Multiple Healthcare Data Breaches Impacting U.S. Medical Providers
Several U.S. healthcare organizations have disclosed significant data breaches involving unauthorized access to patient and employee information. MedStar Health reported that an unauthorized third party accessed internal systems containing sensitive patient data, including names, dates of birth, Social Security numbers, and medical information. The Rhysida threat group claimed responsibility for this attack, alleging the exfiltration and leak of over 7 million pieces of patient data. Brevard Skin and Cancer Center also confirmed a cyberattack in which the Pear threat group claimed to have stolen 1.8 terabytes of data, affecting both patient and employee records with information such as Social Security numbers, health conditions, and billing details. Both organizations have offered complimentary credit monitoring and identity theft protection to affected individuals and are reviewing their cybersecurity measures.
Henry Ford Health in Michigan disclosed an insider data breach affecting nearly 2,000 patients, resulting in the termination of the responsible employee and notification to those impacted. While details on the specific data accessed were not provided, credit monitoring services have been offered. These incidents highlight the ongoing risks faced by healthcare providers from both external threat actors and insider threats, emphasizing the need for robust security policies and continuous evaluation of protective measures to safeguard sensitive health information.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
10 events from the most recent confirmed update back to the earliest known activity.
Rhysida claims MedStar Health breach and data leak
The Rhysida ransomware group claimed responsibility for the MedStar Health incident, alleging it exfiltrated 3.7 TB of data, including more than 1.8 million files and over 7 million pieces of patient data, and leaked the material on its dark web portal. This added public attribution and impact claims to the breach narrative.
Pear claims Brevard Skin and Cancer Center attack
The Pear threat group claimed responsibility for the Brevard Skin and Cancer Center breach, saying it stole 1.8 TB of data in a data-theft-and-ransom operation without encryption. The claim newly attributed the incident to a specific threat actor.
Henry Ford Health reports insider data breach affecting 1,984 patients
Henry Ford Health disclosed an insider data breach affecting 1,984 patients after an employee improperly accessed a desktop computer. The employee was terminated, affected individuals were notified, and credit monitoring was offered; the breach was also listed on the HHS OCR portal.
MedStar Health begins notifying affected individuals
MedStar Health began sending breach notifications on December 3, 2025. The health system offered complimentary credit monitoring and identity theft protection to affected people.
Wilmington Community Clinic completes breach notifications
By November 18, 2025, Wilmington Community Clinic had completed notifications to affected individuals about the August incident. The clinic also offered 12 months of credit monitoring and identity theft protection and reported the matter to regulators.
Brevard Skin and Cancer Center detects September attack
Brevard Skin and Cancer Center first detected the cyberattack on October 14, 2025. The organization engaged cybersecurity experts and began response and remediation efforts.
MedStar Health detects the cyberattack
MedStar Health identified the cyberattack on October 4, 2025, after the earlier period of unauthorized access. The incident led to a breach review and later patient notifications.
Brevard Skin and Cancer Center breached
Attackers gained unauthorized access to Brevard Skin and Cancer Center's environment on September 28, 2025 and exfiltrated patient and employee data. Stolen information included personal, billing, and protected health information such as names, Social Security numbers, and health data.
MedStar Health systems accessed in cyberattack
An unauthorized third party accessed MedStar Health internal systems containing sensitive patient data between September 12 and September 16, 2025. Potentially exposed information included names, dates of birth, Social Security numbers, and possibly medical and insurance details.
