Healthcare Data Breach Notifications and Settlement Involving Patient Information Exposure
Multiple healthcare-related organizations disclosed separate incidents involving exposure or theft of patient data. Delta Medical Systems reported unauthorized access to its email environment on July 15, 2025, with potentially exposed data including names, dates of birth, Social Security numbers, driver’s license information, bank details, insurance information, and medical information. A separate HIPAA Journal report described additional incidents at Cedar Valley Services, Community Nurse, and Health Dimensions Group, including a likely Qilin ransomware intrusion at Cedar Valley Services and a vendor-linked compromise affecting Community Nurse through Doctor Alliance, where files may have been accessed between October 31 and November 17, 2025.
In a different but related healthcare privacy matter, a judge approved a $5 million settlement in litigation against Geisinger Health and Nuance Communications over the theft of medical records affecting roughly 1.3 million patients by a former Nuance employee. The stolen records reportedly included names, birthdates, addresses, medical record numbers, treatment details, and insurance information. While all three reports concern healthcare data exposure, they describe distinct incidents rather than one unified breach event, spanning direct compromises, third-party/vendor exposure, suspected ransomware activity, and post-incident legal resolution.
How this story unfolded
13 events from the most recent confirmed update back to the earliest known activity.
Deadline set for Geisinger settlement claims
Victims in the Geisinger-Nuance case were given until March 18, 2026, to file claims for compensation or enroll in complimentary credit monitoring. The settlement covered approximately 1.3 million affected patients.
Judge approves Geisinger-Nuance settlement
A judge approved the $5 million settlement in the civil case involving Geisinger Health and Nuance Communications over stolen patient records. The case stemmed from a former Nuance employee's theft of Geisinger patient data while Nuance was providing clinical documentation services.
About 97,000 Geisinger victims sign up for cash payments
As of March 5, around 97,000 victims in the Geisinger-Nuance settlement had enrolled for direct cash payments. The settlement also allowed victims to seek complimentary credit monitoring.
Geisinger and Nuance agree to $5 million settlement
Geisinger Health and Nuance Communications agreed earlier in March 2026 to settle civil litigation over the theft of medical records affecting about 1.3 million patients. The settlement provides compensation and credit monitoring while denying wrongdoing or additional liability.
Delta Medical Systems completes identification and notification work
By February 11, 2026, Delta Medical Systems had identified affected individuals from its July 2025 email compromise and notified them. The company also offered credit monitoring and identity theft protection.
Qilin lists Cedar Valley Services on leak site
The Qilin ransomware group listed Cedar Valley Services on its leak site and claimed to have exfiltrated sensitive data. This public claim linked the organization's hacking incident to a known ransomware operation.
Doctor Alliance unauthorized access window closed
The period during which a threat actor may have accessed files at Doctor Alliance ended on November 17, 2025. Community Nurse later disclosed the vendor incident as affecting thousands of individuals.
Doctor Alliance files potentially accessed in vendor incident
Community Nurse said a threat actor may have accessed files at document management and billing vendor Doctor Alliance during a security incident. The exposure window began on October 31, 2025, and ultimately affected 6,746 individuals tied to Community Nurse.
Health Dimensions Group suffers cybersecurity incident
Health Dimensions Group said files containing independent contractors' personal data were obtained during a cybersecurity incident in October 2025. The organization later offered credit monitoring and identity theft protection to affected individuals.
Ansell Healthcare Products discovers anomalous activity
Ansell Healthcare Products reported discovering anomalous activity affecting employee data. The incident ultimately affected 2,061 individuals and exposed names and Social Security numbers.
FuturHealth unauthorized access period ended
The unauthorized access and exfiltration activity in FuturHealth's environment concluded by mid-August 2025, according to the company's disclosure. The incident involved sensitive personal and health-related information.
FuturHealth network intrusion and data exfiltration occurred
FuturHealth disclosed that an unauthorized party accessed its network and exfiltrated data over a period in August 2025. Exposed information included names, health insurance information, and other sensitive personal data.
