Delaware & Florida Women’s Health Centers Announce Data Breaches

Two women’s healthcare providers have announced data privacy incidents. Women’s Wellness of Southern Delaware recently learned about unauthorized retention of patient data by a former provider of aesthetic services, and Women’s Center for Radiology has identified a hacking incident.

Women’s Wellness of Southern Delaware

Women’s Wellness of Southern Delaware, a Lewes, DE-based provider of obstetrics, gynecology, and facial aesthetic services, has recently learned that a former provider who rendered aesthetic services for the practice retained the protected health information of patients after engagement with the practice had terminated. Women’s Wellness of Southern Delaware was made aware of the data retention on April 28, 2026. The provider retained patients’ contact information and other patient-related information and is believed to have contacted certain patients to offer similar services at a new practice.

The information retained relates to certain recipients of aesthetic services and clinical services patients. For the aesthetic services patients, the information included their name, birth date, gender, email address, physical address, phone number, allergies, medications, supplements, and information related to the services received, which may include photographs, intake records, aesthetics-related medical history, face maps, dates of services and purchases, and descriptions of services or items purchased. For the clinical services recipients, the impacted data included name, phone number, dates of purchases, and descriptions of the items/medications purchased. The former provider did not have access to electronic medical records.

Women’s Wellness of Southern Delaware said it is in communication with the former provider and is seeking to obtain assurances that the data is returned or destroyed, and steps have been taken to enhance its data privacy and security measures to prevent similar incidents in the future. The incident is not currently shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.

Women’s Center for Radiology

Women’s Center for Radiology, a provider of medical imaging services at three locations in Orlando, Florida, has identified unauthorized access to parts of its network containing patient data. The unauthorized access was identified on or around April 28, 2026, and the forensic investigation determined that an unauthorized third party gained access to a limited part of its computer network. Files containing patient information were viewed or downloaded by the unauthorized third party.

Assisted by third-party specialists, Women’s Center for Radiology determined that the exposed files contained patient information such as names, addresses, dates of birth, contact information, diagnosis or condition, lab results, treating physician, medical record number, health insurance information, and driver’s license numbers.

Women’s Center for Radiology has started notifying the affected individuals, who have been offered complimentary credit monitoring and identity theft protection services. Women’s Center for Radiology is reviewing its policies, procedures, and protocols related to data privacy and security. Regulators have been notified about the incident; however, the number of affected individuals has not yet been publicly disclosed.

The post Delaware & Florida Women’s Health Centers Announce Data Breaches appeared first on The HIPAA Journal.

Employees Drop Class Action Lawsuit Against Stryker Over Hamdala Cyberattack

A consolidated class action lawsuit against the medtech company Stryker over a March 2026 cyberattack has been voluntarily dismissed by the plaintiffs, shortly after Stryker filed a motion to dismiss the lawsuit, alleging a lack of standing.

The Iranian hacktivist group Hamdala targeted Stryker in response to the military action in Iran by the United States and Israel. The hackers breached certain Stryker systems, stole around 50 terabytes of data, and permanently erased 12 petabytes of data on around 200,000 company devices. The attack caused considerable disruption, taking systems out of action for weeks.

Eight current and former Stryker employees took legal action against the company alleging that their personal information was compromised in the attack. The lawsuits started to be filed within hours of Stryker announcing the cyberattack, before Stryker had completed its investigation. While a significant amount of data was stolen in the attack, Stryker said its forensic investigation found no evidence to suggest that any of the plaintiffs’ data was compromised.

Stryker searched for the plaintiffs’ personally identifiable information (PII) in the compromised files and found the business email addresses of two of the plaintiffs, but no PII. None of the plaintiffs received a notification from Stryker informing them that their PII was involved, but despite that, the plaintiffs took legal action against the company seeking to represent a class of individuals whose PII was compromised. On June 22, 2026, Stryker filed a motion to dismiss the class action litigation.

In its motion to dismiss, Stryker said the employees started filing lawsuits 48 hours after the cyberattack was announced on March 11, 2026, and that they speculated that their names, Social Security numbers, unspecified financial account information, unspecified health insurance information, and unspecified driver’s license information were compromised in the incident. The plaintiffs asserted claims for negligence, negligence per se, breach of implied contract, intrusion upon seclusion, unjust enrichment, breach of confidence, and declaratory judgment.

Stryker said the plaintiffs vaguely alleged that they had been injured as a result of the incident; however, those injuries were theoretical. Six of the plaintiffs alleged that their PII had been misused, speculating that it was due to the cyberattack on Stryker, but they failed to allege sufficient detail to link the misuse of their data to the Stryker cyberattack. Stryker determined that their PII had been exposed in numerous prior data breaches, including their Social Security numbers. Two of the plaintiffs had their PII exposed in at least 20 prior data breaches.

Stryker maintains that the incident did not involve devices or systems connected to its customers, although the attack did impact its electronic ordering system and other related systems used by its clients. The cyberattack has been reported to the U.S. Securities and Exchange Commission (SEC); however, the company has not issued breach notifications to the HHS’ Office for Civil Rights or state attorneys general at the time of publication.

The eight class action lawsuits filed by employees were consolidated into a single action – In re Stryker Corporation Cyberattack Litigation – in the U.S. District Court for the Western District of Michigan, Southern Division. The plaintiffs opted to voluntarily dismiss the consolidated lawsuit on June 29, 2026. U.S. District Court Judge Hala Jarbou has signed an order dismissing the employees’ claims without prejudice. Should Stryker determine that the plaintiffs’ PII was compromised in the incident, the lawsuits can be refiled.

The post Employees Drop Class Action Lawsuit Against Stryker Over Hamdala Cyberattack appeared first on The HIPAA Journal.

ClickFix Social Engineering Technique is the Leading Method for Malware Delivery

The ClickFix social engineering technique is the leading method of malware delivery, according to an analysis by researchers at ReliaQuest. The researchers analyzed cyberattacks between March 1 and March 31, 2026, and found that attackers were most commonly exploiting trusted identities, devices, and tools in their attacks. This approach allows the attackers to hide their activities, which resemble normal user behavior, and bypass traditional perimeter and file scanning defenses.

The leading technique was ClickFix, which involves tricking users into pasting the attacker’s commands and scripts into trusted system dialogs, such as the Windows Run dialog. Pressing the Windows Key + R, launches the Run dialog, and the user is convinced to copy the supplied code into the dialog and execute it, having been tricked into thinking that the command will resolve an IT issue.

For instance, a user visits a website that triggers a pop-up, warning them that their browser contains a vulnerability or an image failed to load. They are told to click a button, which copies code, and then paste that command into the Run dialog and press Enter, thus executing the command. Other methods involve generating a fake CAPTCHA page, informing the user that they need to complete the test to verify they are human by pasting and running the command. That command launches PowerShell code that delivers the malware payload.

ReliaQuest researchers report that this technique is commonly used to deliver the NetSupport RAT, a remote access Trojan, and Deepload fileless malware, although they observed this technique being used to deliver a range of malware variants. This approach has also been used against MacOS users for the first time, delivering Atomic Stealer (AMOS), which can steal browser credentials, session cookies, cryptocurrency wallets, and keychain data.

ReliaQuest recommends companies add this method of attack to their security awareness training programs, warning employees not to paste commands into dialog boxes, such as Run, Terminal, or Script Editor, to consider restricting the use of the Run feature, restrict users from executing executable files, and use web filters to block pop-ups and prevent access to malicious websites.

The post ClickFix Social Engineering Technique is the Leading Method for Malware Delivery appeared first on The HIPAA Journal.