New Jersey Medical Center Suffers Ransomware Attack

Posted by Steve Alder

Central Jersey Medical Center in New Jersey has experienced a ransomware attack. David A. Nover, M.D, is notifying patients about a hacking incident, and Goglia Nutrition (FuturHealth) has announced an October 2024 data breach.

Central Jersey Medical Center, New Jersey

Central Jersey Medical Center, Inc., a Federally Qualified Health Center with locations in Perth Amboy, Newark, and Carteret, New Jersey, has started notifying dental patients about a recent security incident. On August 25, 2025, a cybercriminal actor gained access to its dental server’s network and used ransomware to encrypt files.

An investigation was launched to determine the nature and scope of the activity, and a review was conducted to identify the patients affected and the types of information that were exposed. The electronic medical record system was unaffected; however, files containing patient information were potentially accessed or obtained. At the time of issuing notification letters, Central Jersey Medical Center had not found any evidence to indicate any misuse of the exposed data. The Sinobi ransomware group claimed responsibility for the attack and added the healthcare provider to its data leak site. Sinobi claims to have exfiltrated 930 GB of data.

The types of information involved varied from patient to patient and may have included names in combination with one or more of the following: address, telephone number, email address, date of birth, race/ethnicity, Social Security number, dental record number, health insurance information, dental diagnosis, treatment history, and/or billing information.

Third-party cybersecurity experts were engaged to investigate the incident and review and enhance security, and internal procedures have been strengthened to prevent similar incidents in the future. The data breach has been reported to regulators; however, it is not currently shown on the HHS’ Office for Civil Rights breach portal, so it is unclear how many individuals have been affected.

David A. Nover, M.D., P.C., Pennsylvania

David A. Nover, M.D., P.C., a psychiatry and psychotherapy practice in Warrington, Pennsylvania, is notifying patients about a recent security incident that exposed patient information. On or around June 3, 2025, unusual activity was identified within the practice’s computer network. An investigation was launched, with assistance provided by legal counsel and third-party digital forensics specialists. The investigation confirmed unauthorized access to the network on June 3, 2025, and some files containing patient information were copied from the network. The exposed files have been reviewed, and that process was completed on October 29, 2025.

Information potentially compromised in the incident included names, dates of birth, Social Security numbers, payment card information (number, expiration date, access information), medical record numbers, patient IDs or account numbers, Medicare numbers, health insurance ID numbers, health insurance group numbers, medical diagnosis information, medical treatment information, medical treatment location, doctors’ names, treatment dates, and medical lab or test results. Credit monitoring and identity protection services have been offered to the affected individuals. The data breach is not currently shown on the HHS’ Office for Civil Rights breach portal, so it is unclear how many individuals have been affected.

FuturHealth, California

Goglia Nutrition, doing business as FuturHealth, Inc., a California-based health and wellness company specializing in nutrition plans and weight management, has experienced a data security incident. According to the notification letters mailed on October 17, 2025, the data breach occurred in October 2024.

According to the notification letters, on October 16, 2024, an unknown actor gained access to a data storage environment containing G-Plan data. The review of the affected storage environment has recently concluded and confirmed that the data compromised in the incident included names and information provided by customers as part of their subscription. Highly sensitive information such as Social Security numbers, driver’s license numbers, and financial information was not involved. The number of affected individuals has yet to be publicly disclosed.

The post New Jersey Medical Center Suffers Ransomware Attack appeared first on The HIPAA Journal.

Ransomware Negotiator Pleads Guilty to Conducting U.S. Ransomware Attacks

Posted by Steve Alder

The third ransomware negotiator indicted for his role in conducting BlackCat ransomware attacks on U.S. companies in 2023 has entered a guilty plea. Angelo Martino, 41, of Land O’Lakes in Florida, worked as a ransomware negotiator for the cyber threat intelligence and incident response firm DigitalMint. Unbeknownst to his employer, Martino was working for both sides, dealing with ransomware groups on behalf of DigitalMint clients who had been attacked by ransomware groups, while simultaneously collaborating with the BlackCat ransomware group responsible for the attacks.

According to the U.S. Department of Justice, Martino negotiated on behalf of five ransomware victims and provided the BlackCat ransomware group with confidential information about his clients’ negotiating positions and strategies, without the knowledge or permission of his employer. Information passed to the ransomware group by Martino included details about the clients’ insurance policy limits and negotiating positions, allowing the ransomware group to maximize the ransom payments. Martino was alleged to have been compensated financially for providing the information.

“Ransomware victims turned to [Martino] for help, and he sold them out from the inside,” said U.S. Attorney Jason A. Reding Quiñones for the Southern District of Florida. “As he admitted in court, he abused his position at a cyber incident response company to feed confidential information to BlackCat actors, helping them maximize ransom payments from American victims. He then went further, joining the conspiracy himself to deploy ransomware and profit from extortion.”

