HIPAA Breach News

PHI Potentially Stolen in Phishing Attack on Superior Vision Service

Superior Vision Service has announced that protected health information has been compromised in a phishing attack. People Encouraging People has fallen victim to a ransomware attack.

Superior Vision Service

Superior Vision Service, a vision insurance company and subsidiary of Versant Health, has announced a July 2025 security incident.  According to the September 26, 2025, notification letters, Superior Vision learned on July 11, 2025, that an employee had been tricked in a sophisticated phishing attack and disclosed their credentials to the attacker.  The employee responded to the phishing email on July 9, 2025, and the threat actor used the employee’s credentials to access their account. On July 11, 2025, the threat actor may have copied emails from the account that contained sensitive customer information.

The account was reviewed and found to contain full names, physical addresses, phone numbers, email addresses, dates of birth, genders, Social Security numbers, vision coverage election information, and employment information related to enrollment. Notification letters are now being sent to the affected individuals, who have been offered a complimentary 12-month membership to a three-bureau credit monitoring service. Superior Vision has also implemented additional safeguards to prevent similar data breaches in the future. State attorneys general have been notified about the breach, and the website of the Texas Attorney General indicates 3,161 Texas residents have been affected; however, it is unclear how many individuals have been affected in total.

People Encouraging People

People Encouraging People, a behavioral healthcare provider in Baltimore, Maryland, has experienced a ransomware attack that involved data theft and file encryption. The attack was identified on or around December 21, 2024. A forensic investigation was launched, which confirmed that the attacker had access to its network between December 18, 2024, and December 23, 2024, during which time files containing sensitive patient data were stolen. The file review confirmed that the stolen data included full names, addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account information, diagnosis information, medication information, and treatment information. The types of information involved vary from individual to individual.

People Encouraging People is unaware of any misuse of the stolen information; however, patients have been advised to remain vigilant against identity theft and fraud. Safeguards had been implemented to prevent unauthorized access to its computer network and patient data, and those safeguards are being reviewed and enhanced to prevent similar incidents in the future. The ransomware attack has been reported to the HHS’ Office for Civil Rights as involving the protected health information of 13,083 individuals.

The post PHI Potentially Stolen in Phishing Attack on Superior Vision Service appeared first on The HIPAA Journal.

Data Breaches Announced by Treasure Coast Hospice & Harbor

Treasure Coast Hospice, a palliative care provider in Florida, and Harbor, a mental health and addiction treatment service provider in Ohio, have recently announced security incidents that have exposed patient data.

Health & Palliative Services of the Treasure Coast (Treasure Coast Hospice), Florida

Health & Palliative Services of the Treasure Coast, Inc. d/b/a Treasure Coast Hospice, a provider of palliative care and hospice services to residents of Martin, St. Lucie, and Okeechobee counties in Florida, has recently notified 13,234 individuals about a September 2024 security incident. On September 25, 2025, Treasure Coast Hospice was made aware of unusual activity within its email environment. A third-party cybersecurity firm was engaged to investigate the activity and confirmed unauthorized access to an email account that contained patient information.

The account was reviewed, and on July 15, 2025, the data mining process was completed, and it was confirmed that a range of information had been exposed and may have been accessed or copied. The types of information involved vary from individual to individual and may include names in combination with one or more of the following: date of birth, demographic information, Social Security number, driver’s license number, medical information, financial information, and health insurance information.

At the time of issuing notification letters, Treasure Coast Hospice was unaware of any misuse of the exposed information; however, as a precaution against identity theft and fraud, the affected individuals have been offered complimentary credit monitoring and identity theft protection services. Treasure Coast Hospice said it strongly encourages the affected individuals to take advantage of the services being offered. Additional security measures have been implemented to harden email security, weekly security scans will be conducted, and additional training is being provided to its workforce.

