Carolina Foot & Ankle Associates Notifies Patients About December 2025 Cyberattack
Cyberattacks and data breaches have been announced by the healthcare providers Carolina Foot & Ankle Associates, New Age Dermatology, and Marin Cancer Care.
Carolina Foot & Ankle Associates
The North Carolina podiatry practice, Carolina Foot & Ankle Associates, is notifying patients that some of their personal and protected health information was exposed in a December 2025 cybersecurity incident. The incident was detected on December 8, 2025, when it experienced a network disruption. Third-party cybersecurity experts were engaged to investigate the incident and confirmed that an unauthorized third party had accessed its network and exfiltrated files containing patient data.
The file review has recently been completed, and confirmed that patient data had been compromised, including first and last names, phone numbers, dates of birth, medical record numbers, health insurance information, diagnostic/CPT codes, and dates of service. The types of data involved varied from individual to individual. Carolina Foot & Ankle Associates said Social Security numbers and financial information were not compromised in the incident, and there was no unauthorized access to its electronic medical record system.
When the breach was detected, immediate enhancements were made to security to prevent further data security incidents, and law enforcement was notified. As a precaution against data misuse, the affected individuals have been offered complimentary credit monitoring and identity theft protection services. The breach has been reported to the HHS’ Office for Civil Rights using a placeholder estimate of at least 501 affected individuals.
New Age Dermatology
New Age Dermatology LLC has notified the Massachusetts Attorney General about a ransomware attack that was identified on or around December 20, 2025. According to the notice, the ransomware attack affected an internal server, which has been rendered inoperable and inaccessible. Law enforcement has been notified, and an investigation has been launched, with assistance provided by third-party cybersecurity professionals.
At this stage of the investigation, New Age Dermatology has yet to determine the specific types of information involved or the number of individuals affected, but explained that information likely compromised in the incident includes personal and protected health information typically found in patient records, including names, dates of birth, medial and treatment information, diagnostic images, photographs, and Social Security numbers may have been compromised. New Age Dermatology has found no evidence to suggest that its electronic medical record system was compromised in the incident. At the time of writing, no ransomware group appears to have claimed responsibility for the attack.
New Age Dermatology is unaware of any data misuse, but as a precaution, the affected individuals have been offered complimentary credit monitoring and identity theft protection services for 12 months.
Marin Cancer Care
Marin Cancer Care, a provider of cancer treatment in Larkspur, California, has alerted patients to an incident involving unauthorized access to its computer network. An intrusion was detected on or around December 8, 2025, and assisted by third-party investigators, Marin Cancer Center learned that an unauthorized third party had access to its computer network between November 22, 2025, and December 6, 2025, during which time files containing patient information may have been viewed or acquired.
The investigation and file review are ongoing to determine the affected individuals and the types of information involved. Marin Cancer Care has confirmed that names, medical information, and health insurance information were likely involved. Patients have been advised to remain vigilant against incidents of identity theft and fraud by reviewing their account statements and monitoring their free credit reports for suspicious activity.
The post Carolina Foot & Ankle Associates Notifies Patients About December 2025 Cyberattack appeared first on The HIPAA Journal.
Center for Advanced Eye Care; Southwest C.A.R.E Center; Evergreen Healthcare Group Announce Data Breaches – The HIPAA Journal
Center for Advanced Eye Care; Southwest C.A.R.E Center; Evergreen Healthcare Group Announce Data Breaches
The Center for Advanced Eye Care in Pennsylvania/Delaware, Southwest C.A.R.E Center in New Mexico, and Evergreen Healthcare Group in Washington have notified patients about cybersecurity incidents involving unauthorized access to patient information.
Center for Advanced Eye Care
The Center for Advanced Eye Care, a provider of ophthalmology services in Pennsylvania and Delaware, has recently announced a security incident that involved unauthorized access to patient data. Suspicious activity was identified within its legacy environment on December 16, 2025. The affected systems were secured, and an investigation was launched to determine the nature and scope of the activity.
Assisted by third-party cybersecurity experts, The Center for Advanced Eye Care confirmed that protected health information within the legacy environment was accessed by an unauthorized third party and was stolen in the attack. The exact types of data involved have not been publicly disclosed at present, and the types of information involved have been redacted from the notices provided to state attorneys general.
As a precaution against data misuse, the affected individuals have been offered complimentary credit monitoring and identity theft protection services. The affected individuals should avail themselves of those services, as a hacker claimed in December to be selling the stolen data. The data breach is not currently listed on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.
Southwest C.A.R.E Center
Southwest C.A.R.E Center, a nonprofit healthcare provider in New Mexico, has started notifying patients about a cybersecurity incident last summer that impacted some of their protected health information. The cybersecurity incident was detected on or around June 3, 2025. Third-party cybersecurity experts were engaged to conduct a forensic investigation, which confirmed that patient data had been exposed and may have been stolen.
