Skip to content

Incidents in sector:

Healthcare

EspionageContained

UNC6508 PRC-nexus medical & defense research espionage campaign

Google's Threat Intelligence Group disclosed that PRC-nexus actor UNC6508 spent more than a year inside U.S. and Canadian medical, academic and military-health research environments, compromising legacy REDCap servers, deploying custom INFINITERED malware and abusing Google Workspace email compliance rules to silently exfiltrate research and defense data.

Victim
U.S. and Canadian medical, academic and military-health research institutions
Data breachOngoing

Leak at ADMR

On 5 February 2026, the threat group RavenSec claimed a breach of France's ADMR home-care network, leaking member data โ€” names, email and postal addresses and organisation details โ€” with over 10,000 people initially affected and a claimed underlying database of millions.

Victim
ADMR
Data breachUnknown

Leak at Puteaux Medical Imaging Centre

On 28 January 2026, patient personal data from the Centre d'Imagerie Mรฉdicale de Puteaux โ€” a radiology and medical imaging centre in the Hauts-de-Seine โ€” was exposed in a confirmed data breach, including names, dates of birth, contact details and appointment history.

Victim
Puteaux Medical Imaging Centre
Supply chainOngoing

Leak at monlogicielmedical.com

Breach of the MonLogicielMedical (MLM) practice software by Cegedim Santรฉ, disclosed to affected doctors in early January 2026, exposing patient administrative records โ€” name, date of birth, address, social-security scheme โ€” for up to 11โ€“15 million patients via compromised doctor accounts.

Victim
monlogicielmedical.com
Data breachContained

Leak at Mรฉdecin Direct

MรฉdecinDirect, the French teleconsultation platform (a Teladoc Health subsidiary), disclosed on 3 December 2025 a data breach detected on 28 November exposing the personal and health data of around 285,000 patients, with a threat actor claiming up to 323,069 records.

Victim
Mรฉdecin Direct
Data breachContained

Leak at Itelis

In November 2025, Itelis โ€” a French optical health-care network linked to AXA โ€” disclosed a breach exposing roughly 1.6 million beneficiaries' identity and optical-reimbursement data, including names, dates of birth and social security numbers.

Victim
Itelis
Supply chainContained

Leak at APRS (via Itelis)

APRS members were exposed in the November 2025 breach of Itelis, AXA's third-party optical-care platform, after an attacker posed as a partner optician; leaked data included names, dates of birth, social security numbers, optical reimbursement records and vision-correction details.

Victim
APRS
Data breachContained

Data leak at Weda

On 12 November 2025, French medical-software publisher Weda disclosed a cyberattack in which compromised practitioner credentials (stolen by infostealer malware) gave attackers unauthorized access to its patient-record platform, potentially exposing sensitive medical data for tens of thousands of healthcare professionals.

Victim
Weda
Data breachOngoing

Leak at Regional Health Agencies of รŽle-de-France, Auvergne, Rhรดne-Alpes, Hauts-de-France, Pays de la Loire and Normandie

A September 2025 cyberattack on regional health-identity platforms used by several French Regional Health Agencies (ARS) exposed patient identity data; an attacker claimed roughly 35 million patient records across 130+ public hospitals, later offered for sale by the DumpSec group.

Victim
Regional Health Agencies of รŽle-de-France, Auvergne, Rhรดne-Alpes, Hauts-de-France, Pays de la Loire and Normandie
Data breachContained

Leak at Agence Rรฉgionale de Santรฉ des Hauts-de-France

A cyberattack on the shared regional health platform (Prรฉdice/GIP Inรฉa) hosting patient identity data from public hospitals in Hauts-de-France exposed records such as names, dates and places of birth, contact details and, in some cases, social security numbers; medical records were not affected.

Victim
Agence Rรฉgionale de Santรฉ des Hauts-de-France
Supply chainContained

Leak at Inovie Labosud

On 23 September 2025, French medical-lab group Inovie Labosud disclosed a breach exposing administrative and medical data of an estimated 3.2 million patients after attackers used a third-party provider's stolen credentials.

Victim
Inovie Labosud
Records
3.2M
Data breachContained

Leak at Optic 2000

In early August 2025, French optician chain Optic 2000 was hit by a cyberattack โ€” confirmed on 30 July 2025 and affecting four stores around Paris โ€” that exposed customer records including names, social security numbers, dates of birth, postal addresses, phone numbers and optician details.

Victim
Optic 2000
Data breachResolved

Hello Cake data breach (2025)

In July 2025, the sexual healthcare product maker Hello Cake suffered a data breach. The data was subsequently posted on a public hacking forum and included 23k unique email addresses along with names, phone numbers, physical addresses, dates of birth and purchases.

