1. Midlothian-based Cardiology of Virginia filed a data breach notice with the HHS Office for Civil rights Jan. 28, 2025, according to a notice by law firm Console and Associates, published at JDSupra. In October, ransomware syndicate RansomHub claimed it had acquired 1 terabyte of patient data from the practice. The hacker subsequently leaked stolen data from the practice, including a file list, YouTube video and other files. On Oct. 11, 2024, data from the attack was put up for sale on BreachForums.
2. On Jan. 28, 2025, Albany Gastroenterology disclosed that an unauthorized party may have accessed patient names and Social Security numbers, also from a notice by law firm Console and Associates, published at JDSupra. On Nov. 19, 2024, Albany Gastroenterology detected unusual activity in its systems and, upon investigation, determined the unauthorized party accessed the system Nov. 10.
3. Utica, N.Y.-based Mohawk Valley Cardiology faced a data breach impacting the personal health information of 4,945 patients. Upon learning about the breach, Mohawk launched an investigation, contacted law enforcement, deployed an incident response team and data security professionals, and stopped unauthorized access to the system.
