Almost 26,000 Individuals Affected by Data Breach at Methodist Homes of Alabama & Northwest Florida
Data breaches have recently been announced by Methodist Homes of Alabama & Northwest Florida, Rockhill Women’s Care, and Sierra Vista Hospital & Clinics. Methodist Homes of Alabama & Northwest Florida Methodist Homes of Alabama & Northwest Florida, a provider of affordable homes, senior living, and healthcare services, disclosed a data breach on October 8, 2025, involving unauthorized access to the personal and protected health information of almost 26,000 residents, employees, and other individuals. The breach occurred almost one year previously, having first been detected on October 14, 2024. An investigation was launched to determine the cause of suspicious network activity, which confirmed that an unauthorized actor had access to its network between October 2, 2024, and October 14, 2024. During that time, sensitive data may have been accessed or acquired. All exposed files were reviewed, and that process was completed on September 2, 2025. Notification letters have now been mailed to all individuals with valid contact information, and regulators have been...
$49.99M Settlement Agreed to Resolve Class Action Data Breach Lawsuit Against Heritage Provider Network et al
A $49.99 million settlement has received preliminary approval from the court to resolve class action litigation against Heritage Provider Network, Regal Medical Group, and eight co-defendants over a December 2022 data breach that affected approximately 3,413,000 individuals. California-based Heritage Provider Network (Heritage) and the affiliated defendants operate as one of the largest physician-owned integrated healthcare networks in the United States. Heritage, arranged to provide medical services for the plaintiffs and class members through affiliates such as Regal Medical Group. On or around December 1, 2022, hackers gained access to servers containing patient data and exfiltrated sensitive data such as names, addresses, dates of birth, Social Security numbers, and healthcare information. The investigation revealed the hackers had access to those servers until the attack was discovered on December 8, 2022, and between December 1 and 2, 2022, they are alleged to have exfiltrated personally identifiable information (PII) and protected health information (PHI). The defendants...
Fort Wayne Medical Education Program Data Breach Affects Almost 30,000 Individuals
A data breach at the Fort Wayne Medical Education Program has affected almost 30,000 individuals. Data breaches have also been announced by Space Coast Vascular in Florida and Partners in Pediatrics in Colorado. Fort Wayne Medical Education Program Fort Wayne Medical Education Program, a family medicine residency in Northeastern Indiana, has recently announced a security incident that potentially involved unauthorized access to the personal and protected health information of up to 29,485 individuals, including patients, employees, and employees’ dependents. Suspicious activity was identified within its computer network on December 17, 2024, and after securing its systems, the activity was investigated. The forensic investigation confirmed that an unauthorized actor had access to its computer network from December 12, 2024, to December 17, 2024, during which time files containing sensitive data may have been viewed or acquired. The file review was completed on September 9, 2025, when it was confirmed that personal and protected health information had been exposed. The types of data...
$30 Million Settlement Agreed to Resolve Integris Health Class Action Data Breach Lawsuit
Integris Health has agreed to pay $30 million to settle class action data breach litigation. The settlement resolves claims stemming from a major data breach in 2023 that saw hackers gain access to systems containing the electronic protected health information of more than 2.38 million individuals. Integris Health, one of the largest health systems in Oklahoma, first announced the cyberattack and data breach in December 2023. Hackers gained access to its computer network on November 28, 2023, and exfiltrated files containing patient data. The threat actor did not encrypt files but demanded payment to prevent the release of the stolen data. On December 24, 2025, Integris Health started to be contacted by patients who had been contacted directly by the threat actor, who was demanding $50 per patient to delete their stolen data. The HHS’ Office for Civil Rights was notified about the data breach in February 2024 and was told that the protected health information of 2,385,646 individuals was compromised in the attack. The stolen data included names, contact information, birth dates,...
ALN Medical Management to Pay $4 Million to Settle Class Action Data Breach Lawsuit
ALN Medical Management, a Nebraska-based revenue cycle management company, has agreed to pay $4 million to settle class action litigation over a March 2024 cybersecurity incident. As reported below, this was a hacking incident that occurred in March 2024, which was initially reported to the HHS’ Office for Civil Rights (OCR) using a placeholder figure of at least 501 affected individuals. The breach total was then revised to more than 1.8 million individuals, and subsequently revised downwards to 1,323,720 individuals. The incident is now archived on the OCR breach portal, indicating that OCR has closed the investigation. ALN Medical Management and its healthcare clients, Allied Physicians Group, PLLC, Bethany Medical Clinic of New York, PLLC, Hoag Clinic, and National Spine and Pain Centers, LLC, were named in class action lawsuits over the data breach, which were consolidated in a single suit, In Re: ALN Medical Management Data Incident Litigation, in the U.S. District Court for the District of Nebraska. The lawsuit alleged that ALN Medical Management used the information...