Delta Medical Systems email environment accessed
Delta Medical Systems said an unauthorized party accessed its email environment, potentially exposing patient data including protected health information and financial information. The company later identified affected individuals and provided notice and remediation support.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Delta Medical Systems Notifies Patients About July 2025 Cyberattack
hipaajournal.com
Open sourcePHI Exposed in Data Breaches at Cedar Valley Services; Community Nurse; Health Dimensions Group
hipaajournal.com
Open sourceStolen data complaint against Geisinger Health, Nuance Communications settled for $5M
healthexec.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Healthcare Data Breach and Ransomware Incident Roundup
Several healthcare-related organizations disclosed **separate data breach incidents** involving ransomware, unauthorized network access, and third-party compromise. CommonSpirit Health said patient data was exposed through a downstream vendor chain after **Pinnacle Holdings Ltd** suffered a ransomware attack, with attackers present in the network from November 11 to November 25, 2024, and exfiltrating files before the incident was later relayed through **NorthGauge Healthcare Advisors**. Meadowlark Hills and MedPeds also disclosed breaches tied to the **Beast ransomware** group, while Tieu Dental reported unauthorized access to its network in July 2025 that exposed patient information including Social Security numbers, medical and insurance data. These incidents led to regulatory notifications and offers of credit monitoring or identity theft protection for affected individuals. A separate legal development involved **Geisinger Health** and **Nuance Communications**, where a judge approved a **$5 million settlement** over claims tied to a former Nuance employee's theft of medical records affecting about 1.3 million patients. That matter differs from the ransomware and breach notifications because it concerns civil litigation over an earlier insider data theft rather than a newly disclosed intrusion. Overall, the reporting reflects ongoing exposure of protected health information across the healthcare sector through both direct attacks and third-party relationships, with delayed notification timelines and incomplete early visibility into the full scope of compromised data remaining recurring issues.
Apr 17, 2026
Healthcare Provider Data Breaches and Ransomware-Linked Patient Data Exposure
Multiple U.S. healthcare organizations reported **unauthorized network access and patient data exposure**, with several incidents involving confirmed **data exfiltration** and follow-on notification/credit-monitoring actions. **QualDerm Partners** disclosed unauthorized access between **Dec. 23–24, 2025** with files exfiltrated and notifications being sent on a rolling basis, while **Carolina Foot & Ankle Associates** reported a **Dec. 2025** intrusion detected after a network disruption and confirmed exfiltration of files containing PHI (e.g., demographics, MRNs, insurance data, and treatment/billing codes). Additional breach disclosures included **Cedar Point Health** (intrusion detected around **June 16, 2025**, with a months-long data review concluding in late Jan. 2026 and impacted data potentially including SSNs/ITINs and government IDs) alongside separate notifications from **Wee Care Pediatrics** and **Easterseals Northeast Indiana**. Legal and regulatory consequences continued to surface from earlier healthcare incidents. **Asheville Eye Associates** agreed to settle consolidated class-action litigation tied to a **Nov. 2024** attack claimed by **DragonForce ransomware**, which allegedly exfiltrated **~540 GB** before encrypting systems and later leaked data when ransom was not paid; the breach was reported to HHS OCR as affecting **204,984** individuals. Sector-wide reporting also indicated **46** large healthcare breaches logged for **Jan. 2026** on the HHS OCR portal (500+ individuals), exposing **~1.44 million** individuals’ PHI, amid discussion that late-2025 reporting backlogs may have influenced recent month-to-month trends.
Mar 21, 2026
Healthcare and public-sector data breaches and breach-related litigation
Multiple organizations reported **unauthorized access and data exposure events** affecting large populations, with several incidents tied to third-party systems or business associates. The Minnesota Department of Human Services notified nearly **304,000** people after a user associated with a licensed healthcare provider accessed demographic records in the *MnChoices* system (managed by vendor **FEI Systems**) beyond what was authorized; most impacted records were demographic data, with a smaller subset including some medical information and, for some, the last four digits of SSNs. Monroe University reported a **December 2024** intrusion with data exfiltration affecting about **320,973** individuals, with exposed data potentially including SSNs, government IDs, financial account information, and health/insurance data; notification letters began in early January 2026. Separately, Mid Michigan Medical Billing Service disclosed a **March 2025** cyberattack that exposed PHI for **28,185** individuals across healthcare clients, and VillageCareMAX reported a breach involving business associate **TMG Health** (details referenced as part of a broader business-associate breach update). Other items in the set describe distinct, unrelated security stories rather than the same incident: an underground-market sale of **Raaga** user data (10.2M records, including passwords stored as **unsalted MD5 hashes**), a settlement in litigation tied to the **Veradigm** breach (over 2M patients; **$10.5M** class-action settlement), and a **ransomware** incident at **Valley Eye Associates** where a group identified as **Qilin** claimed exfiltration (139 GB) and published data. Additional references include commentary on UK government handling of an **Afghan data breach** (spreadsheet emailed outside the MoD and use of an injunction) and broader analysis of healthcare breach trends and UK ambulance-service breach reporting; these provide context but do not describe the same specific event as the Minnesota DHS or other named incidents.
Mar 21, 2026