The specific types of data involved were not stated in its substitute data breach notice, only that the data breach may have included first and last names, personal information, and protected health information. Southwest C.A.R.E Center said it has not identified any misuse of patient data as a result of the incident. Southwest C.A.R.E Center has reviewed and enhanced its technical safeguards and has offered complimentary credit monitoring services and identity theft protection services to all affected individuals for 12 months.
While not described as a ransomware attack, the Medusa ransomware group claimed responsibility for the attack. Medusa is a ransomware-as-a-service group that engages in data theft and encryption, and either sells or leaks the stolen data if the ransom is not paid. Medusa claimed to have exfiltrated more than 143 GB of data in the attack. The data breach is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is unclear how many individuals have been affected.
Evergreen Healthcare Group
Couve Healthcare Consulting, LLC, doing business as Evergreen Healthcare Group, has alerted patients about a breach of its cloud-based healthcare platform. Evergreen Healthcare Group, a Vancouver, WA-based provider of management consulting, administrative, and operational services to skilled nursing homes and assisted living communities, identified unauthorized activity within the cloud-based system on December 3, 2025. The forensic investigation found evidence of data exfiltration. The file review was completed on February 24, 2026, and confirmed that names, dates of birth, Social Security numbers, and medical information were subject to unauthorized access or were acquired in the incident.
The cloud-based platform has been secured, and Evergreen Healthcare Group has verified the security of its internal systems. Additional technical safeguards and enhanced security measures have been implemented to prevent similar incidents in the future, and complementary credit monitoring and identity theft restoration services have been offered to the affected individuals. The data breach is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is unclear how many individuals have been affected.
The post Center for Advanced Eye Care; Southwest C.A.R.E Center; Evergreen Healthcare Group Announce Data Breaches appeared first on The HIPAA Journal.
Medical Device Manufacturer UFP Technologies Confirms Data Stolen in Cyberattack – The HIPAA Journal
Medical Device Manufacturer UFP Technologies Confirms Data Stolen in Cyberattack
The U.S. medical device manufacturer UFP Technologies has submitted a FORM 8-K filing to the U.S Securities and Exchange Commission (SEC) to notify the SEC and investors about a cyberattack and data breach that could potentially impact its financial condition or operations.
UFP Technologies is a publicly traded contract manufacturer based in Newburyport, Massachusetts, that makes single-use medical devices and highly engineered components for the aerospace, automotive, healthcare, and defense industries. The company produces a wide range of medical devices and medical components for products used in wound care, implants, and orthopedic and surgical products. UFP Technologies has an annual revenue of $600 million and employs 4,300 people.
According to the filing, UFP Technologies detected an IT systems intrusion on February 14, 2026. Immediate action was taken to assess, contain, and remediate the threat, and third-party cybersecurity experts were engaged to assist with the investigation. UFP Technologies said it believes the cyber threat actor responsible for the attack has been eradicated from its IT environment and confirmed that it has restored access to systems and information impacted by the incident in all material respects. While the attack did not impact all of its IT systems, many were affected, including the systems used for billing and label-making. UFP Technologies implemented its incident response and contingency plans, and since the incident was detected, it was able to continue operations in all material respects.
Some company and company-related data was either stolen or destroyed in the attack, which suggests this was a ransomware attack or that wiper malware was used. No threat group appears to have claimed responsibility for the attack. UFP Technologies explained in the filing that data has been recovered from backups. The company has confirmed that some data was exfiltrated from its system, although it is too early to determine the extent of the data theft, such as whether any personal or protected health information was stolen. The investigation to determine the nature and scope of the incident is ongoing, and the company is exploring the legal and regulatory notifications and filings that may be required.
As of the date of the filing (February 19, 2026), UFP Technologies said the incident has not had any material impact on its financial systems, operations, or financial condition. While costs have naturally been incurred, the company expects a significant proportion of the costs of containment, investigation, and mitigation will be covered by its cyber insurance policy.
The post Medical Device Manufacturer UFP Technologies Confirms Data Stolen in Cyberattack appeared first on The HIPAA Journal.
North Korean Hackers Using Medusa Ransomware in Attacks on U.S. Healthcare Sector – The HIPAA Journal
North Korean Hackers Using Medusa Ransomware in Attacks on U.S. Healthcare Sector
North Korean state-sponsored hackers are targeting U.S. healthcare organizations and non-profits and deploying Medusa ransomware, according to a joint investigation by Symantec and the Carbon Black Threat Hunter Team.
A wave of recent attacks has been linked to the Lazarus Group, an umbrella term covering multiple cyber threat actors linked to the Reconnaissance General Bureau (RGB) of the North Korean government. The Lazarus Group engages in attacks for espionage purposes, as well as disruptive and destructive attacks on targets primarily in South Korea, but also engages in financially motivated campaigns, often targeting organizations in the United States.
Medusa emerged in 2023 as a ransomware-as-a-service (RaaS) operation, which is believed to be run by a cybercrime group called Spearwing. Affiliates are recruited to conduct attacks using the Medusa encryptor and infrastructure in exchange for a percentage of any ransom payments they generate. Medusa actors engage in double extortion, stealing and encrypting data. A ransom must be paid to obtain the decryption keys and to prevent the leaking or sale of stolen data. Medusa often auctions off stolen data if the ransom is not paid, leaking data that has not been sold.
