Healthcare Data Breach Disclosures and Litigation Affecting Hundreds of Thousands of Patients
Bell Ambulance reported that a February 2025 network intrusion led to the compromise of protected health information for 237,830 individuals, after unauthorized activity was detected on Feb. 13, 2025. The organization said the exposed data can include names, dates of birth, Social Security numbers, driver’s license numbers, financial account information, medical information, and health insurance information; it offered 12–24 months of credit monitoring/identity protection and stated it was not aware of misuse at the time of notification. The incident response included third-party forensic support, and notifications were issued in phases as the data review progressed, with additional letters sent into March 2026.
Separately, Cornerstone Specialty Hospitals agreed to pay $2.35 million to settle a class action lawsuit tied to a data breach that reportedly affected nearly 500,000 individuals. The available reporting focuses on the settlement amount and impacted population size, indicating ongoing legal and financial consequences for large-scale healthcare data exposure even when technical details of the underlying intrusion are not publicly described in the same source.
Timeline
Mar 10, 2026
Cornerstone Specialty Hospitals agrees $2.35M breach settlement
Cornerstone Specialty Hospitals agreed to pay $2.35 million to settle a class action lawsuit tied to a data breach affecting nearly 500,000 individuals. The provided reference does not include further technical details about the underlying incident.
Mar 9, 2026
Bell Ambulance notifies consumers reported to Maine AG
Bell Ambulance reported to the Maine Attorney General that written notice to affected consumers was sent on March 9, 2026. The filing said 237,830 people were affected, including 30 Maine residents.
Feb 20, 2026
Bell Ambulance completes internal review
Bell Ambulance completed its internal review of the incident on February 20, 2026. The review concluded that 237,830 individuals were affected and clarified the categories of compromised data.
Jan 15, 2026
Second Bell Ambulance notification wave issued
Bell Ambulance sent another wave of notifications on January 15, 2026 after identifying more affected individuals. The company continued offering 12 months of free credit monitoring and identity protection.
Dec 23, 2025
Bell Ambulance breach discovered in later review
A Maine Attorney General filing states the Bell Ambulance breach was discovered on December 23, 2025. This appears to reflect a later determination or reporting milestone tied to the broader incident review.
Oct 1, 2025
Additional Bell Ambulance victims identified in later review
Bell Ambulance identified additional affected individuals through the fall of 2025, expanding the scope of the breach. This led to later notification waves beyond the initial April 2025 notices.
Jun 1, 2025
Alexes Hazen practice suffers unauthorized system access
An unauthorized party accessed systems at Alexes Hazen, MD, PLLC between June and July 2025 and may have exfiltrated limited patient data. The practice later reported the incident to HHS OCR with a placeholder count of 500 affected individuals while its review continued.
May 13, 2025
Northwest Medical Homes identifies cybersecurity incident
Northwest Medical Homes in Oregon identified a cybersecurity incident on May 13, 2025 that may have exposed protected health information. The organization notified law enforcement, but the total number of affected individuals was not yet public.
Apr 18, 2025
First Bell Ambulance victim notifications begin
Bell Ambulance began notifying affected individuals in the first wave on April 18, 2025. The company also offered credit monitoring and identity protection services to impacted people.
Apr 14, 2025
Bell Ambulance publicly discloses cyberattack
Bell Ambulance publicly disclosed the breach on April 14, 2025, after the Medusa ransomware group claimed responsibility for the attack. Reports said Medusa alleged it stole about 219 GB of data and demanded $400,000.
Feb 13, 2025
Bell Ambulance detects unauthorized network activity
Bell Ambulance detected unauthorized activity on its network on February 13, 2025 and began investigating the incident with forensic specialists. The company later determined data had been compromised.
