Healthcare Cyber Incidents: Kettering Health Ransomware Litigation, Insightin Health GoAnywhere Breach, and Polish Hospital Disruption
Multiple healthcare-sector cyber incidents were reported, including ongoing fallout from a major U.S. provider ransomware event. Kettering Health continues to face escalating legal exposure from a 2025 ransomware attack attributed to Interlock, which allegedly stole 941 GB of data and encrypted systems; the disruption forced shutdown of roughly 600 applications, a temporary shift to paper workflows, and delays to care while systems (including Epic EHR) were restored. Dozens of patient lawsuits have been filed and consolidated in Ohio, with claims focused not only on data theft but also alleged delayed or denied medical care during the outage.
Separately, healthcare vendor Insightin Health disclosed a 2025 security incident involving its use of the GoAnywhere managed file transfer tool, reporting that an unauthorized party accessed GoAnywhere by exploiting an “unknown design flaw” and potentially accessed files on a subset of servers between Sept 17–23, 2025; impacted data may have included names, provider names, insurance information, and member IDs (no SSNs or financial data reported). In Europe, the Independent Public Regional Hospital in Szczecin, Poland reported a March 2026 cyberattack that encrypted parts of hospital data, disrupted digital operations, and forced a temporary return to paper-based processes, while the hospital stated urgent care continued despite slower administration.
Sources
Related Stories
Ransomware and data-breach disclosures across education, critical infrastructure, and healthcare
Rome’s **La Sapienza University** shut down network systems as a precaution after a cyberattack caused widespread disruption and left its website offline; Italian media attributed the incident to a suspected ransomware operation linked to pro-Russian actor **Femwar02**, with reported tradecraft resembling **Bablock/Rorschach**-style fast encryption. Separately, Romania’s national oil pipeline operator **Conpet** reported a cyberattack that disrupted corporate IT and took down `www.conpet.ro` while leaving **OT/SCADA** and pipeline transport operations unaffected; **Qilin** claimed responsibility, alleging theft of nearly **1TB** of data and posting sample documents (including financial data and passport scans) to support extortion claims. In the U.S., government services contractor **Conduent** faced expanding breach impact from its January 2025 ransomware incident, with notifications indicating exposure potentially reaching **dozens of millions**; reported affected data includes **names, Social Security numbers, and medical/health insurance information**, with at least **15.4M** impacted in Texas and **10.5M** in Oregon per state disclosures. Additional healthcare-sector disclosures included a ransomware-linked intrusion at **Insightin Health** (unauthorized access in September 2025; **Medusa** claimed exfiltration of **378GB**) and a separate compromise at **Clinic Service Corporation** (August 2025 access window), while **Central Ozarks Medical Center** reported a criminal cyberattack affecting **11,818** individuals with exposure of PHI/PII (including SSNs and financial/insurance data). Other items in the set were not incident-specific: an **HHS-OIG** audit describing web application security weaknesses at a large hospital, and general guidance/education pieces on the value of medical records to attackers and **CISA** insider-threat guidance.
1 months ago
Healthcare Provider Data Breaches and Ransomware-Linked Patient Data Exposure
Multiple U.S. healthcare organizations reported **unauthorized network access and patient data exposure**, with several incidents involving confirmed **data exfiltration** and follow-on notification/credit-monitoring actions. **QualDerm Partners** disclosed unauthorized access between **Dec. 23–24, 2025** with files exfiltrated and notifications being sent on a rolling basis, while **Carolina Foot & Ankle Associates** reported a **Dec. 2025** intrusion detected after a network disruption and confirmed exfiltration of files containing PHI (e.g., demographics, MRNs, insurance data, and treatment/billing codes). Additional breach disclosures included **Cedar Point Health** (intrusion detected around **June 16, 2025**, with a months-long data review concluding in late Jan. 2026 and impacted data potentially including SSNs/ITINs and government IDs) alongside separate notifications from **Wee Care Pediatrics** and **Easterseals Northeast Indiana**. Legal and regulatory consequences continued to surface from earlier healthcare incidents. **Asheville Eye Associates** agreed to settle consolidated class-action litigation tied to a **Nov. 2024** attack claimed by **DragonForce ransomware**, which allegedly exfiltrated **~540 GB** before encrypting systems and later leaked data when ransom was not paid; the breach was reported to HHS OCR as affecting **204,984** individuals. Sector-wide reporting also indicated **46** large healthcare breaches logged for **Jan. 2026** on the HHS OCR portal (500+ individuals), exposing **~1.44 million** individuals’ PHI, amid discussion that late-2025 reporting backlogs may have influenced recent month-to-month trends.
2 weeks ago
Healthcare Organizations Face Legal and Notification Fallout From Ransomware-Linked Data Theft
**Norton Healthcare** agreed to pay **$11 million** to settle a class-action lawsuit tied to a 2023 **ALPHV/BlackCat** ransomware-related data theft that reportedly involved **4.7 TB** of stolen data and impacted nearly **2.5 million** people. The preliminary settlement provides for reimbursement claims (up to **$2,500** for unreimbursed expenses), compensation for time spent responding to the incident (up to **$80**), and **three years of medical identity monitoring**, pending final court approval. Separately, Ohio-based **Kettering Health** began notifying current and former patients and affiliates about a **May 2025** ransomware and data theft incident claimed by the **Interlock** cybercrime group. Reporting indicates Interlock publicly listed Kettering Health on its leak site and claimed roughly **941–950 GB** of data, and Kettering previously warned patients about **scam calls** from fraudsters impersonating medical bill collectors seeking credit card payments—activity consistent with post-breach social engineering and fraud attempts.
3 weeks ago