Last Update: 04/05/2026 at 2:50 PM EST
Health Providers Face Data Breach Investigations
Coverage from The HIPAA Journal, WOSU Public Media, and others
Articles
27
Latest Article
02/25
Active Days
554
Executive Summary
Several health care and benefits providers reported breaches that exposed sensitive personal and medical data, prompting notices, monitoring offers, and legal reviews.
- North East Medical Services detected unauthorized access on October 19, 2025 via United Layer
- NEMS said sensitive personal information may have been accessed and began mailing notices
- Alert Medical Alarms said a June 17, 2025 network disruption led to unauthorized access
- Alert Medical Alarms data may have exposed Social Security numbers, bank data, and medical details
- Managed Care Advisors Sedgwick disclosed unauthorized access to an encrypted SFTP server
- TridentLocker claimed the MCA/SGS breach and leaked about 3.4 GB of data online
- NASCBF detected suspicious activity on August 18, 2025 and later completed file review
Quick Facts
- What: Reported breaches exposing personal and medical information
- Where: California Pennsylvania Connecticut and federal contractor systems
- Why: Unauthorized access and ransomware disrupted protected data systems
- Who: Health care, monitoring, and benefit organizations
- When: Incidents occurred from June to November 2025
Coverage Timeline: 554 Days
Featured Article
North East Medical Services reports a data breach discovered in October 2025 in San Francisco involving a third party vendor UnitedLayer.
Additional Articles
⭐⭐⭐⭐⭐
Nebraska files civil action in Lancaster County Nebraska in December 2024 over Change Healthcare data breach and ransomware incident.
ALN Medical Management revealed a March 2024 third-party-hosted data breach affecting over one million individuals, leading to consolidated U.S. class actions and a proposed $4 million settlement in Nebraska.
Jeremiah Fowler reported an unprotected database exposing nearly one million Ohio medical patient records.
⭐⭐⭐
Birch Medical filed a California Attorney General notice on February 27, 2025, after investigation of suspected unauthorized network access exposed consumers' names and medical information.
Goshen Medical Center reported a data security incident in March 2025 in North Carolina, potentially affecting 456,385 individuals, with ClassAction.org seeking affected persons for a possible class action.
Alert Medical Alarms disclosed a June 17 2025 data breach in Pennsylvania, prompting potential class action litigation over exposed personal and health data.
On October 2, 2024, Charleston Area Medical Center detected phishing-driven email compromise affecting 67,413 people, potentially exposing health and identity data and prompting class action discussions.
CF Medical disclosed in 2024 that a February vendor breach at FBCS potentially exposed personal information for 626,396 people, prompting class action evaluation.
Shore Medical Center notified patients in New Jersey after a Nationwide Recovery Services vendor breach exposed potentially sensitive medical and identity data, with class action discussions beginning in 2025.
North East Medical Services detected unauthorized access to patient data on October 19 2025 in California via United Layer network.
Huron Regional Medical Center in South Dakota reported a May 31 2025 data breach exposing PII and PHI.
Fusion Medical Staffing reported a 2025 breach discovered March 6 and notified Maine residents starting August 19 after exposure of personal and medical information.
Wakefield and Associates data breach affects Benefis Health System patients in central Montana in January 2025
Rhysida hacking group accessed Bayhealth patient data in Delaware in August; settlement awaiting court approval in October to resolve unauthorized access and data exposure.
Duane Morris partners say data breach and privacy class actions escalated across the United States in 2025 due to ransomware and broader data exposures.
Schubert Jonckheer & Kolbe LLP investigate a December 2025 data breach at QualDerm Partners affecting Texas residents.
⭐️⭐️
A Connecticut medical practice faces three lawsuits after ransomware breach exposing patient and employee data and breach notification concerns.
MCA/SGS data breach on November 16, 2025 in the United States exposed personal data.
NASCBF detected a data breach on August 18 2025 in Hamden Connecticut.
Mid Michigan Medical Billing Service reported a March 27, 2025 network breach affecting 28,185 individuals in Michigan; notifications completed December 2, 2025, and attorneys opened a class action probe.
Attorneys with ClassAction.org investigate Hampton Regional Medical Center data breach after notices to affected individuals.
Huron Regional Medical Center disclosed a data breach on May 31 2025 in South Dakota affecting patient information.
Unknown third party accessed Liberty Resources networks in July 2024, exposing personal data and triggering potential class action.
California residents affected by the Outcomes data breach may pursue a class action now in California to recover privacy damages.
Sedgebrook OpCo SL VII LLC experienced a data breach on May 4-5 2025 in Lincolnshire Illinois, potentially leading to a class action.
Record US data breaches and rising ransomware in 2023 triggered investor class actions and settlement activity involving Alphabet, Zoom, and Okta while regulators in the US, EU, and Australia tighten disclosure rules.