Clinical Registry Solutions; Jason R Egbert OD PC; VNC Health Announce Data Breaches

Data breaches have been announced by Clinical Registry Solutions in New York, First Sight Family Vision in Washington, and VHC Health in Virginia.

Clinical Registry Solutions, New York

Clinical Registry Solutions, a Brooklyn, New York-based provider of clinical data abstraction and registry support services to healthcare providers, is notifying patients of Dignity Health’s St. Mary’s Medical Center that some of their protected health information has potentially been compromised in an April 2026 cybersecurity incident.

Suspicious activity was identified within its computer network on April 9, 2026. The forensic investigation identified unauthorized access to its computer network, and evidence was found indicating that files containing patient data were copied by the attackers. The data review determined that patient names, procedure dates, and medical record numbers were involved; however, Social Security numbers and diagnosis and treatment information were not involved. Company data was also stolen in the attack.

Clinical Registry Solutions has not identified any misuse of the impacted data; however, as a precaution, complimentary credit monitoring and identity theft protection services have been made available. While not mentioned in the notification letters, the threat group behind the attack appears to be the Akira ransomware group. Akira claimed to have exfiltrated 41 GB of data, including employee information such as passports, Social Security numbers, and driver’s license numbers.

First Sight Family Vision (Jason R Egbert OD PC)

First Sight Family Vision, a Battle Ground, Washington-based optometry practice that used to operate under the name Jason R Egbert OD PC, has been affected by a data breach at vendor Networking Technology Inc, which does business as RXNT.

RXNT, a provider of cloud-based electronic prescribing, practice management, and electronic health records software to healthcare organizations, discovered unauthorized access to systems used by some of its customers on March 3, 2026. The forensic investigation confirmed unauthorized access between March 1, 2026, and March 3, 2026, during which time files containing patient information were potentially accessed or acquired.

Data potentially compromised in the incident include names, birth dates, contact information, patient ID’s, prescription information, and Social Security numbers. RXNT has offered the affected individuals complimentary credit monitoring and identity theft protection services. While it is unclear how many individuals have been affected in total, the breach was reported to the HHS’ Office for Civil Rights as involving the protected health information of 1,225 patients of Jason R Egbert OD PC.

VHC Health

VHC Health, a healthcare provider serving patients in Northern Virginia and the Washington D.C. Metro area, has been affected by a cybersecurity incident at one of its vendors. VHC Health contracted with a company called Xsolis, Inc., which provides utilization management services to healthcare organizations.

On January 22, 2026, Xsolis identified unauthorized access to parts of its environment as a result of a response to a phishing attempt on January 20, 2026. The incident was contained, its environment was secured, and an investigation was launched to determine the impact of the incident. The investigation confirmed that files containing names, addresses, dates of birth, Social Security numbers, medical treatment information, and health insurance information were exposed.

Xsolis has implemented additional security measures to protect against similar incidents in the future, and complimentary credit monitoring and identity theft protection services have been made available. Notification letters started to be mailed to the affected individuals by Xsolis on April 23, 2026. At present, it is unclear how many VHC patients have been affected or how many individuals have been affected in total.

The post Clinical Registry Solutions; Jason R Egbert OD PC; VNC Health Announce Data Breaches appeared first on The HIPAA Journal.

Hackers Claim Responsibility for Novo Nordisk Cyberattack

A hacking group has claimed responsibility for the cyberattack on the pharmaceutical company Novo Nordisk and says it exfiltrated more than 1 terabyte of data over several weeks. Another individual/group has also claimed it breached certain Novo Nordisk systems in June, in a separate hacking incident in June.

FulcrumSec is a cyber extortion group that has been active since at least September 2025. The group specializes in high-speed data exfiltration, commonly from cloud-hosted databases, and demands payment to prevent the publication or sale of stolen data. The group exploits unrotated API keys and cloud misconfigurations for initial access.

Novo Nordisk disclosed the attack on June 11, 2026, and shortly thereafter, FulcrumSec added Novo Nordisk to its dark web data leak site, along with samples of data from its claimed 1.3 TB data heist. The listing states that data exfiltrated in the attack includes clinical trial information, intellectual property, and artificial intelligence models used for drug discovery.

