Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

Nonprofit health system hit by two data breaches settles class-action lawsuit for $14M
McLaren Health Care fell victim to ransomware crime in 2023 and 2024, with the total number of victims exceeding 3.2 million. Those affected may be eligible for a cash payment. Per the terms of the agreement with lawyers representing victims, the health system does not admit to wrongdoing.
Data breach affecting 11 physician practices confirmed to impact 627K patients
The cyberattack occurred in May 2025, when vendor ApolloMD's network was compromised. The full scope of the breach was reported to HHS on Feb. 10. An infamous ransomware group claimed credit for the attack and threatened to release a data trove on the dark web. It's unclear if any ransom was paid.
OIG audit of hospital’s cybersecurity finds vulnerabilities in common web applications
Neither the health system nor the applications were named. Investigators with the U.S. Department of Health and Human Services Office of the Inspector General said they were able to perform a successful phishing attack and breach a portal lacking firewall support. The agency released a report containing the full details.
Lawsuit filed against nonprofit hospital after Cerner hack exposes thousands
Aultman Health System notified its patients of the data breach in December 2025. However, the breach occurred some 11 months earlier. The organization said the delay was due to an ongoing investigation. The lawsuit against Aultman is seeking class action status.
California health system sued over 2024 breach on health IT vendor TriZetto
The cyberattack was not discovered until October 2025, and a headcount of the victims is still being conducted. In the meantime, a patient of Sacramento-based One Community Health argues in a lawsuit that the nonprofit health system failed to secure his data, as required by law. The complaint is seeking class action status.

money court scale of justice ruling legal settlement

Nonprofit health system hit by two data breaches settles class-action lawsuit for $14M

McLaren Health Care fell victim to ransomware crime in 2023 and 2024, with the total number of victims exceeding 3.2 million. Those affected may be eligible for a cash payment. Per the terms of the agreement with lawyers representing victims, the health system does not admit to wrongdoing.

Data breach affecting 11 physician practices confirmed to impact 627K patients

The cyberattack occurred in May 2025, when vendor ApolloMD's network was compromised. The full scope of the breach was reported to HHS on Feb. 10. An infamous ransomware group claimed credit for the attack and threatened to release a data trove on the dark web. It's unclear if any ransom was paid.

OIG audit of hospital’s cybersecurity finds vulnerabilities in common web applications

Neither the health system nor the applications were named. Investigators with the U.S. Department of Health and Human Services Office of the Inspector General said they were able to perform a successful phishing attack and breach a portal lacking firewall support. The agency released a report containing the full details.

Lawsuit filed against nonprofit hospital after Cerner hack exposes thousands

Aultman Health System notified its patients of the data breach in December 2025. However, the breach occurred some 11 months earlier. The organization said the delay was due to an ongoing investigation. The lawsuit against Aultman is seeking class action status.

California health system sued over 2024 breach on health IT vendor TriZetto

The cyberattack was not discovered until October 2025, and a headcount of the victims is still being conducted. In the meantime, a patient of Sacramento-based One Community Health argues in a lawsuit that the nonprofit health system failed to secure his data, as required by law. The complaint is seeking class action status.

cybersecurity cyberattack hack hackers lock protection

Maine health system confirms data breach impacted 145K as civil litigation moves forward

The cyberattack on Central Maine Healthcare happened in summer 2025, but the investigation was complicated by the hackers having access to systems for several months. A class action lawsuit is pending in state court.

New York-based radiology group hit by data breach

During the breach, certain files within the group's network were accessed and copied without permission.

New York invests over $309M in statewide health projects, including $33M for Epic integration

In total, 22 facilities will benefit from the money, provided by the Statewide Health Care Facility Transformation Program. Projects include cybersecurity upgrades and telehealth implementation, in addition to EHR upgrades.