Data Breaches Announced by Victory Disability & Madison Healthcare Services
Data breaches have been announced by the Pennsylvania law firm Victory Disability and the Minnesota healthcare provider Madison Healthcare Services.
Victory Disability, Pennsylvania
Victory Disability, a Pennsylvania law firm specializing in assisting veterans with Social Security and disability claims, has issued notifications about a security incident it became aware of in November 2025, when an unknown party claimed to have breached its network and obtained sensitive data. An investigation was launched to determine the validity of the claims, with assistance provided by third-party digital forensics specialists.
The investigation confirmed that an unauthorized third party had access to a portion of its network environment from October 27, 2025, to November 12, 2025, and files containing sensitive data were exposed and may have been obtained. The files were reviewed and found to include names, addresses, telephone numbers, email addresses, and Social Security numbers, and for certain individuals, dates of birth, diagnoses, treatment information, lab results, and medications. The information exposed varied from individual to individual based on the information supplied to the firm in connection with claims.
In response to the breach, Victory Disability engaged cybersecurity experts to monitor dark web forums and marketplaces for any release of client data. At the time of issuing notifications, no evidence had been found to indicate any of the affected data had been posted on the clear or dark web. As a precaution against the misuse of the affected information, complimentary credit monitoring and identity theft protection services have been offered to the affected individuals for 24 months. The data breach has been reported to regulators, although none currently list the number of affected individuals.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Madison Healthcare Services
Madison Healthcare Services, a healthcare provider serving individuals and families in western Minnesota, has recently disclosed a cybersecurity incident involving unauthorized access to patient data. Suspicious network activity was identified, and the forensic investigation confirmed unauthorized access to its network between July 2025 and August 2025.
Madison Healthcare said the investigation and file review are ongoing, and it has yet to be determined how many individuals have been affected or the types of data involved. The data breach has been reported to the HHS Office for Civil Rights using a placeholder figure of at least 500 individuals. The total will be updated when the file review is concluded, and individual notifications will be mailed. In the meantime, patients have been advised to remain vigilant against identity theft and fraud.
The threat actor behind the incident was not disclosed; however, the Worldleaks threat group claimed responsibility for the attack and added Madison Healthcare to its dark web data leak site in September. The group claims to have published the stolen data as the ransom was not paid.
