Last Update: 06/03/2026 at 5:25 AM EST
Healthcare Data Breaches And Lawsuits
Coverage from Bloomberg Law, Morningstar, and others
Articles
70
Latest Article
06/01
Active Days
650
Executive Summary
Recent coverage shows repeated healthcare and business data breaches exposing medical, identity, and financial information, with vendor failures, email compromises, state notices, and class actions driving the response. Litigation and disclosure obligations now sit alongside the incidents themselves as a major part of the story.
Key Points
- Healthcare organizations account for most of the recent incidents, and the exposed data often includes names, Social Security numbers, medical records, diagnoses, insurance details, and contact information.
- Vendor- and third-party-related exposure is a recurring pattern, with breaches often tied to hosted services, recovery firms, or managed providers rather than the named provider's core systems.
- Email account compromise and phishing remain common entry points, alongside unsecured databases and network intrusions.
- Breach notification and disclosure have become a central operational issue, with reports to HHS, state attorneys general, and affected individuals recurring across cases.
- Class action investigations and settlements are a persistent follow-on outcome, especially where large populations, sensitive health data, or delayed disclosure are alleged.
- Regulatory and legal pressure is not limited to notifications; some cases now include consumer protection, privacy-law, or securities-style claims tied to breach handling.
- The signal is coherent and moderately dense: incidents differ in size and venue, but the same breach-response and liability pattern repeats across the material.
Featured Article
North East Medical Services reports a data breach discovered in October 2025 in San Francisco involving a third party vendor UnitedLayer.
Coverage Timeline: 650 Days
Hover over any logo to see coverage summary, click for full article.
Additional Articles
⭐⭐⭐⭐⭐
Nebraska files civil action in Lancaster County Nebraska in December 2024 over Change Healthcare data breach and ransomware incident.
Unknown hackers breached Unimed, an external billing provider, leading German university hospitals in Cologne and Baden-Württemberg to report patient data theft in mid-April.
ALN Medical Management revealed a March 2024 third-party-hosted data breach affecting over one million individuals, leading to consolidated U.S. class actions and a proposed $4 million settlement in Nebraska.
Springfield Hospital disclosed an unauthorized email-account access in December 2025 that exposed sensitive identifiers, leading to investigation and possible class action.
Alera Group received March 30, 2026 preliminary approval for a $2 million class action settlement resolving claims tied to a 2024 data breach impacting potentially 873,211 employees.
Jeremiah Fowler reported an unprotected database exposing nearly one million Ohio medical patient records.
IMA Diligence Services disclosed a ransomware-related external system breach on May 4, 2026 after a December 8, 2025 compromise, with Maine notice filed May 29, 2026.
BlackFog says data breach compensation claims can expose US businesses to major civil liability through negligence, regulatory failures, and delayed disclosure after sensitive data incidents.
Federman & Sherwood investigates Bailey & Galyen after a reported Texas data breach exposing Social Security and health information, with notices sent around May 22, 2026.
May 2006 to later developments show how US state breach definitions and contract terms determine breach notification duties and reimbursement responsibility.
⭐⭐⭐
Plaintiffs dismissed with prejudice a DMS Health Technologies 2023 data breach lawsuit filed in US District Court for the District of North Dakota.
Judge Wendy Beetlestone dismissed an 11-plaintiff class action in Pennsylvania after a 2023 Prospect Medical Holdings data breach exposed personal information for over 190,000 people.
Judge Wendy Beetlestone dismissed a patient class action in the Eastern District of Pennsylvania after plaintiffs alleged a 2023 data breach exposed personal information affecting 190,000 people.
Schubert Jonckheer & Kolbe LLP investigates an alleged Southern Illinois Dermatology data breach after November 28, 2025 access and April 2, 2026 notification in Illinois.
Elmwood Healthcare reported an unauthorized access incident from January 24 to February 13, 2026, potentially exposing medical and identity data for patients in Rhode Island and Massachusetts.
ClassAction.org attorneys investigated a potential class action after Innovative Scientific Solutions operating as Luxor Scientific disclosed a September 2025 data breach in South Carolina and Texas.
Attorneys sought affected individuals after Elara Caring disclosed a third-party vendor system breach that may have exposed Social Security numbers and medical records.
Barnhart Crane & Rigging Co. Inc. notified U.S. consumers on May 21, 2026, after a breach exposed health insurance and identity data, affecting 22,822 people including Maine residents.
Bomco Inc. disclosed on June 17, 2025 unauthorized access to company files occurring June 14-16, 2025, affecting residents in Massachusetts, Vermont, and Maine.
Jeffrey Lisiecki MD PLLC disclosed a patient health data breach after unauthorized access to an employee email account occurred between late 2024 and early 2026.
Ira L. Savetsky, MD PLLC reported a long-running unauthorized employee email access incident in Manhattan from 2024-2026, exposing patient protected health information.
Edelson Lechtzin LLP announced a class action investigation of alleged NCH Corporation data breach exposure between January 21, 2026 and February 25, 2026 in Irving, Texas.
Edelson Lechtzin LLP investigates a potential class action after Elara Caring reported a vendor breach affecting thousands of patients in 2026.
North Texas Behavioral Health Authority notified 285,086 Dallas-area patients after third-party network access exposed patient files with Social Security numbers.
Edelson Lechtzin LLP is investigating a May 8, 2025 ransomware breach at Sandhills Medical in North Carolina that exposed patient health information for about 169,017 people.
North East Medical Services detected unauthorized access to patient data on October 19 2025 in California via United Layer network.
Huron Regional Medical Center in South Dakota reported a May 31 2025 data breach exposing PII and PHI.
