DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

Posted on May 30, 2025 by Dissent

Bradford Health Systems in Alabama has posted a security notice on its website this week about an incident affecting employee and patient data. It begins:

On December 8, 2023, Bradford Health detected unusual activity within its network. Upon discovering this activity, it immediately initiated an investigation of the matter with the assistance of third-party cybersecurity specialists. The investigation determined that certain files stored on the network may have been accessed and acquired without authorization. After a thorough review of those files, which concluded on May 15, 2025, Bradford Health determined that certain individuals’ personal and/or protected health information may have been affected.

The potentially affected information reportedly includes: individuals’ names, driver’s license numbers, dates of birth, medical information (including diagnosis and treatment information, physician names, and Medical Record numbers), health insurance information, financial account numbers, passport numbers, payment card numbers plus a means of access to the account, and/or Social Security numbers.

Letters were sent out to those affected on May 30, 2025.

There is no offer in the website notice of complimentary mitigation services to those affected. Perhaps there is something in the actual individual letters, but despite Bradford’s statement that there is no evidence of misuse of the data, how could patients know to contact them if they never knew of the incident?  Did Bradford ever post a media notice back in December 2023 or early 2024?

Ransomware Attack and Data Leaked

DataBreaches cannot find any entry on HHS’s public breach tool reporting any incident for Bradford Health, so we do not know how many patients were affected by this incident and how many employees were affected. But here’s what we do know:

On January 4, 2024, the Hunters International ransomware group added Bradford Health to its leak site.  The entry indicates that they encrypted files and exfiltrated more than 760 GB of files, including personnel and patient data.

January 2024 listing on Hunters International still appears in May 2025. Image: DataBreaches.net

Between January 5 – February 8, 2024, Hunters published data, including a small sample of patient data and employee data. The file names of some of what they leaked remains on Hunters’ leak site, but the links no longer work to access the data. DataBreaches could not confirm whether Hunters ever leaked all of the data or not, and the threat actors do not provide any contact information on the site.

In January 2024, the breach entry on Hunters was reported on X.com (formerly Twitter) and other sites that scour the dark web for ransomware attacks. The listing on Hunters’ dark web site indicates that the leaked files were accessed on at least a few occasions.

But what happened to the data? Does Hunters still have all of it? Did they sell any of it? Bradford Health is known for its addiction and recovery services. The patient data may be quite sensitive and could potentially cause social or employment issues for patients. Were patients ever told that their data was leaked on the dark web?

DataBreaches emailed Bradford Health with some questions about the incident and their response. DataBreaches also reached out to two employees who had personnel files leaked in the Hunters proof of claims to ask them if their employer notified them of the breach at the time or the leak of any of their data.  DataBreaches was unable to locate contact information for three named patients.

No replies from Bradford or the two employees were immediately available, but this post will be updated if replies are received.

 

Related posts:

  • Another plastic surgery practice appears to have been hit — this time by Hunters International (5)
  • Breach notifications needed to be made faster in 2024. Instead, they were made more slowly.
  • U.S. medical entities fall prey to Pysa threat actors, but many haven’t disclosed it – at least, not yet.
Category: HackHealth Data

Post navigation

← Websites selling hacking tools to cybercriminals seized
St. Cloud Provides Update on Ransomware Attack in 2024 →

1 thought on “Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.”

  1. Employee says:
    May 31, 2025 at 12:57 pm

    The employees nor the patients were notified of any information leaked.
    It was business as usual

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.