Cybersecurity: UMMC data hits dark web | Iran hacks med tech | $5M data heist | Breach impacts 11 pracitices | OIG Audit

Medusa, an infamous ransomware cybercriminal organization, has claimed credit for the February data breach at University of Mississippi Medical Center. In a post on its leak site, the gang is asking for $800,000 for the sale or deletion of the information it said it stole. An ominous ticking clock sets the deadline for March 20. 

Stryker, a Michigan-based company that manufactures surgical implants, confirmed it was experiencing a global network outage. Employee devices reportedly displayed the logo of a pro-Iran cybercrime cell.

The caper was carried out by a former employee of Nuance Communications, a Microsoft subsidiary. According to court documents, the man used his credentials to access patient data from 1.3 million patients at Geisinger. Police said they found the trove stored on a flash drive in his car.

The company confirmed the number of victims in filings with the federal government and the state of Maine. The data breach was discovered in October 2025, but it began in November 2024. Hackers were siphoning protected health information for roughly a year.

A fired employee of Nuance, a Microsoft subsidiary, is responsible for stealing records on 1.3 million patients from Geisinger Health in Pennsylvania. He has pleaded guilty as part of a deal with prosecutors.

The details stem from a report from SecurityWeek, but they’re a little fuzzy. After a 12 GB data trove was posted to the dark web, Vikor Scientific reported to HHS that there were nearly 140,000 victims. However, the source of the breach may be a third-party revenue cycle company, Catalyst RCM. 

McLaren Health Care fell victim to ransomware crime in 2023 and 2024, with the total number of victims exceeding 3.2 million. Those affected may be eligible for a cash payment. Per the terms of the agreement with lawyers representing victims, the health system does not admit to wrongdoing. 

The cyberattack occurred in May 2025, when vendor ApolloMD's network was compromised. The full scope of the breach was reported to HHS on Feb. 10. An infamous ransomware group claimed credit for the attack and threatened to release a data trove on the dark web. It's unclear if any ransom was paid. 

The outlet DataBreaches.net was able to gather more details on the alleged hack of the healthcare billing automation platform, said to be perpetrated by a notorious cybercriminal.

The settlement fund is being established for victims of the March 8 data breach, with a hearing to finalize the agreement scheduled for March 2026. Yale New Haven Health System denies any wrongdoing.

Neither the health system nor the applications were named. Investigators with the U.S. Department of Health and Human Services Office of the Inspector General said they were able to perform a successful phishing attack and breach a portal lacking firewall support. The agency released a report containing the full details.