Feb 7, 2025
Bell Ambulance network intrusion begins
Attackers gained unauthorized access to Bell Ambulance systems during a breach window later reported as running from February 7 to February 14, 2025. Sensitive personal, financial, and health information was exposed during the incident.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
2 more from sources like teiss news and maine data breaches
Related Stories
Healthcare Data Breach Disclosures and Legal Fallout
French healthcare software provider **Cegedim Santé** confirmed a major breach affecting its *MonLogicielMedical (MLM)* product after unusual activity was detected in late 2025. The incident exposed administrative data tied to roughly **1,500 doctors** (out of ~3,800 users) and patient data at large scale—reported as **15.8 million records**, including **165,000 files** that may contain doctors’ notes; while structured medical records were reported as intact, some administrative comments may include sensitive clinical notes and highly sensitive details (e.g., HIV/AIDS status or sexual orientation). Cegedim Santé reported notifying French authorities including **CNIL** and filing a complaint. In the US, **Cornerstone Specialty Hospitals** agreed to a **$2.35M** class-action settlement tied to a **December 2023** network intrusion that ultimately affected **484,957 individuals**, with potentially exposed data spanning identifiers (including SSNs and government IDs), financial data, credentials, and health/insurance information; the suit also alleged delayed notification (letters mailed around July 2024). Separately, **PIH Health** began notifying patients about a **December 2024 ransomware attack** that disrupted multiple hospitals and services; investigators concluded the attacker had network access from **Nov 14–Dec 23, 2024**, and after a prolonged review PIH Health confirmed in **Dec 2025** that patient information was present in files on compromised systems and may have been accessed or acquired, with notification letters prepared by **Feb 25, 2026** amid claims of large-scale data theft and some data leakage online.
1 months ago
Healthcare Provider Email and Network Intrusions Expose Patient Data
**General Physician, P.C.** agreed to pay **$2.5 million** to settle consolidated class-action litigation tied to a **2024 email-environment compromise** that exposed sensitive patient data. The organization detected suspicious activity on **June 12, 2024**, and a forensic investigation found an unauthorized party had accessed its email system from **April 6 to June 12, 2024**. Potentially exposed data included **SSNs, financial account information, dates of birth, medical and treatment details, diagnoses, medical record numbers, and insurance information**; the affected population was later updated to **167,387 individuals** (after an initial placeholder report of 501 to HHS OCR). The settlement fund is intended to provide class benefits after fees/expenses, and the company did not admit wrongdoing. Two additional California healthcare providers reported separate security incidents involving unauthorized access to systems containing patient information. **Valley Radiology Consultants Medical Group** identified a breach on **September 15, 2025**, engaged third-party incident response support, confirmed unauthorized access to its network and files, and began mailing notifications after completing file review on **February 18, 2026**; it also offered **12 months of credit monitoring** and reported taking remediation steps (e.g., password changes and security enhancements). **Nephrology Associates Medical Group** separately began notifying patients about a cyberattack first identified on **May 20, 2025** (details in the provided excerpt are truncated), indicating another healthcare-sector intrusion with patient data exposure risk.
1 months ago
Healthcare Data Breach Notifications and Settlement Involving Patient Information Exposure
Multiple healthcare-related organizations disclosed **separate** incidents involving exposure or theft of patient data. Delta Medical Systems reported unauthorized access to its email environment on July 15, 2025, with potentially exposed data including names, dates of birth, Social Security numbers, driver’s license information, bank details, insurance information, and medical information. A separate HIPAA Journal report described additional incidents at Cedar Valley Services, Community Nurse, and Health Dimensions Group, including a likely **Qilin ransomware** intrusion at Cedar Valley Services and a vendor-linked compromise affecting Community Nurse through *Doctor Alliance*, where files may have been accessed between October 31 and November 17, 2025. In a different but related healthcare privacy matter, a judge approved a **$5 million settlement** in litigation against Geisinger Health and *Nuance Communications* over the theft of medical records affecting roughly **1.3 million patients** by a former Nuance employee. The stolen records reportedly included names, birthdates, addresses, medical record numbers, treatment details, and insurance information. While all three reports concern healthcare data exposure, they describe **distinct incidents** rather than one unified breach event, spanning direct compromises, third-party/vendor exposure, suspected ransomware activity, and post-incident legal resolution.
1 months ago