While North Korean state-sponsored hackers are known to have used Maui and Play ransomware in their financially motivated attacks, Symantec and Carbon Black Threat Hunter Team uncovered evidence that the Lazarus Group has started using Medusa in its ransomware campaigns. They identified an attack on a target in the Middle East, plus four attacks on healthcare organizations and non-profits in the United States since November 2025. U.S. victims include a non-profit mental health service provider and an educational facility for autistic children. Since November 2025, when the first Medusa ransomware attacks were attributed to the Lazarus Group, the average ransom demand is $260,000.
A Lazarus subgroup known as Stonefly (aka Andrael) is believed to be one of the groups involved in the attacks. Stonefly has previously focused on espionage attacks on high-value targets; however, for the past five years, the group has engaged in ransomware attacks, often against hospitals and other healthcare providers. The U.S. Department of Justice has indicted a suspected member of the group, the North Korean Rim Jong Hyok, on charges related to ransomware attacks on U.S. healthcare providers. Rim is alleged to be linked to the RGB and, along with other members of the group, is thought to be involved in ransomware attacks to raise funds for the group’s espionage activities.
Symantec and the Carbon Black Threat Hunter Team have not been able to attribute the attacks to any specific subgroup of Lazarus, but have found sufficient evidence confirming that Lazarus is behind the attacks. Symantec and Carbon Black have tracked more than 366 ransomware attacks involving the Medusa encryptor, although the group has claimed attacks on more than 500 organizations, including more than 40 healthcare organizations. Symantec and Carbon Black have shared indicators of compromise (IoCs) associated with the attacks, along with the range of tools used by the Lazarus group in its current ransomware campaigns.
The post North Korean Hackers Using Medusa Ransomware in Attacks on U.S. Healthcare Sector appeared first on The HIPAA Journal.
Cedar Point Health; Wee Care Pediatrics; Easterseals NI Announce Data Breaches
Data breaches have recently been announced by Cedar Point Health in Colorado, Wee Care Pediatrics in Utah, and Easterseals Northeast Indiana.
Cedar Point Health
Cedar Point Health, a network of health clinics in Colorado, has recently disclosed a cybersecurity incident involving unauthorized access to parts of its network containing patient and employee information. The intrusion was detected on or around June 16, 2025, and third-party cybersecurity experts were engaged to investigate the incident.
Cedar Point Health said it has taken several months of extensive efforts to identify, review, and analyze the impacted data, and on January 27, 2026, that process was completed. Data compromised in the incident includes full names, addresses, dates of birth, medical treatment information, diagnosis or procedure information, clinical information, health insurance information, financial account information, driver’s license or state-issued identification numbers, passport numbers, and/or Social Security numbers/ITINs.
No evidence has been found to indicate any fraud as a result of the incident; however, the affected individuals have been advised to remain vigilant against identity theft and fraud by reviewing their accounts and explanation of benefits statements for suspicious activity. Individuals who had their Social Security numbers exposed have been offered complimentary credit monitoring and identity theft protection services. The data breach is not currently listed on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.
Wee Care Pediatrics
Wee Care Pediatrics, a pediatric healthcare provider with several locations in northern Utah, has recently announced a cybersecurity incident involving unauthorized access to or the acquisition of patient information. Suspicious activity was identified within its computer network on or around December 15, 2025. Third-party cybersecurity specialists were engaged to investigate the activity and determined that there had been unauthorized access to its network.
The review of the exposed data is ongoing; however, it has been determined that the following types of personal and protected health information were involved: first and last name, contact information, date of birth, Social Security number, treatment/diagnosis information, prescription/medication information, date(s) of service, provider name, medical record number, patient account number, Medicare/Medicaid ID number, and health insurance information.
Immediate action was taken to contain the incident, and steps have been taken to enhance security to prevent similar incidents in the future. Out of an abundance of caution, the affected individuals have been offered complimentary credit monitoring and identity theft protection services. The data breach is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.
Easterseals Northeast Indiana
Easterseals Northeast Indiana, a nonprofit provider of services to individuals with disabilities and their families, has confirmed that protected health information was accessed and acquired in a security breach. Suspicious activity was identified within its computer network on September 4, 2025. Immediate action was taken to secure the network and prevent further unauthorized access, and an investigation was launched to determine the nature and scope of the unauthorized activity.
On November 10, 2025, data theft was confirmed, including individuals’ first and last names, contact information, birth date, Social Security numbers, diagnostic and treatment information, and health insurance information. While not stated by Easterseals, this appears to have been a ransomware attack. The Inc Ransom ransomware group claimed to have stolen 405 GB of data in the attack. As a precaution against identity theft and fraud, Easterseals has offered complimentary credit monitoring and identity theft protection services to individuals whose Social Security numbers were involved. At present, it is unclear how many individuals have been affected.
The post Cedar Point Health; Wee Care Pediatrics; Easterseals NI Announce Data Breaches appeared first on The HIPAA Journal.