William C. Gendron reports: If you received notice that your personal information was involved in the Cencora data security incident, or believe your information was affected, you may be eligible to claim up to $5,000 or a cash payment from a class action settlement. Cencora Inc. has agreed to pay $40 million to resolve a class action…
Category: Health Data
Thai hospital fined 1.2 million baht for data breach via snack bags
Bright Choomanee reports: A significant private hospital in Thailand has been penalised with a fine of 1.2 million baht after patient paper records were discovered being repurposed as snack bags, as reported by the nation’s data protection authority. This incident was one of five major cases announced on August 1 by the Personal Data Protection Committee (PDPC), which also included penalties for data law…
Aftermath: More than 99% of providers opted to have Change Healthcare notify patients of its massive data breach
The Change Healthcare data breach affecting more than 190 million patients, stands as the largest single breach ever affecting patients. Threat actors known as BlackCat (aka AlphV) had reportedly used a set of stolen credentials to remotely access the company’s systems that weren’t protected by multifactor authentication. Confronted with a massive breach, UnitedHealth decided to…
HCA Healthcare settled two lawsuits this week; one was over its 2023 data breach
Steve Alder reports: HCA Healthcare Inc. has agreed to settle class action litigation stemming from a July 2023 data breach that was reported to the HHS’ Office for Civil Rights as affecting 11,270,000 patients. The affected individuals had received healthcare services at HCA hospitals and doctors’ offices in 20 U.S. states. HCA Healthcare was targeted by hackers…
Highlands Oncology Group notifies 113,575 people after ransomware attack by Medusa
On August 1, Highlands Oncology Group in Arkansas notified the Maine Attorney General’s Office of a ransomware attack it discovered on June 2, when certain files and systems were inaccessible. Investigation into the incident revealed that there had been unauthorized access at times between January 21, 2025, and June 2, 2025. On June 19, the…
Six months after discovering an attack, Northwest Radiologists notifies almost 350,000 Washington State residents
On January 20, 2025 Mt. Baker Imaging and Northwest Radiologists in Washington State (collectively, “Northwest Radiologists”) experienced a network intrusion that they discovered on January 25. Although media reported on the incident on January 27, it was not until March 26 that Northwest Radiologists posted a notice on its website (archived). DataBreaches could find no…