Episource has reported a data breach affecting over 5 million patients in the U.S., following a cyberattack that occurred between January 27 and February 6, 2025. The breach exposed various sensitive health information, including names, addresses, and medical records, although no banking or payment card data was compromised. Affected individuals are being notified and advised to monitor for suspicious activity.

Onsite Mammography, a Massachusetts medical provider, has reported a data breach that has compromised the personal and health information of over 350,000 patients. The breach, discovered in October 2024, involved unauthorized access to an employee's email account, leading to exposure of sensitive data including Social Security numbers and medical information. The company is offering affected individuals 12 months of free credit monitoring and identity protection services.

A Michigan rural health system has notified approximately 140,000 patients of a data breach resulting from a hacking incident. The breach highlights ongoing concerns regarding cybersecurity in the healthcare sector, particularly the risks associated with unauthorized access to protected health information.

Mainline Health Systems and Select Medical Holdings have reported data breaches affecting over 100,000 individuals. Mainline Health's breach was linked to the Inc Ransom ransomware group, while Select Medical's data exposure resulted from a security incident involving a former vendor.

Northwest Radiologists has experienced a significant data breach affecting approximately 350,000 patients in Washington. The breach, which involves sensitive personal information, highlights ongoing concerns about data security in the healthcare sector. Affected individuals are being notified and offered assistance to mitigate potential risks.

McLaren Health Care has reported a significant data breach affecting the personal information of approximately 743,000 individuals. The breach occurred between July and August 2024, following a previous ransomware attack in 2023 that compromised the data of over 2 million people. The exposed information includes names and Social Security numbers among other sensitive details.

A cybersecurity breach at University of Chicago Medicine may have exposed the personal information of 38,000 patients, including names, Social Security numbers, and medical data. The breach occurred in July 2024 through a third-party vendor, Nationwide Recovery Systems, which has since been terminated. UChicago Medicine is notifying affected patients by mail and has implemented measures to enhance security.

Anne Arundel Dermatology has experienced a significant data breach affecting approximately 1.9 million individuals. The breach involves sensitive information such as names, social security numbers, and health data, raising concerns about the security of patient data in the healthcare sector.

Cyberattacks surged during the summer of 2025, with ransomware groups targeting healthcare and retail sectors, while nation-state actors engaged in geopolitical cyber activities. Major incidents included the rise of the Interlock and Qilin ransomware groups, significant data breaches in retail, and the exploitation of Microsoft SharePoint vulnerabilities in a widespread campaign. Organizations are urged to improve their defenses by patching vulnerabilities, training personnel, and monitoring for lateral movement post-intrusion.

Yale New Haven Health is notifying 5.5 million individuals about a data breach that occurred in March 2023, which involved unauthorized access to sensitive personal and health information. The organization is taking steps to mitigate the impact on affected individuals, including offering credit monitoring services.

UnitedHealth's acquisition of health tech firm Episource has raised concerns following a data breach that exposed sensitive patient information. The breach, which affected numerous individuals, has prompted investigations and heightened scrutiny regarding data security practices in the healthcare industry.

Ascension, a major U.S. healthcare system, has disclosed a data breach affecting personal and health information of patients due to a vulnerability in third-party software used by a former partner. The breach impacted over 114,000 individuals in Texas and included sensitive data such as Social Security numbers and medical records. Ascension is offering two years of free identity monitoring services to those affected.

Doctors Imaging Group experienced a significant data breach impacting approximately 171,000 individuals. The breach involved unauthorized access to sensitive patient information, prompting an investigation and notifications to affected individuals. Security measures are being reassessed to prevent future incidents.

The article discusses a data breach involving the theft of clinical data related to kidney treatments, highlighting the serious implications for patient privacy and healthcare security. It emphasizes the need for enhanced cybersecurity measures within healthcare institutions to protect sensitive information from cybercriminals.

Nearly 250,000 individuals were impacted by a data breach at Medical Associates of Brevard, a healthcare organization in Florida. The BianLian ransomware group claimed responsibility for the attack, which involved the theft of personal and protected health information. The breach was discovered in January 2025, and the organization has since notified authorities and affected individuals.

SimonMed Imaging has notified over 1.27 million individuals about the compromise of their protected health information due to a cyberattack in January 2025. While the company confirmed data theft, there have been no reported cases of misuse, and affected individuals are being offered complimentary credit monitoring services.

A ransomware attack has compromised the US healthcare sector, impacting organizations such as AOA, DaVita, and Bell Ambulance. These breaches have raised concerns regarding the security of patient data and the potential disruption to healthcare services. The situation underscores the growing threat of cyberattacks on critical infrastructure in the healthcare domain.

Radiology Associates of Richmond has reported a data breach affecting over 1.4 million individuals, with hackers accessing their systems for several days in April 2024. The compromised systems contained identifiable protected health and personal information.

A ransomware gang has claimed responsibility for a cyberattack on Kettering Health, a healthcare provider in Ohio. The breach has raised concerns about the security of sensitive patient data and highlights the ongoing threat of ransomware attacks in the healthcare sector.

A data breach involving Serviceaide has potentially exposed sensitive information of over 483,000 patients of Catholic Health between September 19 and November 5, 2024. Although there is no evidence of data being exfiltrated, affected individuals are being notified and offered 12 months of free credit monitoring and identity theft protection.

Over 624,000 individuals were notified of a data breach at Healthcare Services Group, where personal information, including Social Security numbers and financial details, was stolen. The breach occurred between September 27 and October 3, 2024, and was identified on October 7, 2024.

Esse Health has notified over 263,000 patients that their personal and health information was compromised in a cyberattack that occurred on April 21, 2025. The breach resulted in the theft of sensitive data, although there was no evidence of stolen social security numbers, and the organization is offering free identity protection services to affected individuals. Restoration efforts suggest a ransomware attack, but no group has claimed responsibility for the incident.

CPAP Medical Supplies and Services, a provider of sleep therapy equipment focused on military personnel, experienced a cyberattack that compromised the personal information of over 90,000 customers. The breach occurred between December 13 and December 21, 2024, prompting the company to notify affected individuals.

Ascension has reported a significant data breach affecting the personal information of 437,329 patients due to a cyberattack. The exposed data includes sensitive details such as names, dates of birth, and medical information, prompting concerns about patient privacy and security. Authorities are investigating the incident while affected individuals are being notified.

A new ransomware strain named KillSec is targeting healthcare institutions in Brazil, compromising their systems and demanding ransoms. The attacks have raised concerns about the security of sensitive patient data and the operational integrity of healthcare services amidst the ongoing pandemic. Authorities are urging institutions to bolster their cybersecurity measures to combat these threats.