Wilmington Community Clinic suffers network intrusion
Wilmington Community Clinic experienced a cybersecurity incident involving unauthorized access to its network on August 13, 2025. Potentially compromised data included names, health insurance IDs, medical information, dates of birth, and driver's license or state ID numbers.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Henry Ford Health Notifies 2,000 Patients About Insider Data Breach
hipaajournal.com
Open sourceBrevard Skin and Cancer Center Announces September Cyberattack
hipaajournal.com
Open sourceNotifications Issued About MedStar Health Data Breach
hipaajournal.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Recent Data Breaches at U.S. Healthcare Providers
Multiple U.S. healthcare organizations have recently disclosed data breaches resulting from unauthorized access to sensitive patient information. Expert MRI, a radiology provider in California, reported that an attacker accessed its network between June and August 2025, exfiltrating data such as names, addresses, dates of birth, diagnoses, and, for some, Social Security numbers. The PEAR threat group claimed responsibility and briefly listed stolen data on its leak site, suggesting a ransom may have been paid. Revere Health in Utah experienced a breach of a third-party payment platform, potentially exposing patient names, dates of birth, addresses, medical record numbers, and partial Social Security numbers, though no evidence of misuse was found. Health Management Systems of America in Michigan disclosed a breach after an employee fell victim to a spear phishing attack, resulting in the unauthorized download of emails containing patient data. These incidents highlight the ongoing risks faced by healthcare organizations from both targeted ransomware groups and opportunistic phishing attacks. In response, affected providers have reported the breaches to regulators, enhanced their cybersecurity measures, and offered credit monitoring to impacted individuals. The number of affected patients varies by incident, with Revere Health reporting up to 10,800 impacted and Expert MRI yet to disclose a total. The breaches underscore the importance of robust security practices and employee awareness training to mitigate the risk of data compromise in the healthcare sector.
Mar 21, 2026
Multiple Healthcare Data Breaches and Regulatory Actions in the US
Several healthcare providers in the United States have recently disclosed significant data breaches resulting from cyberattacks, with patient and employee information being compromised. AllerVie Health, based in Texas, confirmed unauthorized access to its network, exposing sensitive data such as names, Social Security numbers, and insurance details, allegedly due to a ransomware attack by the Anubis group. The attackers claim to have stolen records of over 30,000 patients, and affected individuals have been offered credit monitoring and identity theft protection. In a separate incident, OrthopedicsNY, a healthcare provider in New York, suffered a breach in 2023 after attackers gained remote access using compromised credentials, leading to the exposure of data belonging to more than 650,000 patients and employees. The New York Attorney General secured a $500,000 penalty from OrthopedicsNY for failing to implement adequate security measures, and the provider is now required to enhance its data protection practices. Additionally, Singing River Health System in Mississippi reported a cyber incident that led to the temporary shutdown of its patient portal and internet access as a precaution. While the threat was reportedly mitigated, the investigation is ongoing to determine if patient records were accessed. These incidents highlight the ongoing risks faced by healthcare organizations from ransomware groups and other cybercriminals, as well as the increasing regulatory scrutiny and financial penalties for failing to protect sensitive health information. Impacted organizations are responding with offers of credit monitoring and reviews of their security policies, but the breaches underscore the need for robust cybersecurity measures in the healthcare sector.
Mar 21, 2026
Multiple Healthcare and Retail Data Breaches Impacting US Organizations
Several US organizations have reported significant data breaches affecting thousands of individuals. Pearlman Aesthetic Surgery in New York disclosed a hacking incident compromising the protected health information of nearly 12,000 patients, though specific details remain undisclosed. Methodist Homes of Alabama and Northwest Florida notified residents and employees of a second breach within seven months, involving unauthorized access to an employee email account containing sensitive personal and medical information. Gulshan Management Services, which operates over 150 gas stations and convenience stores, confirmed a breach that exposed the personal data of more than 377,000 people, including Social Security numbers and financial information, with delayed notification to affected individuals. Community First Medical Center in Chicago reached a $1 million preliminary settlement following a 2023 breach that exposed the data of approximately 216,000 patients, with allegations of inadequate cybersecurity measures and delayed response. These incidents have led to regulatory filings, class action lawsuits, and increased scrutiny over the timeliness and adequacy of breach notifications. The breaches highlight ongoing challenges in protecting sensitive data across healthcare and retail sectors, with attackers exploiting both network vulnerabilities and email accounts. Organizations are facing legal and reputational consequences, emphasizing the need for robust cybersecurity practices and prompt communication with affected individuals.
Mar 21, 2026