Recent Data Breaches at U.S. Healthcare Providers
Multiple U.S. healthcare organizations have recently disclosed data breaches resulting from unauthorized access to sensitive patient information. Expert MRI, a radiology provider in California, reported that an attacker accessed its network between June and August 2025, exfiltrating data such as names, addresses, dates of birth, diagnoses, and, for some, Social Security numbers. The PEAR threat group claimed responsibility and briefly listed stolen data on its leak site, suggesting a ransom may have been paid. Revere Health in Utah experienced a breach of a third-party payment platform, potentially exposing patient names, dates of birth, addresses, medical record numbers, and partial Social Security numbers, though no evidence of misuse was found. Health Management Systems of America in Michigan disclosed a breach after an employee fell victim to a spear phishing attack, resulting in the unauthorized download of emails containing patient data.
These incidents highlight the ongoing risks faced by healthcare organizations from both targeted ransomware groups and opportunistic phishing attacks. In response, affected providers have reported the breaches to regulators, enhanced their cybersecurity measures, and offered credit monitoring to impacted individuals. The number of affected patients varies by incident, with Revere Health reporting up to 10,800 impacted and Expert MRI yet to disclose a total. The breaches underscore the importance of robust security practices and employee awareness training to mitigate the risk of data compromise in the healthcare sector.
Timeline
Dec 17, 2025
McElroy & Associates disclosed email breach and security improvements
McElroy & Associates publicly announced the late-May email compromise in December 2025. The company said it had taken steps to strengthen email security following the incident.
Dec 17, 2025
Expert MRI breach was publicly disclosed
Expert MRI's 2025 network intrusion was publicly disclosed in December 2025. The disclosure said sensitive patient data had been stolen and linked the incident to the PEAR threat group.
Dec 15, 2025
Revere Health disclosed breach and offered protection services
Revere Health publicly confirmed the August 11 breach in December 2025, stating there was no evidence of theft or misuse of the compromised data. The organization offered affected individuals credit monitoring and identity theft protection.
Dec 15, 2025
HMSA disclosed spear-phishing email compromise under investigation
Health Management Systems of America disclosed a breach caused by a spear-phishing attack that compromised an employee's email account. The number of affected individuals and the specific data involved were still under investigation at the time of disclosure.
Aug 31, 2025
Expert MRI intrusion period ended after data theft
By August 2025, the intrusion affecting Expert MRI had concluded after attackers exfiltrated patient information. Reporting indicated the PEAR threat group claimed responsibility and there were signs a ransom may have been paid.
Aug 11, 2025
Revere Health payment platform was accessed by an unauthorized party
On August 11, 2025, an unauthorized third party accessed a third-party payment platform used by Revere Health. The breach affected up to 10,800 patients and exposed personal and financial information.
Jun 1, 2025
Expert MRI network intrusion began
Expert MRI experienced unauthorized access to its network beginning in June 2025. Attackers remained in the environment through August and exfiltrated sensitive patient data, including Social Security numbers for some individuals.
May 31, 2025
McElroy employee email account was compromised
In late May 2025, an unauthorized party gained access to an employee email account at McElroy & Associates. The incident exposed protected health information tied to 6,633 individuals, including members of the OPEH&W Health Plan.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Threat Actors
Sources
Related Stories
Multiple Healthcare Data Breaches and Regulatory Actions in the US
Several healthcare providers in the United States have recently disclosed significant data breaches resulting from cyberattacks, with patient and employee information being compromised. AllerVie Health, based in Texas, confirmed unauthorized access to its network, exposing sensitive data such as names, Social Security numbers, and insurance details, allegedly due to a ransomware attack by the Anubis group. The attackers claim to have stolen records of over 30,000 patients, and affected individuals have been offered credit monitoring and identity theft protection. In a separate incident, OrthopedicsNY, a healthcare provider in New York, suffered a breach in 2023 after attackers gained remote access using compromised credentials, leading to the exposure of data belonging to more than 650,000 patients and employees. The New York Attorney General secured a $500,000 penalty from OrthopedicsNY for failing to implement adequate security measures, and the provider is now required to enhance its data protection practices. Additionally, Singing River Health System in Mississippi reported a cyber incident that led to the temporary shutdown of its patient portal and internet access as a precaution. While the threat was reportedly mitigated, the investigation is ongoing to determine if patient records were accessed. These incidents highlight the ongoing risks faced by healthcare organizations from ransomware groups and other cybercriminals, as well as the increasing regulatory scrutiny and financial penalties for failing to protect sensitive health information. Impacted organizations are responding with offers of credit monitoring and reviews of their security policies, but the breaches underscore the need for robust cybersecurity measures in the healthcare sector.
1 months ago
Multiple Healthcare Data Breaches Impacting U.S. Medical Providers
Several U.S. healthcare organizations have disclosed significant data breaches involving unauthorized access to patient and employee information. MedStar Health reported that an unauthorized third party accessed internal systems containing sensitive patient data, including names, dates of birth, Social Security numbers, and medical information. The Rhysida threat group claimed responsibility for this attack, alleging the exfiltration and leak of over 7 million pieces of patient data. Brevard Skin and Cancer Center also confirmed a cyberattack in which the Pear threat group claimed to have stolen 1.8 terabytes of data, affecting both patient and employee records with information such as Social Security numbers, health conditions, and billing details. Both organizations have offered complimentary credit monitoring and identity theft protection to affected individuals and are reviewing their cybersecurity measures. Henry Ford Health in Michigan disclosed an insider data breach affecting nearly 2,000 patients, resulting in the termination of the responsible employee and notification to those impacted. While details on the specific data accessed were not provided, credit monitoring services have been offered. These incidents highlight the ongoing risks faced by healthcare providers from both external threat actors and insider threats, emphasizing the need for robust security policies and continuous evaluation of protective measures to safeguard sensitive health information.
1 months ago
Multiple Healthcare and Insurance Data Breaches Impacting Millions
Several major organizations in the healthcare and insurance sectors have disclosed significant data breaches affecting millions of individuals. ARC Community Services reported a ransomware attack by the INC Ransom group, resulting in the exfiltration of sensitive patient data, including health and financial information. Aflac confirmed that a June cyberattack led to the theft of files containing insurance claims, health data, and Social Security numbers for over 22 million customers, with no operational disruption but widespread exposure of personal information. The Louisiana Office of Student Financial Assistance (LOSFA) notified students of unauthorized access to its systems, exposing names and Social Security numbers, though certain savings accounts were not affected. Oklahoma Spine Hospital agreed to a $1.1 million settlement following a July breach that compromised the data of nearly 39,000 patients, including medical and financial details. These incidents highlight the ongoing threat posed by cybercriminals targeting sensitive data in the healthcare and insurance industries. Victims in these breaches are being offered credit monitoring and identity protection services, and regulatory notifications have been issued. The attacks have prompted legal action, regulatory scrutiny, and, in some cases, leadership changes within affected organizations. Law enforcement and cybersecurity experts have been engaged to investigate and mitigate the impact of these breaches, which are part of a broader trend of targeted attacks against organizations handling large volumes of personal and health-related information.
1 months ago