Harbor, Ohio

Harbor, a mental health and substance use disorder treatment provider in Ohio, confirmed in a September 30, 2025, press release that an unauthorized third party breached its security defenses and gained access to its computer network. Suspicious activity was identified on August 1, 2025, and an investigation was launched to determine the nature and scope of the unauthorized activity.

The investigation determined that an unauthorized third party had access to its computer network between July 25, 2025, and August 1, 2025, during which time files were exfiltrated from its network. The types of information in the files vary from individual to individual, and may include names, addresses, birth dates, Social Security numbers, driver’s license numbers/state identification numbers, diagnoses, treatment information, clinical information, financial account information, and health insurance information.  Harbor is reviewing its security policies and procedures and will take steps to improve privacy and security. The incident is not yet shown on the HHS’ Office for Civil Rights website, so it is currently unclear how many individuals have been affected.

The post Data Breaches Announced by Treasure Coast Hospice & Harbor appeared first on The HIPAA Journal.

Florida Medication Management Provider Discloses 150K-record Data Breach

Outcomes One, a Florida-based business associate of health plans, has disclosed a phishing incident that has affected almost 150,000 individuals. Emergency Responders Health Center in Idaho has experienced an email breach affecting more than 1,500 individuals.

Outcomes One, Inc., Florida

Outcomes One, Inc., a Florida-based provider of medication therapy management and medication adherence technology solutions to health plans, is notifying 149,094 individuals about a recent email security incident. An employee identified unusual activity in his Outcomes One email account on July 1, 2025, and reported it to the security team. The email account was immediately secured, and an investigation was launched to determine the cause of the activity. The investigation confirmed that the breach was limited to a single employee email account, which had been accessed by an unauthorized third party following a response to a phishing email. Outcomes One said the attack was identified and remediated within an hour.

The account was reviewed and found to contain names in combination with one or more of the following: demographic information, health insurance information, medication information, and medical provider names. The breach notice provided to the California Attorney General indicates the affected individuals had Aetna Health Insurance plans. Outcomes One has provided additional training for the workforce to help with phishing email identification, and additional safeguards have been implemented to reduce the risk of similar breaches in the future.

Emergency Responders Health Center

Emergency Responders Health Center in Boise, Idaho (EHRC), has recently disclosed an email security incident. Unusual activity was identified in an employee’s email account on April 11, 2025. The account was secured, and an investigation was launched to determine the nature and scope of the activity. Assisted by third-party cybersecurity experts, EHRC determined that several email accounts had been accessed by an unauthorized third party. All email accounts have now been secured.

EHRC published a substitute breach notice on its website on July 23, 2025; however, at the time, the investigation and review of the affected accounts were ongoing, so it was not possible to state how many individuals had been affected or the types of information involved. The list of affected individuals was finalized on September 16, 2025, when it was confirmed that a total of 1,528 individuals had been affected, including 526 residents of Washington state. The exposed information included names, dates of birth, driver’s license numbers, Social Security Numbers, medical information, and health insurance information.

Notification letters started to be mailed to the affected individuals on September 26, 2025. To date, EHRC has not identified any misuse of the impacted data, but as a precaution, has offered the affected individuals a complimentary 12-month membership to a credit monitoring and identity theft protection service. EHRC said several steps have been taken to prevent similar breaches in the future. Staff members have received additional security training, user credentials have been changed, and monitoring has been enhanced.

The post Florida Medication Management Provider Discloses 150K-record Data Breach appeared first on The HIPAA Journal.

Connecticut Medical Rehabilitation Center Announces Hacking Incident

Gaylord Specialty Healthcare is notifying patients affected by a December hacking incident, and Gainwell Technologies has reported a breach involving the data of Medicaid recipients in Georgia.

Gaylord Specialty Healthcare, Connecticut

Gaylord Farm Association Inc., doing business as Gaylord Specialty Healthcare, a nonprofit medical rehabilitation center in Wallingford, Connecticut, has recently started notifying patients about a December 2024 security incident that potentially involved unauthorized access to patient information.

