Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

Data breach on care management company impacts 5K patients at NYC Health
Many of the details are unknown, as an investigation is ongoing. The National Association on Drug Abuse Programs said it became aware of an invasion of its network in January 2026. The nonprofit supports 35,000 people—mainly Medicaid enrollees—in the state of New York.
Medical device manufacturer hit by cyberattack, possibly from Iranian-backed hackers
Stryker, a Michigan-based company that manufactures surgical implants, confirmed it was experiencing a global network outage. Employee devices reportedly displayed the logo of a pro-Iran cybercrime cell.
TriZetto confirms year-long hack of its network exposed records on 3.4M people
The company confirmed the number of victims in filings with the federal government and the state of Maine. The data breach was discovered in October 2025, but it began in November 2024. Hackers were siphoning protected health information for roughly a year.
Nonprofit health system, Nuance Communications agree to $5M settlement after data theft
A fired employee of Nuance, a Microsoft subsidiary, is responsible for stealing records on 1.3 million patients from Geisinger Health in Pennsylvania. He has pleaded guilty as part of a deal with prosecutors.
Cyberattack on healthcare RCM vendor may have impacted 140K patients
The details stem from a report from SecurityWeek, but they’re a little fuzzy. After a 12 GB data trove was posted to the dark web, Vikor Scientific reported to HHS that there were nearly 140,000 victims. However, the source of the breach may be a third-party revenue cycle company, Catalyst RCM.

Data breach on care management company impacts 5K patients at NYC Health

Many of the details are unknown, as an investigation is ongoing. The National Association on Drug Abuse Programs said it became aware of an invasion of its network in January 2026. The nonprofit supports 35,000 people—mainly Medicaid enrollees—in the state of New York.

Medical device manufacturer hit by cyberattack, possibly from Iranian-backed hackers

Stryker, a Michigan-based company that manufactures surgical implants, confirmed it was experiencing a global network outage. Employee devices reportedly displayed the logo of a pro-Iran cybercrime cell.

TriZetto confirms year-long hack of its network exposed records on 3.4M people

The company confirmed the number of victims in filings with the federal government and the state of Maine. The data breach was discovered in October 2025, but it began in November 2024. Hackers were siphoning protected health information for roughly a year.

Nonprofit health system, Nuance Communications agree to $5M settlement after data theft

A fired employee of Nuance, a Microsoft subsidiary, is responsible for stealing records on 1.3 million patients from Geisinger Health in Pennsylvania. He has pleaded guilty as part of a deal with prosecutors.

Cyberattack on healthcare RCM vendor may have impacted 140K patients

The details stem from a report from SecurityWeek, but they’re a little fuzzy. After a 12 GB data trove was posted to the dark web, Vikor Scientific reported to HHS that there were nearly 140,000 victims. However, the source of the breach may be a third-party revenue cycle company, Catalyst RCM.

UMMC reopens clinics shut down by ransomware attack as recovery progresses

On Monday, the University of Mississippi Medical Center said its phone systems were once again operational, allowing it to reach out to patients to reschedule missed appointments. Its clinics were shut down statewide to prioritize emergency care, as its hospitals were operating on paper backups.

AHA: ‘Zero trust’ cybersecurity posture necessary to protect hospital data

The National Security Agency released a two-phase plan for all entities within the U.S. Department of War to follow for no-trust cyber defenses. The American Hospital Association said the protocols could be adopted by hospitals.

Screenshot from Joshua Cauldwell-Clarke's instragram.

Data breach notice reveals Michigan hospital staff violated privacy of UK influencer

The facility in question was not revealed in a video posted on Instagram, where social media star Joshua Cauldwell-Clarke read the letter aloud and asked healthcare workers to please respect the rights of patients.