Last Update: 04/05/2026 at 2:50 PM EST
Health Providers Face Data Breaches
Coverage from The HIPAA Journal, JD Supra, and others
Articles
45
Latest Article
03/25
Active Days
443
Executive Summary
Healthcare firms in California, Wisconsin and New Jersey disclosed breaches exposing patient and personal data including Social Security numbers and medical records
- Nephrology Associates Medical Group found suspicious network activity around May 20, 2025
- An unauthorized user accessed files containing protected health information and billing data
- Delta Medical Systems detected unusual email activity on July 15, 2025
- Delta's review found possible exposure of Social Security numbers, ID numbers and bank data
- ID Care discovered suspicious network activity on November 5, 2025
- ID Care said an unknown actor accessed or downloaded files with patient and insurance data
- ID Care reported the incident to the U S Department of Health and Human Services
Quick Facts
- What: Disclosed breaches exposing patient and personal data
- Where: California Wisconsin and New Jersey
- Why: Unauthorized network access exposed sensitive records
- Who: Three healthcare providers and medical distributors
- When: Detected from May 2025 to November 2025
Coverage Timeline: 443 Days
Featured Article
nephrology associates medical group reports data breach around may 20 2025 in southern california
Additional Articles
⭐⭐⭐⭐⭐
Dental Group of Amarillo and Heart South Cardiovascular Group settled 2023–2024 patient data breach lawsuits with monetary funds and credit monitoring for affected patients in Texas and Alabama.
In 2025, hospitals report email and vendor driven data breaches exposing protected health information across California, Louisiana, Connecticut, South Dakota, and Tennessee.
Two healthcare providers disclosed data breaches in 2025, exposing patient identifiers and health information, prompting breach notifications and identity protection measures.
Goshen Medical Center and Survival Flight disclosed 2025 data breach incidents exposing patient information in North Carolina and Arkansas.
⭐⭐⭐
OCH Regional Medical Center filed an HHS Office for Civil Rights breach notice on March 11, 2025 and began notifying affected individuals after unauthorized access to sensitive consumer information.
Health data breaches at CPAP Medical Services, Health Services LLC, and East Adams Rural Healthcare affect patients in Florida, Maine, and Washington during 2024 and 2025.
Frederick Health Medical Group confirmed a ransomware breach affecting 934,326 patients in Maryland in 2025, triggering class action lawsuits alleging cybersecurity and breach-notice failures.
Healthcare providers in the United States reported 2024 to 2025 data breaches, with investigations finding unauthorized access to patient identifiers and medical information.
Fort Wayne Medical Education Program data breach affects 29,485 individuals in Indiana; unauthorized access occurred December 12-17, 2024; notices mailed October 2, 2025.
Beverly Hills Oncology Medical Group reports a data breach in February 2025 affecting patients in California.
Attorneys sought individuals affected by a January 2025 Sierra Vista Hospital & Clinics breach in Truth or Consequences, New Mexico, to assess a possible class action.
BMC Health System identified unauthorized access to Workday-linked user accounts on March 9, 2025, and attorneys sought breach-notified individuals for a potential class action.
Stockton Cardiology disclosed a breach in California between December 2025 and February 2026, exposing patient identifiers and billing records and triggering class-action intake for affected individuals.
ClassAction.org attorneys evaluate a potential class action after Emanuel Medical Center reported a May 2025 breach affecting 28,963 people.
Central Ozarks Medical Center disclosed a data breach in January 2026 in Missouri affecting personal identifiers and protected health information.
MMMBS disclosed a data breach on January 2, 2026 in Michigan exposing pii and phi for over 28,000 individuals.
Select Medical began June 6, 2025 notifications after a July 2024 unauthorized third-party access to patient systems potentially exposed personal identifiers and protected health information.
CPAP Medical reported to the California Attorney General a breach discovered June 27, 2025, involving potential access to sensitive data between December 2024.
Hackers breached Healthcare Interactive between July 8 and July 12, 2025, exposing customer personal and health data in the United States.
Richmond University Medical Center reported a healthcare data breach in New York involving accessed or removed files around May 6, 2023, with potential exposure of protected health information for 674,000 people.
UChicago Medicine disclosed a July 2024 third-party vendor cybersecurity incident through Nationwide Recovery Services that may have exposed personal data of nearly 40,000 patients.
Goshen Medical Center in Fayetteville disclosed a ransomware driven data breach affecting 456385 patients on March 4 2025
Altos disclosed on June 17 that an unauthorized party accessed an internet exposed internal system containing personal and health data of patients in Southern California.
Goshen Medical Center detected a data breach on February 15 2025 in the United States and notified affected individuals.
⭐️⭐️
Two New Jersey medical groups report a May 2025 PHI breach affecting patients in New Jersey and Ohio.
Vida Y Salud-Health Systems in Texas disclosed a data breach on October 8, 2025, with unauthorized access on October 7-8.
MedRevenu announced in December 2024 a data breach potentially exposing patient data among clients in the healthcare sector.
Medical Associates of Brevard in Melbourne, Florida disclosed a cyberattack around July 7, 2025 exposing patient data.
Harmony Health Medical Clinic and Family Resource Center disclosed a data breach on December 12, 2025 affecting patients in northern California.
Consumers affected by Catalyst RCM data breach consider class action in November 2025.
February 13 2025 breach at Vital Imaging affected 260000 patients in Florida, with investigators probing medical and demographic data exposure.
attorneys with classaction.org seek affected patients for potential class action over gaylord specialty healthcare data breach disclosed in 2024 in wallingford connecticut
florida based doctors imaging group suffered a november 2024 data breach affecting patient information in florida.
Columbia Medical Practice in Maryland reported a data breach on November 5, 2025 exposing personal and health information of approximately 3000 patients.
Emanuel Medical Center in Georgia detected unauthorized third party access to sensitive information from May 21 to May 24, 2025, with breach notice posted February 17, 2026.
Beverly Hills Cancer Center reported unauthorized network access between February 7 and February 11, 2025 in California, potentially exposing personal data and protected health information.
LifeLong Medical Care in California reports a data breach involving sensitive PII and PHI, with notices issued on January 14 2026.
Unauthorized access occurred December 13-21, 2024 on CPAP Medical Supplies and Services, Inc.'s Florida network, affecting 90,133 patients and clients.
Delta Medical Systems detected a data breach on July 15 2025 in Wisconsin and notified affected individuals by February 11 2026.
Hackers accessed CPAP Medical Supplies and Services systems in December 2024, exposing personal and health information for more than 90,000 individuals in the United States.
Medical Associates of Brevard in Melbourne, Florida, disclosed a January 2025 data breach affecting about 246,711 individuals.
ID Care discovered suspicious network activity on November 5, 2025, leading to unauthorized access to Social Security numbers and medical records and HHS notification.
Arizona healthcare data breach affects about 73,281 patients between May 18 and May 22, 2025.
Goshen Medical Center reports data breach on March 4 2025 after unauthorized access to patient files in its network