Victim
Hello Cake
Records
22.9K
Data breachContained

Leak at Hรดpital privรฉ de la Loire

A cyberattack on Hรดpital privรฉ de la Loire (Ramsay Santรฉ) in Saint-ร‰tienne, France exposed personal data of up to 530,000 patients, including identity details, social-security numbers (NIR), ID documents and consultation records, after a hacker used stolen physician credentials.

Victim
Hรดpital privรฉ de la Loire
Data breachResolved

Omnicuris data breach (2025)

In June 2025, the Indian CME platform Omnicuris suffered a data breach that exposed approximately 200k records of healthcare professionals. The data included names, email addresses, phone numbers, geographic locations and other data attributes relating to professional expertise and trainingโ€ฆ

Victim
Omnicuris
Records
215.3K
Data breachUnknown

Leak at Pulsy

Patient data managed by Pulsy, the regional e-health operator (GRADeS) for France's Grand Est region, was reported leaked on 13 May 2025, exposing identity details, contacts and sensitive health information including care pathways and hospitalisation records.

Victim
Pulsy
Data breachContained

Leak at Cerballiance

In late March 2025, French medical-laboratory network Cerballiance disclosed a data breach traced to a February intrusion on an IT provider's server, exposing administrative and some health data of patients in the PACA region, including names, social security numbers and certain test reports.

Victim
Cerballiance
Data breachContained

Yale New Haven Health data breach (2025)

Suspicious network activity at Yale New Haven Health led to the largest U.S. healthcare data breach of 2025: 5.5 million patients had names, contact details, dates of birth, medical record numbers, and Social Security numbers stolen. The health system later agreed to an $18 million class-action settlement.

Victim
Yale New Haven Health System
Loss
$18.0M
Records
5.6M
Data breachContained

Leak at AIDES

On 27 January 2025, French HIV/hepatitis-prevention charity AIDES disclosed a breach of a secured file-sharing server, exposing supporters' identity, contact and banking details (IBAN) and, for some, health-related information.

Victim
AIDES
Data breachContained

Leak at Mediboard

On 19 Nov 2024 a threat actor put the records of ~758,912 patients of French healthcare provider Alรฉo Santรฉ โ€” extracted via a compromised privileged account on the Mediboard patient-record platform โ€” up for sale on BreachForums, exposing identities, contact details and sensitive medical data.

Victim
Mediboard
Records
758.9K
Data breachResolved

Piping Rock data breach (2024)

In April 2024, 2.1M email addresses from the online health products store Piping Rock were publicly posted to a popular hacking forum. The data also included names, phone numbers and physical addresses.

Victim
Piping Rock
Records
2.1M
Data breachContained

Leak at Almerys, Viamedis

In early February 2024, French third-party health-payment operators Viamedis and Almerys disclosed breaches exposing data on about 33 million people โ€” names, dates of birth, social security numbers and health-insurer details โ€” in one of France's largest ever data breaches.

Victim
Almerys, Viamedis
Records
33.0M
RansomwareResolved

ALAB Laboratoria ransomware data leak

The RA World ransomware gang breached Poland's nationwide ALAB Laboratoria medical-lab network, stealing patient test results and PESEL identity numbers. ALAB refused to pay, and the criminals published sensitive medical data on tens of thousands of patients in what became Poland's largest medical data breach.

Victim
ALAB Laboratoria
Records
50.0K
Data breachResolved

DC Health Link data breach (2023)

In March 2023, DC Health Link discovered a data breach that was later publicly posted to a popular data breach forum. The impacted data included 48k unique email addresses alongside names, genders, dates of birth, home addresses, phone numbers and social security numbers.and "IntelBroker".

Victim
DC Health Link
Records
48.1K
RansomwareContained

AIIMS Delhi ransomware

Ransomware encrypted the All India Institute of Medical Sciences in New Delhi โ€” India's most prestigious public hospital โ€” taking patient registration and clinical records offline for two weeks during peak winter patient load.

Victim
All India Institute of Medical Sciences (AIIMS) New Delhi
Loss
$15.0M
Data breachResolved

Washington State Food Worker Card data breach (2022)

In June 2023, the Tacoma-Pierce County Health Department announced a data breach of their Washington State Food Worker Card online training system. The breach was published to a popular hacking forum the year before and dated back to a 2018 database backup.

Victim
Washington State Food Worker Card
Records
1.6M
Data breachResolved

Gemotest medical laboratory data breach

A database from Russian medical-testing chain Gemotest was offered on a hacking forum, with sellers claiming data on 31 million clients โ€” names, passport and insurance numbers, dates of birth, addresses, phone numbers and email addresses. Have I Been Pwned later indexed about 6.3 million unique email addresses from the leak.