Suspicious activity was identified within its computer network on December 19, 2024, and the forensic investigation confirmed unauthorized access to its network from December 16 to December 19. Files were reviewed to determine the types of information involved and the individuals affected. On August 25, 2025, Gaylord learned that the impacted data included names, dates of birth, Social Security numbers, taxpayer ID numbers, driver’s license or state ID numbers, passport numbers, account numbers, routing numbers, payment card numbers, payment card CVVs, medical record numbers, mental or physical condition, treatment information, diagnoses and diagnosis codes, treatment locations, procedure types, provider names, treatment costs, medical date of services, admission/discharge dates, prescriptions, billing/claims information, health insurance information and/or patient account numbers.

Gaylord said it issued a provisional notice to the HHS’ Office for Civil Rights about the data breach and uploaded a breach notice to its website on February 28, 2025; however, the incident is not yet shown on the HHS’ data breach portal, which suggests the initial estimate indicated that fewer than 500 individuals were affected. Gaylord said the delay in issuing individual notifications was due to the complex and time-consuming review of the affected files, which required a manual review of thousands of documents. Security policies, procedures, and practices have been reviewed and enhanced to prevent similar breaches in the future. The total number of affected individuals is not currently known, although the breach was reported to the Maine Attorney General as affecting 75 Maine residents.

Gainwell Technologies, Virginia

Gainwell Technologies, a provider of technology solutions and software to healthcare organizations and government agencies, has recently announced a data breach affecting 912 Medicaid recipients in Georgia. Gainwell Technologies is the fiscal agent for Medicaid in the state, and contracts with Georgia’s Department of Community Health. According to a statement issued by the contractor, on July 23, 2025, an unauthorized caller requested access to payments to providers and gained access to a reimbursement account that contained patient information.

The account contained billing statements that included Medicaid recipients’ names, Medicaid ID numbers, coverage information, and payment information for the periods when services were received. Gainwell Technologies said it is unaware of any misuse of the affected data but has offered complimentary credit monitoring services to the affected individuals for a period of one year as a precaution.

The post Connecticut Medical Rehabilitation Center Announces Hacking Incident appeared first on The HIPAA Journal.

Data Exfiltrated in Hacking Incident at Healthcare Interactive Inc.

Healthcare Interactive Inc. has confirmed that data was exfiltrated in a July 2025 hacking incident. Data breaches have also been reported by the Health Department of the City of St. Joseph in Missouri and Viva Health in Alabama.

Healthcare Interactive (HCIactive)

Healthcare Interactive Inc., a provider of AI-powered software solutions for insurance enrollment and benefits administration, has recently announced a July 2025 hacking incident that involved the exfiltration of files from its network. Suspicious activity was identified within its computer network on or around July 22, 2025. An investigation was launched to identify the cause of the activity, which confirmed unauthorized access to its network and data exfiltration from its network between July 8, 2025, and July 12, 2025.

The review of the exposed files confirmed that they contained protected health information such as names, addresses, email addresses, phone numbers, dates of birth, Social Security numbers, health insurance enrollment information, medical record numbers, diagnoses, lab results, prescriptions, and other care and treatment information, medical images, doctors’ names, and health insurance claims information.

While sensitive data was stolen, Healthcare Interactive said it is unaware of any misuse of that information; however, as a precaution, the affected individuals have been offered complimentary credit monitoring and identity theft protection services. Security policies and procedures are being reviewed, and additional safeguards are being implemented to better secure its systems and data. The data breach is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is unclear how many individuals have been affected.

City of St. Joseph Health Department, Missouri

The Health Department of the City of St. Joseph in Missouri experienced a hacking incident that caused network disruption on June 9, 2025. Third-party cybersecurity experts were engaged to investigate and determine the nature and scope of the activity. The investigation confirmed that there may have been unauthorized access to files containing patient data, and files may have been exfiltrated from the network.

