Data breaches have recently been announced by Delta Medical Systems in Wisconsin, Ansell Healthcare Products in New Jersey, and FuturHealth in California.

Delta Medical Systems, Wisconsin

Delta Medical Systems, a Wisconsin-based provider of medical imaging solutions and associated services, has notified state attorneys general about an email incident that occurred last summer. On July 15, 2025, Delta Medical Systems identified unusual activity within its email environment. Immediate action was taken to secure its email system and network, and a forensic investigation was launched to determine the cause, nature, and scope of the activity.

Assisted by third-party cybersecurity experts, Delta Medical Systems determined that an unauthorized third party had access to its email environment and may have viewed or acquired company data, including patient information, on July 15, 2025. The affected data was reviewed, and that process was completed in November 2025, when it was confirmed that personal and protected health information was involved. Data compromised in the incident included names, birth dates, Social Security numbers, driver’s license numbers/state identification numbers, bank account and routing numbers, health insurance information, and medical information.

On February 11, 2026, Delta Medical Systems finished identifying and notifying the affected individuals. Individuals whose Social Security numbers were exposed have been offered complimentary credit monitoring and identity theft protection services, and steps have been taken to improve security to prevent similar incidents in the future. At present, the data breach is not listed on the HHS’ Office for Civil Rights breach portal, so it is unclear how many individuals have been affected.

Ansell Healthcare Products, New Jersey

Ansell Healthcare Products, a New Jersey-based manufacturer of medical protective products, has notified state attorneys general about a data breach last summer that affected 2,061 individuals. Anomalous activity was identified within its computer systems on September 30, 2025, and the forensic investigation confirmed that an unknown actor had access to its computer systems between August 9, 2026, and September 30, 2026.

The review of the affected data confirmed that the personally identifiable information of employees was compromised in the incident, including names and Social Security numbers. No ransomware or hacking group appears to have claimed responsibility for the incident, and Ansell Healthcare Products said it is unaware of any of the impacted data being exposed online.  Notification letters were mailed to the affected individuals on March 10, 2026. Due to the nature of the exposed data, Ansell Healthcare Products has offered the affected individuals complimentary credit monitoring and identity theft protection services for 12 months.

FuturHealth

San Diego, CA-based FuturHealth, a health tech company that provides a telehealth-focused platform for weight loss programs, has recently notified the Vermont Attorney General about a security incident that occurred last summer. Unauthorized activity was identified within its computer systems on August 8, 2025. The forensic investigation determined that there had been unauthorized network access between August 8, 2025, and August 14, 2025, during which time files containing sensitive data were exfiltrated from its network.

The file review confirmed that the impacted data included names, health insurance information, and other sensitive data. FuturHealth has confirmed that the affected individuals have been offered complimentary credit monitoring and identity theft protection services for 12 months. In October 2025, individuals affected by an earlier data breach received notification letters. That breach occurred in October 2024 and involved unauthorized access to a data storage environment containing G-Plan data.

The post Delta Medical Systems Notifies Patients About July 2025 Cyberattack appeared first on The HIPAA Journal.

Data breaches have recently been reported by Cedar Valley Services and Health Dimensions Group in Minnesota, and Community Nurse in Massachusetts.

Cedar Valley Services, Minnesota

Cedar Valley Services, a provider of vocational rehabilitation services to individuals in Southern Minnesota, has notified the HHS’ Office for Civil Rights about a data incident that involved the exposure of individuals’ protected health information. Little information about the incident has been publicly disclosed by Cedar Valley Services at this point, other than it being a hacking/IT incident affecting at least 501 individuals. The 501 total provided to the HHS’ Office for Civil Rights is a commonly used placeholder figure when the number of affected individuals has yet to be determined.

This appears to have been a ransomware attack by the Qilin ransomware group, which added Cedar Valley Services to its dark web data leak site in December 2025. Qilin claims to have exfiltrated sensitive data in the attack. The listing was added on December 21, 2025, and screenshots of data allegedly stolen in the attack have been uploaded to the data leak site as proof; however, as of March 17, 2026, the full dataset does not appear to have been leaked.

Community Nurse, Massachusetts

Community Nurse, a Fairhaven, MA-based home health agency, has confirmed that the personal and protected health information of 6,746 individuals has potentially been compromised in a security incident at its document management and billing services vendor, Doctor Alliance. Doctor Alliance experienced a network disruption on November 13, 2025. The forensic investigation determined that a threat actor may have viewed or acquired files without authorization between October 31, 2025, and November 17, 2025.

The analysis of those files was completed on March 2, 2026, and confirmed that they contained information such as names, addresses, dates of birth, Medicare numbers, start of care dates, certification period dates, medical record numbers, provider names and addresses, type of advance directives, diagnoses/current health statuses, medication lists, treatment orders, and goals of treatment. Doctor Alliance has implemented additional security measures to prevent similar incidents in the future, and notification letters have now been mailed to the affected individuals.