Martino pleaded guilty to one count of conspiracy to obstruct, delay, or affect commerce or the movement of any article or commodity in commerce by extortion. Martino’s co-conspirators, Ryan Goldberg and Kevin Martin, were charged under a separate indictment and have already entered guilty pleas. Martin was also employed by DigitalMint as a ransomware negotiator, and Goldberg was employed by the cybersecurity firm Sygnia as an incident responder. Goldberg and Martin are scheduled to be sentenced on April 30, 2026, and Martino is due to be sentenced on July 9, 2026. All three men face up to 20 years in jail.

March 12, 2026: Third Ransomware Negotiator Charged Over Involvement with BlackCat Ransomware Group

Another former employee of DigitalMint has been accused of involvement with the ALPHV/Blackcat ransomware group while working as a ransomware negotiator for the Chicago-based cyber threat intelligence and incident response company.

As previously reported below, the U.S. Department of Justice had previously indicted two individuals for their role in ALPHV/BlackCat ransomware attacks – Former DigitalMint employee Kevin Tyler Martin and former Sygnia incident response manager Ryan Goldberg. Both have entered guilty pleas. Angelo John Martino III, 41, of Land O’ Lakes in South Florida, was included in the October 2025 indictment of Martin and Goldberg but was only identified as co-conspirator 1. His indictment has recently been unsealed.

According to the indictment, while working as ransomware negotiators for legitimate firms, all three defendants are alleged to have also been working with the ALPHV/Blackcat ransomware group. Martino is alleged to have conspired with defendants Martin and Goldberg and other unknown individuals to conduct ransomware attacks on U.S companies, including a non-profit, medical company, a medical device manufacturer, a California doctor’s office, and a pharmaceutical company.

According to the indictment, Martino provided information gained from his work as a ransomware negotiator to ALPHV/BlackCat co-conspirators to maximize ransom payments. The trio also engaged in attacks as ALPHV/BlackCat affiliates, deploying ransomware.

Across the 10 attacks included in the indictment, six resulted in ransom payments totaling more than $75.25 million, including two payments of more than $25 million. As affiliates, Martino and his co-conspirators are alleged to have paid 20% of the ransom payments to the administrators of the ransomware group.

According to the indictment, five of the companies that Martino was involved with attacking engaged DigitalMint to assist with ransom negotiations. DigitalMint assigned each of those negotiations to Martino. Martino was therefore negotiating on behalf of the companies he had attacked and the ransomware group he was working with. All five of the victims ended up paying the ransoms.

DigitalMint was unaware that Martino was working with the ALPHV/BlackCat ransomware group, and suspended Martino’s access to its systems when notified by the Department of Justice of the investigation and fired him the following day. Prior to being notified by the Department of Justice, DigitalMint was unaware that Martino and Martin were involved with the ALPHV/BlackCat ransomware group. DigitalMint has not been accused of any wrongdoing.

“We strongly condemn these former employees’ criminal behavior, which violated our values, ethical standards and the law,” said DigitalMint CEO Jonathan Solomon in a statement. “DigitalMint has fully cooperated with law enforcement from the outset and does not expect further charges. While no organization can completely eliminate insider risk, we take incidents like this extremely seriously and have strengthened safeguards and internal controls to further reduce the likelihood of similar conduct.”

Martino has been charged with conspiracy to interfere with commerce by extortion and faces up to 20 years in jail. Assets have been seized, including properties and vehicles, along with almost $9.2 million in cryptocurrency. Martino is scheduled to enter a plea on March 19, 2026, and has been released on a $500,000 bond. He has been prohibited from leaving the Southern District of Florida and is not permitted to work in the cybersecurity industry.

November 4, 2025: U.S. Nationals Indicted for BlackCat Ransomware Attacks on Healthcare Organizations

Two U.S. nationals have recently been indicted for using BlackCat ransomware to attack targets in the United States. A third individual is suspected of involvement but was not included in the indictment. All three individuals worked at cybersecurity companies and conducted the attacks while they were employed there.

Ryan Clifford Goldberg was employed by the cybersecurity firm Sygnia as an incident response professional, and Kevin Tyler Martin and an unnamed co-conspirator were both employed by the Chicago-based cyber threat intelligence and incident response firm DigitalMint as ransomware threat negotiators.

The two indicted individuals are alleged to have engaged in a conspiracy to enrich themselves by breaching company networks, stealing their data, using ransomware to encrypt files, and extorting the companies to obtain cryptocurrency payments. A medical device company was attacked on or around May 13, 2023, resulting in a $10 million ransom demand.  The medical device company negotiated and paid a $1,274,000 ransom payment.