Data mining experts were engaged to review the files, and on September 4, 2025, it was confirmed that 11,538 patients had been affected and had some of their protected health information exposed. The types of information involved vary from individual to individual and may include first and last names, dates of birth, driver’s license numbers/state identification numbers, passport numbers, Social Security numbers, and medical diagnosis and treatment information. The health department engaged cybersecurity experts to review its security practices and protocols, and enhancements have been made based on their recommendations.

Viva Health, Alabama

Viva Health, an Alabama-based health insurance company that works with the Alabama Medicaid agency, has identified an exposed file on its website that contained the protected health information of 4,945 of its members. The exposed file was identified on August 27, 2025, and the investigation confirmed that it was accessible via the website from June 14, 2025, to August 27, 2025. The file contained limited member information – Medicare numbers, member IDs, group numbers, county of residence, and authorization numbers from August and September 2024. The file did not include members’ names, nor highly sensitive information such as Social Security numbers or financial information. As a precaution against data misuse, members have been advised to monitor their Explanation of Benefits statements and have been offered one year of complimentary credit monitoring services.

The post Data Exfiltrated in Hacking Incident at Healthcare Interactive Inc. appeared first on The HIPAA Journal.

Veradigm Announces Data Breach Affecting Several Customers

On September 22, 2025, Veradigm, a Chicago, Illinois-based provider of practice management and electronic health record solutions to healthcare providers (formerly Allscripts), started issuing notification letters about a July 2025 security incident that involved unauthorized access to customer data.

On July 1, 2025, Veradigm learned that an unauthorized third party had accessed one of its storage locations. Steps were immediately taken to block the unauthorized access, law enforcement was notified, and third-party digital forensics and cybersecurity experts were engaged to investigate the activity and mitigate any impact of the unauthorized access. The investigation determined that a data security incident at one of its customers resulted in credential theft that allowed access to a Veradigm storage account. The attacker used the credentials to access the storage account on or around December 2024. Veradigm learned about the unauthorized access through a third party that was investigating its customer’s security incident. The data breach was limited to the storage account, and no other systems or environments were affected. While data was exposed, Veradigm is unaware of any misuse of the exposed data.

The file review confirmed that the following types of information had been exposed: name, contact information, date of birth, health records information (diagnoses, medications, test results, and treatments), health insurance information, payment details, and limited identifiers, such as Social Security numbers and driver’s license numbers. The types of information involved vary from individual to individual. Veradigm has implemented additional technical safeguards to prevent similar incidents in the future and has offered the affected individuals complimentary credit monitoring and identity theft protection services.

The incident is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected. The data breach affected several of its customers and is likely to be a significant data breach. At least 70,000 individuals have been confirmed as affected in two states alone, based on the breach reports submitted to the Texas and South Carolina state attorneys general. The California Attorney General has also been informed that state residents have been affected.

The post Veradigm Announces Data Breach Affecting Several Customers appeared first on The HIPAA Journal.

Security Researcher Identifies Exposed 150,000-record Home Health Care Database

Cybersecurity researcher Jeremiah Fowler has found an exposed 23.7 GB database containing more than 145,000 files, such as PDFs, PNGs, and other image files. The database has been linked to the California home health and palliative care provider, Archer Health. Fowler analyzed a sample of the files and identified patient names, contact information, Social Security numbers, and patient ID numbers. The files included medical documents such as discharge summaries, which included health information such as conditions, diagnoses, admission and discharge dates, treatment information, care plan information, as well as assessments and home health certifications.

Many of the image files were screenshots of healthcare management software that showed active dashboards, logging, tracking, and scheduling details. Some of the folder names included patients’ first and last names – a bad security practice. As Fowler pointed out, personally identifiable information such as patient names can easily be exposed through error or monitoring logs. Fowler was able to link the database to Archer Health and notified the company about the exposed database, which was secured within hours and is no longer accessible. Archer Health thanked Fowler for bringing the matter to their attention and confirmed that an investigation had been launched, and any security issues that led to the exposure would be addressed.