Fusion Medical Staffing reported a 2025 breach discovered March 6 and notified Maine residents starting August 19 after exposure of personal and medical information.
Federman & Sherwood investigates a hacking-related network server data breach at Hospital Caribbean Medical Center in Puerto Rico after HHS notification affecting about 92,000 people.
Federman & Sherwood investigates a Innovative Scientific Solutions, LLC data breach after an April 2026 Texas Attorney General notification affecting about 2,823 residents.
Federman & Sherwood investigates a Green Imaging LLC data breach notified to the Texas Attorney General, affecting about 5,016 Texas residents.
Columbia Medical Practice reported a breach on or about November 5, 2025 affecting about six Maine residents, with Social Security-linked information possibly exposed.
Federman & Sherwood investigates Western Orthopaedics, P.C. after a Texas patient data breach reported in 2026.
Federman & Sherwood is investigating a Rhode Island nonprofit data breach reported to HHS after unauthorized network server access allegedly exposed patient information for about 5,630 people.
Bomco Inc. reported an unauthorized-access data breach to the Attorney General of Maine, potentially exposing Social Security and financial account information between June 14 and June 16, 2025.
Federman & Sherwood investigates the Johnson-Peltier Electric data breach after March 2025 unauthorized network access and a California Attorney General notice.
Federman & Sherwood investigates the Elara Caring data breach after a network server intrusion exposed sensitive patient information reported to HHS in 2026.
Edelson Lechtzin LLP is investigating alleged P3 Global Intel data theft reported in mid-March 2026, including millions of law-enforcement tips.
Elara Caring disclosed a third-party vendor breach involving home health document access in November 2025, leading to patient notifications mailed May 12, 2026.
Edelson Lechtzin LLP is investigating potential class action claims after Sandhills Medical reported a ransomware attack exposing patient health data in McBee, South Carolina.
Birch Medical filed a California Attorney General notice on February 27, 2025, after investigation of suspected unauthorized network access exposed consumers' names and medical information.
Alera Group Inc. agreed to a $2 million class action settlement for an August 2024 breach, with claims due June 29, 2026, affecting thousands in the United States.
Goshen Medical Center reported a data security incident in March 2025 in North Carolina, potentially affecting 456,385 individuals, with ClassAction.org seeking affected persons for a possible class action.
Alert Medical Alarms disclosed a June 17 2025 data breach in Pennsylvania, prompting potential class action litigation over exposed personal and health data.
On October 2, 2024, Charleston Area Medical Center detected phishing-driven email compromise affecting 67,413 people, potentially exposing health and identity data and prompting class action discussions.
CF Medical disclosed in 2024 that a February vendor breach at FBCS potentially exposed personal information for 626,396 people, prompting class action evaluation.
Shore Medical Center notified patients in New Jersey after a Nationwide Recovery Services vendor breach exposed potentially sensitive medical and identity data, with class action discussions beginning in 2025.
Attorneys working with ClassAction.org are investigating a potential class action after DocketWise disclosed an October 2025 third-party repository breach affecting 116,666 people.
ERMI, LLC reported a data breach after forensic findings showed unauthorized access to sensitive personal information from February 15 to August 14, 2025.
In October 2025, DocketWise reported potential unauthorized credential access to a partner-managed repository, prompting Edelson Lechtzin LLP to investigate class action privacy claims.
Wakefield and Associates data breach affects Benefis Health System patients in central Montana in January 2025
On February 27, 2026, Boston Mountain Rural Health Center began notifying about a data security incident affecting about 4,800 individuals, prompting class action investigation.
Duane Morris partners say data breach and privacy class actions escalated across the United States in 2025 due to ransomware and broader data exposures.
AAA Northeast's Driver Training School faced a class action after March breach notifications tied exposure to a December vendor system compromise in Providence, Rhode Island.
Between April 2 and April 6, 2026, U.S. federal courts saw class actions against health care and tech firms over alleged 2025 data breaches exposing sensitive identifiers and patient records.
Rhysida hacking group accessed Bayhealth patient data in Delaware in August; settlement awaiting court approval in October to resolve unauthorized access and data exposure.
Schubert Jonckheer & Kolbe LLP investigate a December 2025 data breach at QualDerm Partners affecting Texas residents.
Federman & Sherwood began investigating the Waterford Surgical Center data breach in Waterford, Michigan, reported to U.S. HHS on May 13, 2026.
Barnhart Crane & Rigging Company, Inc. notified individuals of a data security incident after unauthorized access may have exposed personal information and protected health information.
⭐️⭐️
MCA/SGS data breach on November 16, 2025 in the United States exposed personal data.
NASCBF detected a data breach on August 18 2025 in Hamden Connecticut.
Mid Michigan Medical Billing Service reported a March 27, 2025 network breach affecting 28,185 individuals in Michigan; notifications completed December 2, 2025, and attorneys opened a class action probe.
Attorneys with ClassAction.org investigate Hampton Regional Medical Center data breach after notices to affected individuals.
Huron Regional Medical Center disclosed a data breach on May 31 2025 in South Dakota affecting patient information.
Unknown third party accessed Liberty Resources networks in July 2024, exposing personal data and triggering potential class action.
California residents affected by the Outcomes data breach may pursue a class action now in California to recover privacy damages.
Sedgebrook OpCo SL VII LLC experienced a data breach on May 4-5 2025 in Lincolnshire Illinois, potentially leading to a class action.
A Connecticut medical practice faces three lawsuits after ransomware breach exposing patient and employee data and breach notification concerns.
Record US data breaches and rising ransomware in 2023 triggered investor class actions and settlement activity involving Alphabet, Zoom, and Okta while regulators in the US, EU, and Australia tighten disclosure rules.