| Editor's Choice: Cybersecurity | The cyberattack occurred in May 2025, when vendor ApolloMD's network was compromised. The full scope of the breach was reported to HHS on Feb. 10. An infamous ransomware group claimed credit for the attack and threatened to release a data trove on the dark web. It's unclear if any ransom was paid. The cyberattack occurred in May 2025, when vendor ApolloMD's network was compromised. The full scope of the breach was reported to HHS on Feb. 10. An infamous ransomware group claimed credit for the attack and threatened to release a data trove on the dark web. It's unclear if any ransom was paid. | | |
| The UnitedHealth Group subsidiaries had attempted to have the case dismissed. However, a court rejected the motion. Nearly half of Nebraskans were impacted by the infamous February 2024 data breach on Change Healthcare. The UnitedHealth Group subsidiaries had attempted to have the case dismissed. However, a court rejected the motion. Nearly half of Nebraskans were impacted by the infamous February 2024 data breach on Change Healthcare. | | |
| McLaren Health Care fell victim to ransomware crime in 2023 and 2024, with the total number of victims exceeding 3.2 million. Those affected may be eligible for a cash payment. Per the terms of the agreement with lawyers representing victims, the health system does not admit to wrongdoing. McLaren Health Care fell victim to ransomware crime in 2023 and 2024, with the total number of victims exceeding 3.2 million. Those affected may be eligible for a cash payment. Per the terms of the agreement with lawyers representing victims, the health system does not admit to wrongdoing. | | |
| Neither the health system nor the applications were named. Investigators with the U.S. Department of Health and Human Services Office of the Inspector General said they were able to perform a successful phishing attack and breach a portal lacking firewall support. The agency released a report containing the full details. Neither the health system nor the applications were named. Investigators with the U.S. Department of Health and Human Services Office of the Inspector General said they were able to perform a successful phishing attack and breach a portal lacking firewall support. The agency released a report containing the full details. | | |
| Aultman Health System notified its patients of the data breach in December 2025. However, the breach occurred some 11 months earlier. The organization said the delay was due to an ongoing investigation. The lawsuit against Aultman is seeking class action status. Aultman Health System notified its patients of the data breach in December 2025. However, the breach occurred some 11 months earlier. The organization said the delay was due to an ongoing investigation. The lawsuit against Aultman is seeking class action status. | | |
| The cyberattack was not discovered until October 2025, and a headcount of the victims is still being conducted. In the meantime, a patient of Sacramento-based One Community Health argues in a lawsuit that the nonprofit health system failed to secure his data, as required by law. The complaint is seeking class action status. The cyberattack was not discovered until October 2025, and a headcount of the victims is still being conducted. In the meantime, a patient of Sacramento-based One Community Health argues in a lawsuit that the nonprofit health system failed to secure his data, as required by law. The complaint is seeking class action status. | | |
| The January 2024 incident at Group Health Cooperative of South Central Wisconsin had all of the hallmarks of a ransomware attack, with an unknown cybercrime group taking credit in a letter to the payer. In total, 533,000 people were impacted by the data breach. The January 2024 incident at Group Health Cooperative of South Central Wisconsin had all of the hallmarks of a ransomware attack, with an unknown cybercrime group taking credit in a letter to the payer. In total, 533,000 people were impacted by the data breach. | | |
| Researchers from University of Minnesota found that more than 300 small, rural hospitals didn't even apply for relief. At the same time, many larger, for-profit systems received hundreds of thousands in overpayments. The findings are published in Health Affairs. Researchers from University of Minnesota found that more than 300 small, rural hospitals didn't even apply for relief. At the same time, many larger, for-profit systems received hundreds of thousands in overpayments. The findings are published in Health Affairs. | | |
| The cyberattack on Central Maine Healthcare happened in summer 2025, but the investigation was complicated by the hackers having access to systems for several months. A class action lawsuit is pending in state court. The cyberattack on Central Maine Healthcare happened in summer 2025, but the investigation was complicated by the hackers having access to systems for several months. A class action lawsuit is pending in state court. | | |
| In total, 22 facilities will benefit from the money, provided by the Statewide Health Care Facility Transformation Program. Projects include cybersecurity upgrades and telehealth implementation, in addition to EHR upgrades. In total, 22 facilities will benefit from the money, provided by the Statewide Health Care Facility Transformation Program. Projects include cybersecurity upgrades and telehealth implementation, in addition to EHR upgrades. | | |
| |
|
| ![]() | |
|