It was not possible to tell how long the database was exposed, if it was accessed or copied by any unauthorized individuals, or whether the database was maintained by Archer Health or one of its vendors. Since only a sample of files was analyzed, it is unclear how many patients had their data exposed.

Mailing Error Impacts More Than 3,100 Arizonans

The Arizona Health Care Cost Containment System (AHCCCS), Arizona’s Medicaid agency, has notified 3,177 members about an impermissible disclosure of a limited amount of protected health information. On August 29, 2025, a mailing error was identified with a routine mailing regarding members’ health plan enrollment when a member called AHCCCS after receiving a misdirected letter.

The mailing was immediately halted, and an investigation was launched to determine the cause of the error, the individuals affected, and the information involved. The letters did not include any highly sensitive information, such as Social Security numbers, only a member’s name, AHCCCS identification number, and health plan name. In each case, the letters were sent to one incorrect recipient. HCCCS said it has conducted a review of its mailing processes and procedures and has taken steps to prevent similar mis-mailings in the future.

The post Security Researcher Identifies Exposed 150,000-record Home Health Care Database appeared first on The HIPAA Journal.

Cyberattack on Coos County Family Health Services Exposed Patient Data

Data breaches have recently been announced by Coos County Family Health Services in New Hampshire, Roush Fenway Keselowski Racing in North Carolina, and the University of North Carolina at Chapel Hill/UNC School of Medicine.

Coos County Family Health Services

Coos County Family Health Services, a primary care provider based in Berlin, New Hampshire, has recently announced a privacy incident that was identified on July 9, 2025, when suspicious activity was observed in its servers and phone systems. An investigation was launched, which confirmed that an unauthorized third party had access to its servers and phone systems on July 9, 2025, and may have copied data from those systems.

While ransomware was not mentioned in the notification letters, this appears to have been a ransomware attack. A ransomware group called RunSomeWarez claimed responsibility for the attack and added Coos County Family Health Services to its dark web data leak site. The group claims to have exfiltrated data. A ransom does not appear to have been paid.

Coos County Family Health Services reviewed the affected files and confirmed that they contained patient information such as names, dates of birth, contact information, Social Security numbers, medical information, and medical identification numbers. While no evidence has been found to suggest any misuse of the exposed data, complimentary credit monitoring and identity theft protection services have been offered to the affected individuals as a precaution.  Security policies and procedures have also been reviewed and enhanced to prevent similar incidents in the future.

Roush Fenway Keselowski Racing

Roush Fenway Keselowski Racing has recently announced that it was the victim of a cyberattack that resulted in unauthorized access to systems containing the protected health information of employee health plan members. Suspicious activity was identified within its computer environment on May 14, 2025, and third-party digital forensics experts were engaged to investigate the activity. The investigation confirmed that files were either accessed or copied from its network.

The files were reviewed, and on August 4, 2025, Roush Fenway Keselowski Racing confirmed that health plan member information was exposed, including names, addresses, dates of birth, Social Security numbers, driver’s license/state identification card numbers, health insurance subscriber numbers, passport numbers, health information, financial account information, health insurance information, health insurance claim information, and medical information. Up to 2,160 individuals were affected and have been offered complimentary identity monitoring services.

The University of North Carolina at Chapel Hill – School of Medicine

The University of North Carolina at Chapel Hill and the University of North Carolina Hospitals have announced a breach of an email account of a UNC School of Medicine employee. The investigation revealed the email account was accessed by an unauthorized third party following a response to a phishing email. The attacker used social engineering techniques to trick the employee into clicking a malicious link and disclosing their account credentials. The email appeared to have been sent by a trusted source.

The breach was detected on July 24, 2025, and was remediated within 15 hours of the unauthorized access; however, during that time, the attacker potentially viewed or acquired the electronic protected health information of patients.  The potentially compromised information included names, dates of birth, diagnosis and treatment information, Social Security numbers, driver’s license numbers, financial information, health insurance information, and/or information about a research study that the individuals were involved in or eligible to participate in.