Health Dimensions Group, Minnesota

Health Dimensions Group, a Minneapolis, Minnesota-based provider of senior living and senior care management and consulting services, has reported a data breach to the Maine Attorney General that affected 450 individuals, including 1 Maine resident. Legal counsel for Health Dimensions Group explained in the notification letters that it first learned about a cybersecurity incident on October 20, 2025, and activated its incident response plan. Third-party cybersecurity experts were engaged to investigate the incident and assist with securing its environment, and they confirmed on November 6, 2025, that files were obtained in the incident.

The data review was completed on February 4, 2026, when it was confirmed that information relating to independent contractors was compromised in the incident, including names, addresses, and Social Security numbers. Notification letters were mailed to the affected individuals on March 11, 2026. While no data misuse has been identified, complimentary credit monitoring and identity theft protection services have been made available. The Worldleaks threat group claimed responsibility for the attack and leaked the stolen data, indicating the ransom was not paid. Since data has been leaked online, the affected individuals are advised to take advantage of the free credit monitoring services being offered.

The post PHI Exposed in Data Breaches at Cedar Valley Services; Community Nurse; Health Dimensions Group appeared first on The HIPAA Journal.

The Chicago, IL-based Catholic health system CommonSpirit Health has announced that it has been affected by a security incident at a vendor of one of its business associates.  The healthcare consulting company Pinnacle Holdings Ltd experienced network disruption on November 25, 2024, as a result of a ransomware attack. The ransomware group had access to Pinnacle’s network from November 11, 2024, to November 25, 2024. During that time, files were exfiltrated from Pinnacle’s network.

Pinnacle was a vendor of CommonSpirit Health’s vendor, NorthGauge Healthcare Advisors. In a breach notice issued to the Washington Attorney General on behalf of CommonSpirit Health, NorthGauge explained that Pinnacle immediately isolated its network when the attack was detected and has since implemented additional security measures to prevent similar incidents in the future. NorthGauge explained that Pinnacle had strict policies and procedures in place concerning data retention and data destruction, which limited the amount of data compromised in the incident.

Pinnacle engaged a third-party vendor to review the exposed data, and in November 2025 – a year after the attack – Pinnacle notified NorthGauge about the incident. NorthGuage said it did not receive confirmation about the identities of the affected individuals until January 30, 2026, and notified CommonSpirit Health about the affected Washington residents on February 2, 2026. NorthGauge said individual notification letters will be mailed to the affected Washington residents as soon as up-to-date contact information has been obtained. Those individuals are being offered complimentary credit monitoring and identity theft protection services.

The breach notice does not state the types of data compromised in the incident; however, they are stated in the individual notification letters to the affected individuals. According to the Washington Attorney General, the breach affected 19,027 Washington residents. The incident is not currently listed on the HHS’ Office for Civil Rights website, so it is unclear if individuals in other states have also been affected.

The post CommonSpirit Health Patients Affected by Vendor Data Breach appeared first on The HIPAA Journal.

Meadowlark Hills retirement community in Kansas and MedPeds Associates of Sarasota in Florida have announced data breaches. The Beast ransomware group has claimed responsibility for both attacks.

Manhattan Retirement Foundation (Meadowlark Hills), Kansas

Manhattan Retirement Foundation, doing business as Meadowlark Hills, has reported a breach of the protected health information of 14,442 individuals to the HHS’ Office for Civil Rights. The Manhattan, KS-based non-profit retirement community and skilled nursing facility explained that unauthorized access to its network was identified on or around July 21, 2025. The forensic investigation determined that there had been unauthorized network access between July 12, 2025, and July 21, 2025. During that time, files containing personal and protected health information were exfiltrated from its network.

The review of the files on the compromised parts of its network was completed on January 28, 2026, when it was confirmed that the following data elements were involved: name, date of birth, Social Security number, Driver’s license number/state identification number, other government identifiers, financial account information, credit/debit card information, health insurance information, and medical information.

Written notification letters were mailed to affected individuals in late February, and complimentary single-bureau credit monitoring and identity theft protection services have been made available to individuals whose Social Security numbers were involved. The Beast threat group claimed responsibility for the attack and claims to have exfiltrated 750 GB of data.

MedPeds Associates of Sarasota

MedPeds Associates of Sarasota, an internal and pediatric medicine practice in Florida, is notifying 21,430 individuals about a data breach involving their personal and protected health information. According to the notification letters, MedPeds identified unauthorized access to its computer network on September 2, 2025, when ransomware was used to encrypt files.

