Episource has reported a data breach affecting over 5 million patients in the U.S., following a cyberattack that occurred between January 27 and February 6, 2025. The breach exposed various sensitive health information, including names, addresses, and medical records, although no banking or payment card data was compromised. Affected individuals are being notified and advised to monitor for suspicious activity.

Onsite Mammography, a Massachusetts medical provider, has reported a data breach that has compromised the personal and health information of over 350,000 patients. The breach, discovered in October 2024, involved unauthorized access to an employee's email account, leading to exposure of sensitive data including Social Security numbers and medical information. The company is offering affected individuals 12 months of free credit monitoring and identity protection services.

Northwest Radiologists has experienced a significant data breach affecting approximately 350,000 patients in Washington. The breach, which involves sensitive personal information, highlights ongoing concerns about data security in the healthcare sector. Affected individuals are being notified and offered assistance to mitigate potential risks.

A cybersecurity breach at University of Chicago Medicine may have exposed the personal information of 38,000 patients, including names, Social Security numbers, and medical data. The breach occurred in July 2024 through a third-party vendor, Nationwide Recovery Systems, which has since been terminated. UChicago Medicine is notifying affected patients by mail and has implemented measures to enhance security.

Yale New Haven Health is notifying 5.5 million individuals about a data breach that occurred in March 2023, which involved unauthorized access to sensitive personal and health information. The organization is taking steps to mitigate the impact on affected individuals, including offering credit monitoring services.

Doctors Imaging Group experienced a significant data breach impacting approximately 171,000 individuals. The breach involved unauthorized access to sensitive patient information, prompting an investigation and notifications to affected individuals. Security measures are being reassessed to prevent future incidents.

Esse Health has notified over 263,000 patients that their personal and health information was compromised in a cyberattack that occurred on April 21, 2025. The breach resulted in the theft of sensitive data, although there was no evidence of stolen social security numbers, and the organization is offering free identity protection services to affected individuals. Restoration efforts suggest a ransomware attack, but no group has claimed responsibility for the incident.

A data breach involving Serviceaide has potentially exposed sensitive information of over 483,000 patients of Catholic Health between September 19 and November 5, 2024. Although there is no evidence of data being exfiltrated, affected individuals are being notified and offered 12 months of free credit monitoring and identity theft protection.