Notification letters were mailed to the affected individuals on September 19, 2025, and complimentary credit monitoring has been offered to individuals whose Social Security numbers, driver’s license numbers, financial information, and/or health insurance information were involved. The data breach was reported to the HHS Office for Civil Rights by the University of North Carolina at Chapel Hill – School of Medicine as affecting 799 individuals, and UNC Hospitals as affecting 6,377 individuals.

The post Cyberattack on Coos County Family Health Services Exposed Patient Data appeared first on The HIPAA Journal.

OneBlood Will Pay Up to $1M to Settle Class Action Data Breach Lawsuit

OneBlood, a non-profit organization that provides blood to approximately 350 hospitals in the southeastern United States, has agreed to pay up to $1,000,000 to resolve a class action lawsuit over its July 2024 ransomware attack and data breach. Between July 14, 2024, and July 29, 2024, a threat actor had access to OneBlood’s computer systems and exfiltrated sensitive data before using ransomware to encrypt files.  The investigation confirmed that protected health information had been exposed, and a total of 167,400 individuals had their names and Social Security numbers exposed or stolen.

Three of the affected individuals, Deanna Newberry, Matthew Shuttleworth, and Andy Shuttleworth, took legal action seeking damages for themselves and similarly situated individuals. In the lawsuit, Deanna Newberry, et al. v OneBlood, Inc., the plaintiffs claimed that OneBlood failed to implement reasonable and appropriate security measures to secure their personal information, and that the ransomware attack and data breach could have been prevented if appropriate security measures had been implemented.

OneBlood disagrees with the claims and contentions in the lawsuit and denies any wrongdoing, while the plaintiffs believe that their claims have merit. A settlement was agreed upon by all parties to resolve all claims in the lawsuit, with both sides agreeing that a settlement was in the best interests of all parties to avoid the costs and risks of a trial and related appeals. The settlement has received preliminary approval from Florida Circuit Court Judge Keathan B. Frink and provides benefits for the plaintiffs and class members.

Class members may choose one of two cash payments:  a claim may be submitted for reimbursement of up to $2,500 per class member for documented, unreimbursed out-of-pocket losses related to the data breach, or they may instead claim an alternative cash payment of $60.00. OneBlood will pay a maximum of $1,000,000 to cover attorneys’ fees and expenses, service awards for class members, settlement administration costs, and cash payments. If that total is reached, the cash payments will be subject to a pro rata decrease. OneBlood has also committed to making improvements to security and will provide class counsel with a confidential list of the security measures implemented since the data breach to improve security for the benefit of the settlement class and other future donors.

Class members must submit a claim for a cash payment by December 4, 2025. Should any class member wish to opt out of the settlement or file an objection, they must do so by November 9, 2025. The final fairness hearing has been scheduled for December 9, 2025. Further information can be found on the settlement website: https://oneblooddatasettlement.com/

January 15, 2025: OneBlood Notifies Individuals Affected by July 2024 Ransomware Attack

On July 31, 2024, the Florida nonprofit blood donation organization OneBlood announced it had fallen victim to a ransomware attack. The attack took its IT systems out of operation, and while blood was still able to be collected, tested, and distributed, manual processes had to be used, which significantly reduced its capacity. The reduced capacity forced the hospitals OneBlood serves to implement their critical blood shortage protocols. OneBlood serves around 350 hospitals in the Southeastern United States.

OneBlood has recently confirmed that the ransomware group exfiltrated files and folders in the attack that contained the personal information of blood donors, including their names and Social Security numbers. The breach notification letters explain that the ransomware attack was detected on or around July 28, 2024, and the investigation confirmed that the ransomware group had access to its IT network from July 14 to July 29, 2024.

