Healthcare Organizations Face Legal and Notification Fallout From Ransomware-Linked Data Theft
Norton Healthcare agreed to pay $11 million to settle a class-action lawsuit tied to a 2023 ALPHV/BlackCat ransomware-related data theft that reportedly involved 4.7 TB of stolen data and impacted nearly 2.5 million people. The preliminary settlement provides for reimbursement claims (up to $2,500 for unreimbursed expenses), compensation for time spent responding to the incident (up to $80), and three years of medical identity monitoring, pending final court approval.
Separately, Ohio-based Kettering Health began notifying current and former patients and affiliates about a May 2025 ransomware and data theft incident claimed by the Interlock cybercrime group. Reporting indicates Interlock publicly listed Kettering Health on its leak site and claimed roughly 941–950 GB of data, and Kettering previously warned patients about scam calls from fraudsters impersonating medical bill collectors seeking credit card payments—activity consistent with post-breach social engineering and fraud attempts.
Sources
Related Stories
Healthcare Data Breach and Ransomware Incident Roundup
Several healthcare-related organizations disclosed **separate data breach incidents** involving ransomware, unauthorized network access, and third-party compromise. CommonSpirit Health said patient data was exposed through a downstream vendor chain after **Pinnacle Holdings Ltd** suffered a ransomware attack, with attackers present in the network from November 11 to November 25, 2024, and exfiltrating files before the incident was later relayed through **NorthGauge Healthcare Advisors**. Meadowlark Hills and MedPeds also disclosed breaches tied to the **Beast ransomware** group, while Tieu Dental reported unauthorized access to its network in July 2025 that exposed patient information including Social Security numbers, medical and insurance data. These incidents led to regulatory notifications and offers of credit monitoring or identity theft protection for affected individuals. A separate legal development involved **Geisinger Health** and **Nuance Communications**, where a judge approved a **$5 million settlement** over claims tied to a former Nuance employee's theft of medical records affecting about 1.3 million patients. That matter differs from the ransomware and breach notifications because it concerns civil litigation over an earlier insider data theft rather than a newly disclosed intrusion. Overall, the reporting reflects ongoing exposure of protected health information across the healthcare sector through both direct attacks and third-party relationships, with delayed notification timelines and incomplete early visibility into the full scope of compromised data remaining recurring issues.
Today
Healthcare Cyber Incidents: Kettering Health Ransomware Litigation, Insightin Health GoAnywhere Breach, and Polish Hospital Disruption
Multiple healthcare-sector cyber incidents were reported, including ongoing fallout from a major U.S. provider ransomware event. **Kettering Health** continues to face escalating legal exposure from a 2025 ransomware attack attributed to **Interlock**, which allegedly stole **941 GB** of data and encrypted systems; the disruption forced shutdown of roughly **600 applications**, a temporary shift to paper workflows, and delays to care while systems (including *Epic* EHR) were restored. Dozens of patient lawsuits have been filed and consolidated in Ohio, with claims focused not only on data theft but also alleged **delayed or denied medical care** during the outage. Separately, healthcare vendor **Insightin Health** disclosed a 2025 security incident involving its use of the *GoAnywhere* managed file transfer tool, reporting that an unauthorized party accessed GoAnywhere by exploiting an **“unknown design flaw”** and potentially accessed files on a subset of servers between **Sept 17–23, 2025**; impacted data may have included names, provider names, insurance information, and member IDs (no SSNs or financial data reported). In Europe, the Independent Public Regional Hospital in **Szczecin, Poland** reported a March 2026 cyberattack that **encrypted parts of hospital data**, disrupted digital operations, and forced a temporary return to paper-based processes, while the hospital stated urgent care continued despite slower administration.
5 days ago
Healthcare Provider Data Breaches and Ransomware-Linked Patient Data Exposure
Multiple U.S. healthcare organizations reported **unauthorized network access and patient data exposure**, with several incidents involving confirmed **data exfiltration** and follow-on notification/credit-monitoring actions. **QualDerm Partners** disclosed unauthorized access between **Dec. 23–24, 2025** with files exfiltrated and notifications being sent on a rolling basis, while **Carolina Foot & Ankle Associates** reported a **Dec. 2025** intrusion detected after a network disruption and confirmed exfiltration of files containing PHI (e.g., demographics, MRNs, insurance data, and treatment/billing codes). Additional breach disclosures included **Cedar Point Health** (intrusion detected around **June 16, 2025**, with a months-long data review concluding in late Jan. 2026 and impacted data potentially including SSNs/ITINs and government IDs) alongside separate notifications from **Wee Care Pediatrics** and **Easterseals Northeast Indiana**. Legal and regulatory consequences continued to surface from earlier healthcare incidents. **Asheville Eye Associates** agreed to settle consolidated class-action litigation tied to a **Nov. 2024** attack claimed by **DragonForce ransomware**, which allegedly exfiltrated **~540 GB** before encrypting systems and later leaked data when ransom was not paid; the breach was reported to HHS OCR as affecting **204,984** individuals. Sector-wide reporting also indicated **46** large healthcare breaches logged for **Jan. 2026** on the HHS OCR portal (500+ individuals), exposing **~1.44 million** individuals’ PHI, amid discussion that late-2025 reporting backlogs may have influenced recent month-to-month trends.
2 weeks ago