South Florida Injury Centers; Chickasaw Nation Department of Health Report Data Breaches

Posted by Steve Alder

A hacking incident has been reported by South Florida Injury Centers, and Chickasaw Nation Department of Health has discovered that an employee accessed patient data without authorization.

South Florida Injury Centers

South Florida Injury Centers, Inc., a medical practice with locations in Tamarac and Port Saint Lucie that specializes in treating patients injured in automobile accidents, has recently reported a hacking-related data breach to the HHS’ Office for Civil Rights that has affected up to 1,525 patients.

While few details have been released about the incident, this appears to have been a cyberattack by the threat actor Kairos. Kairos is a financially motivated threat group that engages in data theft and extortion, breaching networks, exfiltrating data, and demanding payment to prevent the data from being leaked online. The group has conducted attacks on several healthcare organizations and claims to have exfiltrated 45 GB of data from South Florida Injury Centers.

South Florida Injury Centers was added to its dark web data leak site on April 7, 2026, along with samples of the stolen data, which appear to contain redacted patient information such as names, contact information, driver’s license numbers, Social Security numbers, and medical histories. Kairos proceeded to leak the stolen data, indicating that the ransom was not paid.

Chickasaw Nation Department of Health, Oklahoma

Chickasaw Nation Department of Health in Oklahoma has identified an insider patient privacy incident that was first identified on April 22, 2026. An investigation was promptly initiated when unauthorized access to patient records was identified, and immediate steps were taken to prevent further unauthorized access.

The review of access logs confirmed that the privacy breach was due to the actions of a single employee, who had accessed patient records without authorization between December 1, 2025, and April 22, 2026. During that time, the records of 1,607 patients may have been accessed without authorization.

The information viewed included patient names, ages, dates of service, tribal affiliations, reasons for visits, and clinical information such as lab and radiology orders. No evidence was found to indicate that full Social Security numbers were viewed. The website notification about the privacy incident does not state the actions that have been taken against the employee over the privacy breach.

The post South Florida Injury Centers; Chickasaw Nation Department of Health Report Data Breaches appeared first on The HIPAA Journal.

Remote Desktop Tools are the Front Door in Healthcare, and Hackers are Walking Through

Posted by Steve Alder

There is some positive news from the data collected by cybersecurity firm SonicWall, as cyberattacks have declined by up to 57% in some sectors; however, the healthcare industry has seen the smallest decline out of all tracked verticals, registering just a 17% year-over-year decline, compared to -23% for professional services, -42% for education, -46% for retail and -57% for manufacturing. Healthcare is still persistently targeted by cyber actors, and the gap between healthcare and other sectors is growing, according to the SonicWall 2026 Healthcare Protect Brief.

There are more active ransomware groups (10) attacking healthcare organizations than any other sector, indicating the industry is being actively targeted rather than falling victim to spray-and-pray attacks, and in H1 2026, there were four times as many malware hits per firewall in healthcare as the next most attacked sector. UltraVNC buffer overflow attacks generated 13.3 million hits in just 5 months, as hackers primarily targeted remote desktop tools to attack healthcare organizations – no other vertical experienced remote desktop exploitation at that scale.

Healthcare organizations rely on remote desktop tools to support their distributed clinical environments, telemedicine platforms, and third-party vendor access. If remote access credentials are compromised, it gives threat actors a path to clinical systems and patient data, which can be exfiltrated and held to ransom. While network-level controls can limit data access, and multifactor authentication (MFA) can prevent compromised credentials from providing access, MFA is often not implemented, and a single set of credentials does not just unlock one application; they often grant access to the full network.

SonicWall also identified 243 unique attack methods targeting connected medical devices, with the Internet of Things (IoT) the fastest-growing and hardest-to-patch exposure. Healthcare organizations have a huge range of deployed connected devices, including infusion pumps, patient monitors, imaging systems and more, which means a huge attack surface to defend. Unfortunately, the attack surface is growing faster than security teams can govern it. IoT devices are often not routinely patched, cannot run endpoint agents, and often share network segments with clinical systems that contain protected health information.

“Healthcare does not have a cybersecurity problem. It has three of them,” explained Michael Crean, SonicWall SVP of Managed Services. Remote desktop tools without layered controls and MFA; a huge IoT footprint containing vulnerable devices; and targeted ransomware attacks. “Attackers have figured out how to use all of them at the same time.”

Hackers continue to target the sector as the returns are too reliable and the defenses too predictable. “What our research makes clear is that attackers have done the math. Hospitals cannot go dark, downtime is measured in patient outcomes, and the pressure to pay is unlike anything in any other sector. None of that changes until healthcare stops relying on security architectures built for a world that no longer exists, and starts treating Zero Trust not as a future initiative, but as the baseline they needed yesterday.”

The immediate steps recommended by SonicWall are to restrict UltraVNC and RDP to internal VLANS and ensure that MFA is implemented for all remote access, with no exceptions for vendors and no break-glass credentials. Connected medical IoT devices must be placed on isolated networks, away from clinical systems. Healthcare organizations need to implement application-level Zero Trust and ensure that legacy vulnerability exposure is addressed. SonicWall recommends conducting a comprehensive inventory of clinical middleware and IoT firmware and then ensuring that vulnerabilities are patched or devices isolated on a defined schedule.

The post Remote Desktop Tools are the Front Door in Healthcare, and Hackers are Walking Through appeared first on The HIPAA Journal.