It has taken four and a half months to investigate the incident and review the files and folders on the compromised parts of its network to determine the individuals affected and the types of information involved. That process was completed on December 9, 2024, and notification letters started to be mailed on or around January 9, 2025, five and a half months after the data was stolen. The affected individuals have been offered complimentary credit monitoring and identity theft protection services for 12 months. In addition to signing up for those services, the affected individuals should carefully check their accounts for signs of fraudulent charges going back to the date of the initial compromise – July 14, 2024.

It is currently unclear how many individuals had their data stolen in the attack. OneBlood has notified the South Carolina State Attorney General that 1,530 blood donors in the state are affected.

August 1, 2024: Ransomware Attack on U.S. Blood Donation Nonprofit Affecting Blood Supplies

OneBlood, a Florida-based nonprofit blood donation organization, has experienced a ransomware attack that is affecting its ability to provide blood to U.S. hospitals. OneBlood operates in Alabama, Florida, Georgia, and North and South Carolina, and provides blood to around 350 hospitals in those states. OneBlood announced on July 31, 2024, that it had fallen victim to a ransomware attack that affected its software system. OneBlood said it is still operational and is continuing to collect, test, and distribute blood, but is having to use manual processes and procedures that take considerably longer, which means it is currently operating at a significantly reduced capacity.

Due to the limited operational capacity, OneBlood has informed all 350 hospitals that it serves to implement their critical blood shortage protocols and to remain in that status until the ransomware attack has been remediated. One of the affected health systems is AdventHealth in Florida, which has confirmed that it has implemented its blood conservation protocols. To help prevent critical blood shortages, the national blood community is rallying to assist OneBlood and the hospitals and patients it serves by sending blood and platelets.

OneBlood said all blood types are required, but there is an urgent need for O-positive and O-negative blood and platelet donations, and donors across the country are being urged to make appointments for donations as soon as possible.  National resources are being coordinated by the AABB Disaster Task Force to direct additional blood products to OneBlood.

OneBlood has engaged cybersecurity specialists to assist with the investigation and determine the scope of the attack. At this early stage of the investigation, it is not possible to tell to what extent, if any, donor information has been obtained by the attackers. Further information will be released as the investigation progresses, and if donor information is involved, notifications will be issued to the affected individuals.

A source contacted Bleeping Computer and said the attack occurred over the weekend and involved the encryption of data on its VMware hypervisor infrastructure and OneBlood has confirmed that it is working around the clock to restore its software systems. While the threat actor responsible for the attack has yet to be confirmed, the RansomHub group is suspected of being behind the attack. RansomHub has no qualms about conducting attacks on healthcare organizations and has recently attacked the Rite Aid pharmacy chain, the Florida Department of Health, American Clinical Solutions (ACS) in Florida, the Baim Institute for Clinical Research in Boston, and the UK-based independent living aid manufacturer NRS Healthcare. While RansomHub was not behind the ransomware attack on Change Healthcare, it did attempt extortion after obtaining a copy of the data stolen in the attack.

There have been other recent ransomware attacks on healthcare organizations that have caused blood supply shortages.  On June 3, 2024, the Qilin ransomware group conducted a ransomware attack on Synnovis, a UK pathology services provider to the National Health Service (NHS). The attack caused major disruption to blood transfusions in London, and without access to automated processes, its ability to operate was greatly reduced, and the attack led to blood shortages that are continuing.

The hospitals that Synnovis serves were asked to restrict the use of O Type blood to essential cases and to use substitutions when it was safe to do so. Synnovis has now confirmed that it restored its systems this week; however, its blood transfusion services are expected to face continued disruption over the summer, with a full recovery not expected until early autumn. Another attack affected the U.S. operations of the Swiss pharma firm OctaPharma Plasma, which operates more than 190 donation centers in 35 states. The ransomware attack is thought to have been conducted by the BlackSuit ransomware group and forced OctaPharma Plasma to shut down its donation centers for several weeks.

The post OneBlood Will Pay Up to $1M to Settle Class Action Data Breach Lawsuit appeared first on The HIPAA Journal.