Victim
Gemotest
Records
31.0M
Data breachResolved

CyberServe data breach (2021)

In October 2021, the Israeli hosting provider CyberServe was breached and ransomed before having a substantial amount of their customer data leaked publicly by a group known as "Black Shadow". Amongst the data was the LGBTQ dating site Atraf and the Machon Mor medical institute.

Victim
CyberServe
Records
1.1M
RansomwareContained

HSE Ireland ransomware (Conti)

Conti ransomware paralysed Ireland's Health Service Executive, forcing cancellation of outpatient appointments nationwide for weeks. Conti released the decryptor for free; recovery still cost an estimated โ‚ฌ100M+.

Victim
Health Service Executive (HSE) of Ireland
Loss
$130.0M
Records
700.0K
RansomwareContained

HSE Ireland Conti ransomware national healthcare shutdown (2021)

Conti operators tricked an HSE user into downloading a booby-trapped Excel attachment; the resulting ransomware forced the Health Service Executive to shut down all of Ireland's healthcare IT systems and exfiltrated 700 GB including COVID-19 vaccination PHI. Recovery cost exceeded โ‚ฌ100 million.

Victim
Health Service Executive (HSE) of Ireland
Loss
$110.0M
Data breachResolved

Unverified Data Source data breach (2021)

In January 2021, over 11M unique email addresses were discovered by Night Lion Security alongside an extensive amount of personal information including names, physical and IP addresses, phone numbers and dates of birth.

Victim
Unverified Data Source
Records
11.5M
Data breachResolved

MMG Fusion data breach (2020)

In December 2020, the dental practice management service MMG Fusion was the victim of a data breach which exposed 2.6M unique email addresses. The data also included patient appointments, names, phone numbers, dates of birth, genders and physical addresses.

Victim
MMG Fusion
Records
2.7M
Data breachContained

Vastaamo psychotherapy data breach and patient extortion (Finland, 2020)

Records on approximately 33,000 patients of Finnish psychotherapy provider Vastaamo were stolen in 2018 from an unencrypted database with no root password. After failed company-extortion in October 2020, the attacker sent ransom demands to ~30,000 patients directly. Founder later acquitted; Aleksanteri Kivimรคki convicted and sentenced to 6 years 3 months.

Victim
Vastaamo (Finnish psychotherapy centre)
Loss
$670.0K
Records
33.0K
RansomwareRansom paid

LifeLabs data breach

Canada's largest medical-testing laboratory disclosed that attackers had accessed health data on roughly 15 million customers, paid an undisclosed ransom to retrieve the stolen records, and was later found by privacy regulators to have failed to safeguard the information.

Victim
LifeLabs
Records
15.0M
RansomwareResolved

Beneลกov Hospital Ryuk ransomware attack

An Emotetโ€“TrickBotโ€“Ryuk malware chain crippled the Rudolf and Stefanie Hospital in Beneลกov, Czech Republic, knocking out X-ray, ultrasound, and laboratory systems and paralysing the facility for weeks. The hospital did not pay the ransom and reported no patient-record loss.

Victim
Rudolf and Stefanie Hospital, Beneลกov
Data breachResolved

Promofarma data breach (2019)

In August 2019, a data breach from the Spanish online pharmacy Promofarma appeared for sale on a dark web marketplace. The breach exposed over 2.7M records and contained almost 1.3M unique customer email addresses. The data also included customer names and was provided to HIBP by dehashed.com.

Victim
Promofarma
Records
1.3M
EspionageContained

SingHealth data breach

Chinese state-attributed actors exfiltrated personal and outpatient medication records on 1.5 million SingHealth patients โ€” including Prime Minister Lee Hsien Loong โ€” in Singapore's most serious cyber incident.

Victim
Singapore Health Services (SingHealth)
Loss
$7.5M
Records
1.5M
Data breachResolved

8fit data breach (2018)

In July 2018, the health and fitness service 8fit suffered a data breach. The data subsequently appeared for sale on a dark web marketplace in February 2019 and included over 15M unique email addresses alongside names, genders, IP addresses and passwords stored as bcrypt hashes.

Victim
8fit
Records
15.0M
Data breachResolved

Health Now Networks data breach (2017)

In March 2017, the telemarketing service Health Now Networks left a database containing hundreds of thousands of medical records exposed. There were over 900,000 records in total containing significant volumes of personal information including names, dates of birth, various medical conditions andโ€ฆ

Victim
Health Now Networks
Records
321.9K
Data breachResolved

MyFHA data breach (2015)

In approximately February 2015, the home financing website MyFHA suffered a data breach which disclosed the personal information of nearly 1 million people.

Victim
MyFHA
Records
972.6K