosurgery-data-breach/
Rebound Orthopedics & Neurosurgery Settles Data Breach Lawsuit For $2.5 Million - Defensorum
Orthopedic and neurosurgery practice, Rebound Orthopedics & Neurosurgery P.C. based in Vancouver, WA, agreed to a $2,500,000 settlement in a class action lawsuit over a February 2024 data breach that exposed the protected health information (PHI) of 426,536 patients. Security Incident Details Rebound Orthopedics & Neurosurgery experienced unauthorized access to its systems in February 2024, ... Read more
π¨ Data-only extortion attacks surge 1,100% in one year π
#ArcticWolf reports jump from 2% to 22% of incidents π» Attackers skip encryption, focus on data theft and threats π
#Ransomware and
#BEC still account for 90%+ of cases
#DataTheft #CyberSecurity #Compliance π
https://www.defensorum.com/data-extortion-attacks-2025/
Data-Only Extortion Attacks Increased Eleven Times in 2025 - Defensorum
Data-only extortion attacks increased elevenfold between November 2024 and November 2025, representing a measurable shift in cyber extortion activity documented in recent threat reporting. Report Findings Arctic Wolf released a 2026 threat report identifying a substantial rise in data-only extortion incidents during the most recent reporting period. The report found that data-only extortion incidents accounted ... Read more
π₯ Duly Health and Care settles tracking pixel lawsuit for $3.1M π» Healthcare website tracking practices under legal scrutiny π Patient portal activity allegedly shared with third parties π
Claims deadline: March 2, 2026
#Healthcare #PatientData #WebTracking #TrackingPixels π
https://www.defensorum.com/duly-health-and-care-data-breach-lawsuit/
Duly Health and Care Settles Data Breach Lawsuit for $3.1 Million - Defensorum
HIPAA-covered entity, Midwest Physician Administrative Services, LLC doing business as Duly Health and Care agreed to a $3.1 million settlement to resolve class action litigation related to the use of website tracking technology that allegedly disclosed patient information. Settlement Overview Midwest Physician Administrative Services, LLC d/b/a Duly Health and Care agreed to settle a class ... Read more
π₯
#CapitalHealth settles
#LockBit #ransomware case for $4.5M π° 503,071 patients affected across NJ and Pennsylvania facilities π
November 2023 attack exposed SSNs and medical records π³ Up to $5K reimbursement or ~$100 flat payment available π΅ Claims submission deadline: April 6, 2026
#DataBreach #Ransomware #Healthcare π
https://www.defensorum.com/capital-health-data-breach-lawsuit/
Capital Health Pays $4.5M to Settle Data Breach Lawsuit - Defensorum
Capital Health agreed to pay $4.5 million to resolve the class action lawsuit over a 2023 data breach that exposed patient data and other personal information. Data Breach Incident Capital Health experienced unauthorized access to its computer systems between November 11 and November 26, 2023, when an external actor gained access and used ransomware to ... Read more
π¨
#Comstar pays $515K settling
#HIPAA and state security violations π₯ Ambulance billing breach affected 585,621 individuals π»
#Ransomware attack exposed SSNs, financial data, medical evaluations π Multi-state investigation reveals inadequate security programs
#DataBreach #Healthcare #Compliance #DataProtection π
https://www.defensorum.com/comstar-hipaa-violations/
Comstar to Settle Alleged HIPAA Violations for $515,000 - Defensorum
The Massachusetts Attorney General is investigating Comstar, an ambulance billing and collections company in Massachusetts and determined to have failed to comply with the Massachusetts Data Security Regulations and the Health Insurance Portability and Accountability Act (HIPAA). Comstar is going to pay a $515,000 fine to settle the claimed violations. Comstarβs investigation involved a March ... Read more
π¨
#OCR launches 2026 risk management enforcement initiative π
#HIPAA Security Rule compliance focus on vulnerability patching π» Healthcare entities must maintain comprehensive IT asset inventories π Attack surface reduction requires removing unused software and accounts π Continuous effectiveness assessment critical for ongoing compliance
#Compliance #Healthcare #CyberSecurity π
https://www.defensorum.com/hipaa-covered-entities-strengthen-system-security/
OCR's Urges HIPAA-Covered Entities to Strengthen System Security - Defensorum
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published its 2026 quarterly cybersecurity newsletter where it prompted HIPAA-covered entities to take do something to strengthen system security and make it harder for hackers to access their systems and the sensitive data of patients and health plan members. The HIPAA Security ... Read more
