Delta Medical Systems Notifies Patients About July 2025 Cyberattack
Data breaches have recently been announced by Delta Medical Systems in Wisconsin, Ansell Healthcare Products in New Jersey, and FuturHealth in California. Delta Medical Systems, Wisconsin Delta Medical Systems, a Wisconsin-based provider of medical imaging solutions and associated services, has notified state attorneys general about an email incident that occurred last summer. On July 15, 2025, Delta Medical Systems identified unusual activity within its email environment. Immediate action was taken to secure its email system and network, and a forensic investigation was launched to determine the cause, nature, and scope of the activity. Assisted by third-party cybersecurity experts, Delta Medical Systems determined that an unauthorized third party had access to its email environment and may have viewed or acquired company data, including patient information, on July 15, 2025. The affected data was reviewed, and that process was completed in November 2025, when it was confirmed that personal and protected health information was involved. Data compromised in the incident included...
PHI Exposed in Data Breaches at Cedar Valley Services; Community Nurse; Health Dimensions Group
Data breaches have recently been reported by Cedar Valley Services and Health Dimensions Group in Minnesota, and Community Nurse in Massachusetts. Cedar Valley Services, Minnesota Cedar Valley Services, a provider of vocational rehabilitation services to individuals in Southern Minnesota, has notified the HHS’ Office for Civil Rights about a data incident that involved the exposure of individuals’ protected health information. Little information about the incident has been publicly disclosed by Cedar Valley Services at this point, other than it being a hacking/IT incident affecting at least 501 individuals. The 501 total provided to the HHS’ Office for Civil Rights is a commonly used placeholder figure when the number of affected individuals has yet to be determined. This appears to have been a ransomware attack by the Qilin ransomware group, which added Cedar Valley Services to its dark web data leak site in December 2025. Qilin claims to have exfiltrated sensitive data in the attack. The listing was added on December 21, 2025, and screenshots of data allegedly stolen in the...
CommonSpirit Health Patients Affected by Vendor Data Breach
The Chicago, IL-based Catholic health system CommonSpirit Health has announced that it has been affected by a security incident at a vendor of one of its business associates. The healthcare consulting company Pinnacle Holdings Ltd experienced network disruption on November 25, 2024, as a result of a ransomware attack. The ransomware group had access to Pinnacle’s network from November 11, 2024, to November 25, 2024. During that time, files were exfiltrated from Pinnacle’s network. Pinnacle was a vendor of CommonSpirit Health’s vendor, NorthGauge Healthcare Advisors. In a breach notice issued to the Washington Attorney General on behalf of CommonSpirit Health, NorthGauge explained that Pinnacle immediately isolated its network when the attack was detected and has since implemented additional security measures to prevent similar incidents in the future. NorthGauge explained that Pinnacle had strict policies and procedures in place concerning data retention and data destruction, which limited the amount of data compromised in the incident. Pinnacle engaged a third-party vendor to...
Ransomware Group Claims Attacks on Meadowlark Hills Retirement Community & MedPeds
Meadowlark Hills retirement community in Kansas and MedPeds Associates of Sarasota in Florida have announced data breaches. The Beast ransomware group has claimed responsibility for both attacks. Manhattan Retirement Foundation (Meadowlark Hills), Kansas Manhattan Retirement Foundation, doing business as Meadowlark Hills, has reported a breach of the protected health information of 14,442 individuals to the HHS’ Office for Civil Rights. The Manhattan, KS-based non-profit retirement community and skilled nursing facility explained that unauthorized access to its network was identified on or around July 21, 2025. The forensic investigation determined that there had been unauthorized network access between July 12, 2025, and July 21, 2025. During that time, files containing personal and protected health information were exfiltrated from its network. The review of the files on the compromised parts of its network was completed on January 28, 2026, when it was confirmed that the following data elements were involved: name, date of birth, Social Security number, Driver’s license...
California Dental Care Provider; Childcare Referral Agency Announce Data Breaches
Data breaches have been reported by two entities in California – Tieu Dental Corporation has announced a July 2025 hacking-related data breach affecting an as of yet undisclosed number of individuals. The Children’s Council of San Francisco has determined that more than 12,650 individuals have been affected by an August 2025 ransomware attack. Tieu Dental Corporation Announces July 2025 Data Breach Tieu Dental Corporation, a California-based provider of oral and maxillofacial surgery services, has started notifying patients about unauthorized access to its computer network last summer. The intrusion was identified on or around July 29, 2025, and the forensic investigation confirmed that an unauthorized third party accessed its network between July 28 and July 29, 2025. The compromised parts of its network were reviewed, and on January 11, 2026, Tieu Dental confirmed that the compromised files included patient data such as names, dates of birth, Social Security numbers, medical records, treatment plans, prescription information, and health insurance information. Tieu Dental...