A pharmaceutical company was also attacked in May 2023, but the ransom demand was not disclosed. Then came a July 2023 attack on a doctor’s office in California, which included a $5,000,000 ransom demand. In October 2023, an engineering company was attacked and told to pay $1 million, then in November 2023, a drone manufacturer in Virginia was attacked, and the defendants allegedly demanded a $300,000 ransom payment. Only the medical device company paid the ransom.

Kevin Tyler Martin, who resides in Texas, was employed as a ransomware negotiator by DigitalMint between May 2023 and April 2025, where the unnamed Florida-based co-conspirator also worked. Both individuals are thought to have been rogue employees and have been fired by DigitalMint, which has been cooperating with the law enforcement operation. Ryan Clifford Goldberg was employed as an incident response manager at Sygnia Cybersecurity Services at the time of the attacks, but no longer works for the company.

There are no indications that either company was aware of the attacks, which were conducted outside of their infrastructure and systems. DigitalMint said client data was not compromised in the incident, and no one alleged to have been involved in the scheme has worked for the company in over four months.

The FBI raided the home of the unnamed co-conspirator in April 2025, and Goldberg was interviewed by the FBI the following month, initially denying involvement in the scheme. Goldberg later claimed to have been recruited by the unnamed co-conspirator and said he conducted the attacks to get out of debt. He claims that, along with the other two members of the scheme, he received payment of $200,000 for the attack. Martin denies any involvement in the scheme.

Martin and Goldberg were indicted on October 2, 2025, on charges of conspiracy to interfere with interstate commerce by extortion, interference with interstate commerce, and intentional damage to a protected computer. Martin has been released on a $400,000 bond and is prohibited from working in cybersecurity before the trial.

Goldberg is being held pending trial as he is considered a flight risk. Goldberg booked a one-way flight from Atlanta to Paris in June and traveled with his wife. He remained in France until September 21. Goldberg flew from Amsterdam to Mexico City and was arrested when he landed and deported to the United States. If found guilty, Martin and Goldberg face up to 50 years in jail.

The post Ransomware Negotiator Pleads Guilty to Conducting U.S. Ransomware Attacks appeared first on The HIPAA Journal.

Oglethorpe Hacking Incident Affects More Than 92,000 Patients

Posted by Steve Alder

A Tampa, FL-based network of mental health and addiction recovery treatment facilities has recently disclosed a security incident that involved unauthorized access to patient data. Oglethorpe offers management solutions for health centers, wellness clinics, and hospitals that specialize in psychiatric services, substance abuse treatment programs, and behavioral health counseling, and has facilities in Florida, Louisiana, and Ohio.

In June 2025, Oglethorpe experienced a hacking incident that rendered its systems inoperable for a limited time.  Third-party cybersecurity experts were engaged to help contain, investigate, and remediate the incident. The investigation revealed that the hackers first gained access to its network on May 15, 2025, and maintained access until June 6, 2025. The investigation concluded on September 16, 2025, when it was confirmed that files containing patient information had been exfiltrated from its network. Those files were reviewed, and that process was completed on October 23, 2025, when Oglethorpe learned that first and last names, birth dates, Social Security numbers, driver’s license numbers, and medical information were involved.

Oglethorpe said no evidence has been found to indicate any misuse of the impacted information; however, as a precaution against identity theft and fraud, the affected individuals have been offered complimentary single-bureau credit monitoring, credit report, and credit score services for 12 months.

In response to the breach, all systems were wiped and rebuilt, and data was restored from backups. Steps have also been taken to improve network security to prevent similar incidents in the future. The incident is not yet shown on the HHS’ Office for Civil Rights website; however, the Maine Attorney General was informed that the breach affected 92,332 individuals, including 85 Maine residents.

Northern Montana Health Care Affected by Business Associate Hacking Incident

Havre, MT-based Northern Montana Health Care (NMHC) has been affected by a data breach at one of its business associates. NMHC contracted with Wakefield & Associates, LLC, which provides debt collection services. On October 29, 2025, NMHC published a notice warning patients about a security incident at Wakefield & Associates, which involved unauthorized access to certain files. The incident was confined to the Wakefield & Associates network. No NMHC systems were affected.

Wakefield & Associates is notifying the affected individuals directly, and the individual letters state the types of information involved. NMHC has confirmed that Wakefield & Associates is offering the affected individuals complimentary credit monitoring and identity theft protection services. The data breach is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is unclear how many individuals have been affected.

The post Oglethorpe Hacking Incident Affects More Than 92,000 Patients appeared first on The HIPAA Journal.