MedPeds said some patient data was subject to unauthorized access during the attack. The affected files have been reviewed and found to contain names, birth dates, addresses, phone numbers, and patient medical records. The FBI was notified about the intrusion, and the practice has been working with the FBI’s cybersecurity department and has implemented additional safeguards and security measures to prevent similar incidents in the future.

No evidence has been found to indicate any misuse of the impacted data; however, as a precaution, the affected individuals have been offered complimentary credit monitoring and identity theft protection services. While the name of the group was not disclosed by MedPeds, the Beast ransomware group claimed responsibility for the attack. The group claimed to have exfiltrated 400 GB of data and added MedPeds to its data leak site; however, the data allegedly stolen in the attack does not appear to have been published at the time of writing.

The post Ransomware Group Claims Attacks on Meadowlark Hills Retirement Community & MedPeds appeared first on The HIPAA Journal.

A data breach has been announced by Tieu Dental Corporation in California. The Children’s Council of San Francisco has determined that more than 12,650 individuals have been affected by a ransomware attack.

Tieu Dental Corporation

Tieu Dental Corporation, a California-based provider of oral and maxillofacial surgery services, started has notifying patients about unauthorized access to its computer network last summer. The intrusion was identified on or around July 29, 2025, and the forensic investigation confirmed that an unauthorized third party accessed its network between July 28 and July 29, 2025.

The compromised parts of its network were reviewed, and on January 11, 2026, Tieu Dental confirmed that the compromised files included patient data such as names, dates of birth, Social Security numbers, medical records, treatment plans, prescription information, and health insurance information. Tieu Dental has not identified any misuse of patient data as a result of the incident; however, out of an abundance of caution, the affected individuals have been offered complimentary credit monitoring and identity theft protection services. No known threat group has publicly claimed responsibility for the incident.

While regulators have been notified, the incident is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.

Children’s Council of San Francisco

Children’s Council of San Francisco (CCSF), a nonprofit childcare resource and referral agency, has notified regulators about a data breach impacting 12,655 individuals. CCSF identified a security breach on August 3, 2025, that caused network disruption. Assisted by third-party cybersecurity experts, CCSF secured its network, investigated the incident, and determined that an unknown hacker gained access to its network on August 1, 2025, and acquired certain data. The SafePay ransomware group claimed responsibility for the attack.

The file review was completed on or around February 23, 2026, when it was confirmed that names and Social Security numbers were present in the acquired files. Notification letters were mailed to the affected individuals on March 2, 2026, and complimentary single-bureau credit monitoring and identity theft protection services have been offered.  CCSF notified the Federal Bureau of Investigation about the incident and has implemented measures to harden security and reduce the risk of similar incidents in the future.

The post California Dental Care Provider Announces Data Breach appeared first on The HIPAA Journal.

Stryker, a U.S. medical device and medical equipment manufacturer based in Portage, Michigan, is dealing with a cyberattack linked to the current U.S. military action in Iran. The cyberattack started shortly after midnight and has caused an outage of systems across the organization. An Iran-linked hacking group has claimed responsibility for the attack.

Stryker has operations in 61 countries and has a global workforce of more than 56,000 employees. Stryker said in a filing with the U.S. Securities and Exchange Commission (SEC) that the attack has and is expected to continue to cause “disruptions and limitations of access to certain of the Company’s information systems and business applications.” Stryker is currently unable to provide a timeline for when systems and data will be recovered and when normal operations will resume.

This does not appear to have been a ransomware attack, but rather a data theft and wiping attack. The attack affected Stryker’s Microsoft programs, including the wiping of Windows-based devices such as mobile phones and laptops. Stryker said it has found no indications that ransomware or malware was used, and said it believes it has contained the attack. An investigation has been launched to determine the impact of the attack on its computer systems.

According to the Wall Street Journal, Stryker’s login pages were defaced with the hacking group’s logo. Stryker said it has business continuity measures in place and will continue to support its customers and partners while it recovers from the attack. Stryker has also committed to transparency and said it will keep stakeholders informed as the investigation and recovery processes progress.

An Iran-linked hacking group called Handala immediately claimed responsibility for the attack in an announcement on X. The group claimed its attack has caused disruption at 79 Stryker offices around the world, involved more than 200,000 systems, servers, and mobile devices being wiped, and 50 terabytes of data were exfiltrated in the attack. “We announce to the world that, in retaliation for the brutal attack on the Minab school and in response to ongoing cyber assaults against the infrastructure of the Axis of Resistance, our major cyber operation has been executed with complete success,” the group said in a post on X.

While the initial access vector is not known, security researcher Kevin Beaumont suggests that Handala actors gained access to Stryker’s Active Directory services and used the Microsoft endpoint management tool Intune to remotely wipe Microsoft devices, including devices used by employees managed under its bring-your-own-device policy.

