CareFirst BlueCross BlueShield
1.1M member records exposed via misconfigured third-party analytics platform
Healthcare Data Breaches (727 indexed)
Adventist Health System
4.2M patient records compromised in ransomware attack on electronic health records
NHS Dumfries & Galloway (INC Ransom)
INC Ransom gang published 3TB of stolen patient data on dark web
NHS Dumfries & Galloway
INC Ransom group published 3TB of patient records after refused payment
Perry Johnson & Associates (PJ&A)
9M patient transcription records stolen — medical histories, diagnoses, SSNs exposed
Allegheny Health Network
88K patient records exposed
NHS Wales
670K patient records exposed in ransomware attack on shared infrastructure
Ochsner Health (Louisiana)
660K patient records exposed via tracking pixels — metabolic and cancer screening data shared
Salem Clinic / OHSU Health
443K patient records exposed in vendor breach
College of Nurses of Ontario
Cyberattack compromised member personal data
Managed Care of North America
8.9M dental patient records exposed in LockBit attack
Otolaryngology Associates
316K patient records exposed
Kootenai Health
464K patient records exposed in 3AM ransomware
Loretto Hospital
89K patient records exposed in ransomware
UnitedHealth Group
$3.1B spent responding to Change Healthcare attack — largest health system breach response cost
Cencora / AmerisourceBergen
Pharmaceutical distributor breach exposed patient data from 27 drug manufacturers
Change Healthcare / UnitedHealth
190M patient records stolen in ALPHV ransomware attack — largest US healthcare breach
Sanford Health (South Dakota)
350K patient records from rural health network exposed — 47 clinic locations affected
United Surgical Partners Intl
360K patient records exposed
Village Health
43K patient records exposed in vendor breach
Hamilton Health Sciences (Ontario)
167K patient records compromised — ransomware forced ER diversion to other hospitals
Mayo Clinic (Minnesota)
1.4M patient records exposed in vendor breach
Community Health Systems
6M patient records compromised via Fortra GoAnywhere MFT zero-day exploitation
Viamedis / Almerys (France)
33M health insurance records stolen from two major French third-party payment providers