SuspectFile reports: Between 2022 and 2025, McKenzie Health System, which operates the McKenzie Memorial Hospital in rural Michigan, was hit by two major data breaches. Combined, the attacks compromised the personal and medical information of more than 79,000 patients. Although the incidents are technically distinct, they reveal a troubling pattern of systemic vulnerabilities and raise critical questions about the resilience of smaller…
Category: Health Data
Infinite Services notifying employees and patients of limited ransomware attack
On May 5, 2025, Infinite Services in New York became aware of suspicious activity when employees were unable to log into the network. “Several servers were off, but one remained on which had an extension from the threat actor group,” external counsel SpencerFane informed the New Hampshire Attorney General. “The electricity was unplugged from the…
Paying cyberattackers is wrong, right? Should Taos County’s incident be an exception? (1)
How many times have we read that paying a threat actor’s extortion demands only encourages more financially motivated crime and doesn’t ensure that the data won’t be retained or re-sold or leaked? Those making that argument appear to be generally correct, but are there exceptions? For years now, DataBreaches has gone back and forth between…
HHS OCR Settles HIPAA Ransomware Investigation with Syracuse ASC for $250k plus corrective action plan
Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with Syracuse ASC, LLC doing business as Specialty Surgery Center of Central New York, for potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security and Breach Notification Rules. Syracuse ASC is a…
Two more entities have folded after ransomware attacks
It is still fairly rare for a ransomware victim to totally shutter its doors permanently as a result of an incident, but a relatively small breach in Georgia was reportedly fatal for Ascension Health Services LLC DBA Alpha Wellness and Alpha Medical Centre. A notice on its website dated April 4, 2025 reads: We are…
Data breach feared after cyberattack on AMEOS hospitals in Germany
DPA reports: A cyberattack on Swiss hospital group AMEOS may have exposed sensitive patient and staff data, the company said on Monday. The attack, which took place two weeks ago, caused significant disruption across the group’s German operations. The company described the episode as a targeted assault on its IT infrastructure. In a statement, AMEOS…