While Handala appears at face value to be a hacktivist group, the group has been linked to Iran’s Ministry of Intelligence and Security. Palo Alto Networks suggests that Handala is part of the Ministry of Intelligence and Security and masquerades as a hacktivist group, allowing Iran to deny responsibility for its cyber operations.

While Iran has executed a military response to the US-Israel military action, retaliation to the attacks was always likely to involve more than just missiles. Iran has sophisticated cyber capabilities, and any response was likely to take place in cyberspace. Iranian officials stated this week that Tehran would expand its targeting to include economic centers and banks tied to the United States or Israel, and that U.S. companies with ties to the U.S. military or Israel would also be attacked. Stryker has a presence in Israel, including OrthoSpace, an orthopedic device maker that the company acquired in 2019. Handala claimed that Stryker was “a Zionist-rooted corporation.”

“Attacks like this unfortunately aren’t surprising. Even before the latest geopolitical tensions, hacktivist activity targeting healthcare and other critical infrastructure had been steadily increasing, and that trend makes organizations like medical device manufacturers and hospitals more likely to be caught in the crossfire. In many cases, attackers simply find the path of least resistance—an exposed system, an unsecured management console, or credentials that allow them to move deeper into the environment—and once they gain administrative access, they effectively hold the keys to the kingdom and can disrupt everything from mobile devices to operational systems,” Skip Sorrels, Field CTO and CISO, Claroty, said in a statement provided to The HIPAA Journal. “As a former ICU nurse, I’ve seen firsthand how even small technology outages ripple through care delivery, which is why cybersecurity in healthcare must be treated as part of patient safety, with organizations prioritizing visibility into their cyber-physical systems and closing those “open doors” before attackers find them.”

Steve Povolny, Vice President of AI Strategy & Security Research at Exabeam told The HIPAA Journal the attack illustrates how cyber operations are increasingly becoming the asymmetric response of choice during periods of regional conflict or political tension, and that cyber activity from proxy groups provides Tehran with a deniable way to impose costs on Western economies and technology ecosystems.

“Groups like Handala blur the line between hacktivism and state operations, giving governments plausible deniability while still achieving strategic signaling. The cautionary lesson for defenders is that these campaigns are rarely isolated events,” said Povolny. “They are often part of a broader pressure strategy designed to create disruption across multiple industries that support national stability, from healthcare and logistics to energy and manufacturing. Organizations that do not traditionally view themselves as geopolitical targets may increasingly find themselves on the front lines of state-linked cyber conflict.”

The post Iran Linked Hacking Group Wipes Data of Leading U.S. Medical Device Manufacturer appeared first on The HIPAA Journal.

ID Care in New Jersey and Barrio Comprehensive Family Health Care Center (CommuniCare) in Texas have confirmed that patients’ personal and protected health information have been compromised in recent data security incidents.

ID Care

ID Care, a New Jersey-based network of board-certified infectious disease specialists, has recently disclosed a data security incident that involved unauthorized access to the personal and protected health information of current and former patients.

Suspicious activity was identified within certain systems on November 5, 2025. Industry-leading cybersecurity specialists were engaged to investigate the activity and confirmed that an unknown actor gained access to its network and accessed or downloaded files without authorization.

ID Care is currently reviewing the affected files, and while that process has not yet been completed, ID Care has confirmed that the affected files contained full names, dates of birth, Social Security numbers, health insurance information, and medical information, including diagnoses, treatment information, and prescription information.

Policies and procedures are being reviewed to reduce the likelihood of similar incidents in the future, and the HHS’ Office for Civil Rights has been notified about the data breach. The data breach is not yet shown on the OCR breach portal, so the scale of the breach is currently unclear.

Barrio Comprehensive Family Health Care Center (CommuniCare)

Barrio Comprehensive Family Health Care Center (CommuniCare), a non-profit clinic in San Antonio, Texas, has identified unauthorized access to an employee’s email account. The email account breach was identified on September 16, 2025, and third-party cybersecurity experts were engaged to determine the nature and scope of the unauthorized activity. CommuniCare determined that emails in the account had been accessed without authorization, some of which contained patient information.

Following a lengthy review of the affected emails and files, CommuniCare determined on February 19, 2026, that they contained first and last names, in combination with one or more of the following: dates of birth, health insurance account/member/group numbers, clinical information, diagnoses, medical treatment/procedure information, prescription information, provider locations, and patient account numbers.

CommuniCare said it is unaware of any misuse of patient data as a result of the incident, nor does it have any reason to believe that any information in the compromised account will be misused; however, the affected individuals have been advised to remain vigilant against data misuse by monitoring their accounts, explanation of benefits statements, and free credit reports for suspicious activity. The incident is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is unclear how many individuals have been affected.

The post ID Care & CommuniCare Announce Data Breaches appeared first on The HIPAA Journal.