Ransomware Attack on Hospital Caribbean Medical Center Affects 92,000 Individuals
A ransomware attack on Hospital Caribbean Medical Center in Puerto Rico has affected up to 92,000 individuals. Data breaches have also been announced by Murray County Medical Center in Minnesota and Aligned Orthopedic Partners in Maryland. Hospital Caribbean Medical Center, Puerto Rico A major data breach has been announced by Hospital Caribbean Medical Center in Fajardo, Puerto Rico. While it is unclear when the attack occurred, the hospital issued a press release on February 8, 2026, about a cyberattack that targeted its information systems. The intrusion was detected by its monitoring systems, and steps were immediately taken to contain the incident and prevent further unauthorized access to its IT systems. The types of information exposed in the incident were not detailed in the press release, nor was the number of affected individuals; however, the incident is now shown on the HHS’ Office for Civil Rights breach portal as affecting up to 92,000 individuals. Hospital Caribbean Medical Center said it has reinforced its monitoring systems, implemented additional updates to its...
Tangoe Data Breach Settlement Receives Preliminary Approval
Tangoe, a provider of software solutions for managing telecom, mobile, and cloud expenses, has agreed to a settlement to resolve a class action lawsuit stemming from a November 2022 security incident. Tangoe experienced a cyberattack, exposing sensitive data such as names, dates of birth, Social Security numbers, medical information, health insurance information, medication information, billing and claims information, and financial account information. Hackers had access to its systems between November 15, 2022, and November 17, 2022. The breach affected some of its healthcare clients and involved unauthorized access to the protected health information of 4,765 individuals, according to the breach notice filed with the HHS’ Office for Civil Rights. While the breach occurred in November 2022, it took until November 1, 2023, for the affected individuals to be notified. A lawsuit – Kevin McLinden v. Tangoe US, Inc.- was filed in the Superior Court for Marion County, Indiana, over the data breach, alleging Tangoe failed to implement reasonable and appropriate cybersecurity...
North Texas Behavioral Health Authority Data Breach Affects 285K Individuals
North Texas Behavioral Health Authority (NTBHA), a provider of mental health and substance use treatment and services in Dallas, Ellis, Hunt, Kaufman, Navarro & Rockwall counties, has notified the Department of Health and Human Services (HHS) Office for Civil Rights about a breach of the protected health information of 285,086 individuals. The data breach is the 6th largest data breach reported to OCR so far in 2026. NTBHA identified unauthorized activity within its computer systems on or around October 15, 2025, and launched an investigation to determine the nature and scope of the activity. The investigation confirmed that an unauthorized third party accessed its network between October 13, 2025, and October 15, 2025, during which time files containing patient information may have been viewed or acquired. It took around three months to review the affected files, and on January 7, 2026, NTBHA confirmed that some of the files contained personal information. The substitute data breach notice does not list the types of data involved, although for some individuals, Social Security...
Chicago’s Saint Anthony Hospital Reports Breach Affecting 146,000 Individuals
Saint Anthony Hospital, a nonprofit, faith-based, acute care, community hospital in Chicago, has started notifying individuals about unauthorized access and/or theft of some of their personal and protected health information. The substitute breach notification does not state when the unauthorized access was detected, only that an unauthorized third party accessed and/or acquired certain files and folders of unstructured data from its email system on February 27, 2025. The forensic investigation confirmed that electronic medical records were not affected by the incident. More than a year after the unauthorized access occurred, notification letters are being sent to the affected individuals. Saint Anthony Hospital said the third-party specialists engaged to review the affected files completed their review on February 13, 2026, and notification letters started to be mailed to the affected individuals on March 6, 2026, after the results of the data review were verified and contact information was obtained. The substitute breach notice on the Saint Anthony Hospital website does not...
Data Breaches Announced by Mindpath Health; Springfield Hospital; Lone Peak Psychiatry
Data breaches have been announced by the California psychiatry and therapy provider Mindpath Health, Springfield Hospital in Vermont, and Lone Peak Psychiatry in Utah. Community Psychiatry Management (Mindpath Health) Community Psychiatry Management, LLC, doing business as Mindpath Health, a Sacramento, California-based provider of in-person and online psychiatry and therapy services, has notified the Maine Attorney General about a hacking incident that Mindpath Health learned about on November 14, 2025. The personal and protected health information of 14,060 individuals was potentially compromised in the incident, including 2 Maine residents. The incident is part of a much larger data breach at its vendor, Pinnacle Holdings, LTD. Pinnacle Holdings provides healthcare consulting services, and the data breach affected many of the company’s healthcare clients. The incident was detected by Pinnacle Holdings on November 25, 2024, when Pinnacle Holdings experienced a network disruption. The forensic investigation confirmed unauthorized network access between November 11, 2024, and...