FulcrumSec claims it issued a $25 million ransom demand to prevent the publication of the stolen data; however, Novo Nordisk refused to pay. Data has started to be leaked – at the time of writing, 264 GB of data is listed as available for download – as a result of non-payment, and the group says it is seeking a private buyer for the bulk of the stolen data,

The group’s dark web data leak site states that it obtained 4,750 source code repositories, more than 41,000 proprietary drug compounds with structures, over 30 trained AI models, 73 datasets, the data of 11,500 pseudonymised clinical trial patients, more than 163,000 employee records, data from 5 undisclosed drug programs, and the exact manufacturing recipe for one of the company’s major drugs.

While some data has been leaked, around 1.05 terabytes of data is being withheld. FulcrumSec claims it will not release certain data, such as the data of employees and physicians, the pseudoanonymized clinical trial patient data, and certain data related to operational technology and software used to interact with sensors and equipment at Novo Nordisk’s production facilities.

The group claims to have gained initial access “through secrets left in client-side JavaScript on two separate unrelated Novo Nordisk subdomains — two completely different teams, two different applications, the same elementary mistake made twice,” and suggests highly sensitive data was protected with extremely weak passwords.

The group said it used Azure container registry credentials that were baked into a client-side JavaScript bundle, and a GitHub personal access token that had access to hundreds of repositories. The repositories contained API tokens, database credentials, and service account passwords that allowed lateral movement to hundreds of Novo Nordisk systems. The group claims that Novo Nordisk’s security team detected its presence in its GitHub accounts around two weeks after the initial intrusion, and in its Azure environment after 3 weeks.

FulcrumSec is not alone in claiming responsibility for hacking Novo Nordisk’s systems. According to databreaches.net, a hacker identifying themselves as TheUSERS007 has claimed to have breached the drug company’s systems between June 5 and June 7, 2026, after the claimed hack by FulcrumSec. TheUSERS007 demanded a $50 million ransom, which similarly wasn’t paid, and told databreaches.net that access was gained using venomware, “a self-learning, adaptive AI engine designed for the surgical extraction of intellectual property.”

FulcrumSec referenced the claim on its data leak site and suggests that the claim is potentially legitimate. The attack disclosed by Novo Nordisk relates to the FulcrumSec hack, rather than the second incident, which has yet to be confirmed by Novo Nordisk.

June 15, 2026: Clinical Trial Data Stolen in Novo Nordisk Cyberattack

Novo Nordisk, the Danish pharmaceutical firm behind the GLP-1 weight loss drugs Ozempic and Wegovy, has experienced a cyberattack that exposed the data of healthcare providers and patients enrolled in clinical trials. According to the company’s June 11, 2026, breach notice, a threat actor gained access to a limited number of its internal systems, and certain personal data stored on those systems was exfiltrated by the attackers. It is currently unclear when the intrusion was detected or for how long hackers had access to its systems, and the threat group behind the attack has yet to publicly claim responsibility.

The exposed data related to certain patients who took part in its clinical trials; however, the risk to those patients is limited, as the exfiltrated data was deidentified. Patient names were not exposed; only the ID numbers were used to identify specific patients participating in clinical trials. The ID numbers consist of random alphanumeric strings. Other compromised information was limited to sex, year of birth, biomarkers, health and immunogenicity data, and lifestyle factors, such as BMI, whether the patient was a smoker, and information about their alcohol usage.

Novo Nordisk said that because the exposed data was pseudonymized, patients cannot be identified from the exposed information without further information from another source, therefore, patients are not believed to face any immediate risks. Patients have been advised to remain vigilant and to contact Novo Nordisk if they identify any suspicious activity that they believe may be linked to the incident.

When the attack was detected, certain systems were taken offline as a precaution while the incident was investigated, and Novo Nordisk is working to bring the systems back online safely and securely. The company said the cyberattack has had no impact on its core business operations, which remain up and running. The forensic investigation and data review are ongoing, and Novo Nordisk has yet to determine the number of individuals affected.

Certain healthcare providers have been affected by the incident, and they are currently being notified. The information stolen in the attack varies from provider to provider, and may include information such as the company name, registration number, contact email address, phone number, office location, and WhatsApp details. Since contact information has been compromised, healthcare providers are potentially at risk of phishing or social engineering attacks and should therefore remain vigilant.

The post Hackers Claim Responsibility for Novo Nordisk Cyberattack appeared first on The HIPAA Journal.