Healthcare Data Breach Disclosures and Litigation Affecting Hundreds of Thousands of Patients
Bell Ambulance reported that a February 2025 network intrusion led to the compromise of protected health information for 237,830 individuals, after unauthorized activity was detected on Feb. 13, 2025. The organization said the exposed data can include names, dates of birth, Social Security numbers, driver’s license numbers, financial account information, medical information, and health insurance information; it offered 12–24 months of credit monitoring/identity protection and stated it was not aware of misuse at the time of notification. The incident response included third-party forensic support, and notifications were issued in phases as the data review progressed, with additional letters sent into March 2026.
Separately, Cornerstone Specialty Hospitals agreed to pay $2.35 million to settle a class action lawsuit tied to a data breach that reportedly affected nearly 500,000 individuals. The available reporting focuses on the settlement amount and impacted population size, indicating ongoing legal and financial consequences for large-scale healthcare data exposure even when technical details of the underlying intrusion are not publicly described in the same source.
Related Entities
Threat Actors
Malware
Sources
1 more from sources like teiss news
Related Stories
Healthcare Data Breach Disclosures and Legal Fallout
French healthcare software provider **Cegedim Santé** confirmed a major breach affecting its *MonLogicielMedical (MLM)* product after unusual activity was detected in late 2025. The incident exposed administrative data tied to roughly **1,500 doctors** (out of ~3,800 users) and patient data at large scale—reported as **15.8 million records**, including **165,000 files** that may contain doctors’ notes; while structured medical records were reported as intact, some administrative comments may include sensitive clinical notes and highly sensitive details (e.g., HIV/AIDS status or sexual orientation). Cegedim Santé reported notifying French authorities including **CNIL** and filing a complaint. In the US, **Cornerstone Specialty Hospitals** agreed to a **$2.35M** class-action settlement tied to a **December 2023** network intrusion that ultimately affected **484,957 individuals**, with potentially exposed data spanning identifiers (including SSNs and government IDs), financial data, credentials, and health/insurance information; the suit also alleged delayed notification (letters mailed around July 2024). Separately, **PIH Health** began notifying patients about a **December 2024 ransomware attack** that disrupted multiple hospitals and services; investigators concluded the attacker had network access from **Nov 14–Dec 23, 2024**, and after a prolonged review PIH Health confirmed in **Dec 2025** that patient information was present in files on compromised systems and may have been accessed or acquired, with notification letters prepared by **Feb 25, 2026** amid claims of large-scale data theft and some data leakage online.
1 weeks ago
Healthcare Provider Email and Network Intrusions Expose Patient Data
**General Physician, P.C.** agreed to pay **$2.5 million** to settle consolidated class-action litigation tied to a **2024 email-environment compromise** that exposed sensitive patient data. The organization detected suspicious activity on **June 12, 2024**, and a forensic investigation found an unauthorized party had accessed its email system from **April 6 to June 12, 2024**. Potentially exposed data included **SSNs, financial account information, dates of birth, medical and treatment details, diagnoses, medical record numbers, and insurance information**; the affected population was later updated to **167,387 individuals** (after an initial placeholder report of 501 to HHS OCR). The settlement fund is intended to provide class benefits after fees/expenses, and the company did not admit wrongdoing. Two additional California healthcare providers reported separate security incidents involving unauthorized access to systems containing patient information. **Valley Radiology Consultants Medical Group** identified a breach on **September 15, 2025**, engaged third-party incident response support, confirmed unauthorized access to its network and files, and began mailing notifications after completing file review on **February 18, 2026**; it also offered **12 months of credit monitoring** and reported taking remediation steps (e.g., password changes and security enhancements). **Nephrology Associates Medical Group** separately began notifying patients about a cyberattack first identified on **May 20, 2025** (details in the provided excerpt are truncated), indicating another healthcare-sector intrusion with patient data exposure risk.
1 weeks ago
Major Healthcare Data Breaches and Legal Fallout in the United States
Continuum Health Alliance, a health management provider based in New Jersey, agreed to settle a consolidated class action lawsuit following a data breach in October 2023 that compromised the personal information of over 377,000 patients from its client, Consensus Medical Group. The breach involved unauthorized access to sensitive data, including names and Social Security numbers, and led to multiple legal claims consolidated in New Jersey court. The settlement was reached after mediation, with all parties agreeing it was preferable to continued litigation, though the defendants denied liability. Separately, Denton County MHMR Center in Texas reported a significant data breach affecting nearly 109,000 patients, with unauthorized access occurring in December 2024. The compromised data included a wide range of protected health information, and affected individuals were notified and offered credit monitoring services. Additionally, Conduent, a major medical services provider, disclosed that a 2024 hacking incident impacted nearly 14.8 million Texans, a substantial increase from previous estimates, highlighting the ongoing challenges in accurately assessing the scope of large-scale healthcare data breaches and the risks posed by third-party vendors.
2 months ago