Major Data Breaches Hit North America - Healthcare & Business Attacks Surge

Healthcare systems and major businesses face significant data breaches in the past week, with threat actors targeting everything from identity data to medical records. Stay informed on the latest incidents affecting millions.

North America's threat landscape escalated dramatically this past week, with healthcare systems, major corporations, and identity verification services all experiencing significant credential exposures. Ransomware gangs claimed over 400 victims in the first three months of 2026, while North America became the most attacked region, accounting for 29% of all X‑Force incident response cases in 2025, up from 24% in 2024. The pattern shows threat actors exploiting basic security gaps rather than sophisticated exploits.

Hasbro Cyberattack Disrupts Major Toy Manufacturer

American toy-making giant Hasbro confirmed a cyberattack that may take "several weeks" to resolve after detecting an intrusion on March 28, which prompted the company to take down some of its systems. The company has more than 5,000 employees and holds intellectual property rights for major brands including Monopoly, My Little Pony, and Magic: The Gathering. The company said it was not immediately known if any data was stolen, and that its investigation is ongoing to determine the full scope of the breach.

Healthcare Pharmacy Data Breach Exposes Critical Records

IPPC, which provides long-term care pharmacy services across New York, New Jersey, Pennsylvania, Delaware, Maryland, and Virginia, suffered a data breach from September 18 to September 19, 2025. During this period, files were copied and may have been viewed by an unknown actor, with compromised information including names, birth dates, Social Security numbers, Medicare/Medicaid identification numbers, medical records, prescription information, and health insurance data.

Business Network Breaches Target Core Operations

This week's incidents demonstrate threat actors are moving beyond perimeter attacks. Recent breach reports show De La Paz Law, Dean Supply, and Del Monte Foods among companies targeted by ransomware groups INC_RANSOM, Akira, and PayoutsKING on April 1, 2026. Nissan became a victim of a ransomware attack carried out by the Everest ransomware group, with the nature and quantity of compromised data currently under investigation.

What Individuals Should Do

Check your credit reports immediately for unauthorized accounts and consider freezing your credit with all three bureaus. If you received breach notifications from healthcare providers, pharmacy services, or any employer-related services, activate the free credit monitoring offered. Most delays in breach notifications come from ongoing forensic investigations, legal caution, and in some cases, deliberate concealment, meaning victims cannot protect themselves while attackers have exclusive use of the stolen data.

What Businesses Should Do

Audit your third-party vendor access controls immediately. Five of the nine data breaches in March 2026 entered through a third party or outsourcing partner, and major supply chain and third-party breaches increased sharply over the past five years, with incidents quadrupling, as adversaries increasingly target interconnected systems and trusted integrations. Deploy continuous monitoring for your attack surface rather than periodic scanning, and implement strong identity and access controls, including least privilege access, credential protection and monitoring for misuse, as attackers continue to rely on valid account abuse.