It took the healthcare organization nearly one year to publicly disclose a data breach after it was targeted by Inc Ransom.

The post Sandhills Medical Says Ransomware Breach Affects 170,000 appeared first on SecurityWeek.

Some of the vulnerabilities discovered by Aisle can be exploited to access and alter sensitive patient information.

The post 38 Vulnerabilities Found in OpenEMR Medical Software appeared first on SecurityWeek.

Steve Alder reports: Tempus AI, a publicly traded healthcare artificial intelligence company, is facing multiple class action lawsuits over the alleged unauthorized collection and disclosure of genetic testing results, which were derived from genetic testing by Ambry Genetics Corporation (Ambry Genetics). Tempus AI used Ambry Genetics’ genetic database to train its AI models. Tempus AI...

Lawmakers at a hearing Tuesday explored ways to beef up punishments for ransomware attacks against hospitals, possibly by labeling them as more severe crimes.

One proposal floated at the House Homeland Security Committee hearing, to treat ransomware attacks as terrorism, is an idea Congress has flirted with before. Another would be to press prosecutors to pursue homicide charges in attacks on hospitals where death resulted — something German authorities also once pondered.

A former top FBI cyber official, Cynthia Kaiser, put forward both ideas at the hearing, a joint meeting of the subcommittees on Border Security and Enforcement and Cybersecurity and Infrastructure Protection on cybercrime, drawing questions and interest from members.

“I believe there are no penalties too severe for individuals that would target our health care system,” said Mississippi Rep. Michael Guest, chair of the border subcommittee, whose home state of Mississippi’s health care clinics closed following a February ransomware attack.

The suggestions stem from a growing focus by ransomware attackers on the health care sector, with incidents doubling from 238 in 2024 to 460 in 2025 according to FBI statistics, making it the top targeted sector.

Kaiser, now senior vice of the Halcyon ransomware research center, said terrorism designations from the State, Treasury and Justice departments could lead to further sanctions, restricted travel and other punishments. Justice Department guidance on homicide charges could clarify its authorities, she said.

“It sounds like the language is there, it just has not been applied in these circumstances,” said Rep. Lou Correa of California, the top Democrat on Guest’s subpanel.

The notion of more closely entwining cyberattacks and terrorism is something both Congress and the executive branch have examined recently.

The fiscal 2025 Senate intelligence authorization bill would have directly linked ransomware to terrorism, although the final version of the bill that became law was less explicit than the original Senate language. The Treasury Department last month asked for public feedback on changing a terrorism risk insurance program to address cyber-related losses.

A University of Minnesota study from 2023 estimated that hospital ransomware attacks were responsible for dozens of deaths of Medicare patients. German authorities in 2020 opened a negligent homicide investigation following a death in the aftermath of a ransomware attack, but ultimately decided against charges.

The Trump administration’s national cyber strategy advocates for taking a more offensive approach to hackers. It released an executive order on cybercrime and fraud the same day it published the strategy. Kaiser said the proposals are in line with those approaches.

Hackers know their attacks could end lives, she said. “They have simply decided these deaths are someone else’s problem,” Kaiser said.

The post Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks appeared first on CyberScoop.

Data breaches were disclosed by Southern Illinois Dermatology, Saint Anthony Hospital, and North Texas Behavioral Health Authority.

The post Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000 appeared first on SecurityWeek.

Margaret Attridge reports: A federal judge Thursday indicated he would grant preliminary approval to a proposed $56 million class action settlement over a lawsuit that accused period tracking app Flo of sharing users’ highly sensitive information with third parties, including Google. “I have to get rid of this thing. No one has gotten paid. This...

Cookeville Regional Medical Center was targeted last year by the Rhysida ransomware group, which stole 500GB of data.

The post Data Breach at Tennessee Hospital Affects 337,000 appeared first on SecurityWeek.

There seem to be more news stories about data protection out of Kenya recently. This one appeared on CapitalFM: The Office of the Data Protection Commissioner (ODPC) has found St Luke’s Orthopaedic and Trauma Hospital liable for unlawfully disclosing a patient’s sensitive medical information and ordered it to pay Sh525,000 in compensation. In a ruling...

Cyrus Farivar reports: Several Californians sued Sutter Health and MemorialCare this week over allegations that an AI transcription tool was used to record them without their consent, in violation of state and federal law. The proposed class-action lawsuit, filed on Wednesday in federal court in San Francisco, states that, within the past six months, the plaintiffs received...

The Standard reports: A medical intern at Princess Margaret Hospital has been suspended after allegedly posting photos containing patients’ information on a personal social media account, the Hospital Authority (HA) announced. The incident came to light after a complaint was filed on Friday, prompting the hospital to launch an immediate investigation. A spokesperson for the...

Odia Kagan of FoxRothschild writes: A new federal court decision denied a motion to dismiss in a case alleging Federal Electronic Communications Privacy Act (ECPA) claims arising from the sharing of health information through a website’s online tracking technology. What does this case teach and what should healthcare companies be doing about it? Recap of...

Dutch healthcare software vendor ChipSoft has been impacted by a ransomware attack that forced the company to take offline its website and digital services for patients and healthcare providers. [...]

Signature Healthcare was forced to cancel some services, and pharmacies are unable to fill prescriptions due to the hacker attack.

The post Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption  appeared first on SecurityWeek.

Hunton Andrews Kurth writes: On March 25, 2026, New Jersey enacted A4070, which restricts health care facilities’ collection and disclosure of certain patient information, including immigration status, citizenship status, place of birth, Social Security number and individual taxpayer identification number. Under the law, a health care facility may not request or collect the listed information unless...

by Amanda Seitz and Maia Rosenfeld April 8, 2026 The Trump administration is quietly seeking unprecedented access to medical records for millions of federal workers and retirees, and their families. A brief notice from the Office of Personnel Management could dramatically change which personally identifiable medical information the agency obtains, giving it the power to...

Danielle Han reports: Nearly two years after Lizelle Gonzalez filed a civil lawsuit against Texas prosecutors for wrongfully jailing her over a self-managed abortion, a Trump-appointed judge on Tuesday dismissed the case by declaring the officials involved were protected by “qualified immunity.” Ah, yes, because what’s more overrated in a thriving republic than, say, due process? Gonzalez’s case garnered international...

In January 2026, a threat actor hacked the hospital’s internal network and stole personal and health information.

The post 250,000 Affected by Data Breach at Nacogdoches Memorial Hospital appeared first on SecurityWeek.

Kelsey Reichmann reports: Ruling against Colorado’s conversion therapy ban, the Supreme Court on Tuesday held that a religious counselor had a First Amendment right to provide faith-based counseling to change sexual behaviors. In an 8-1 ruling, the court said Colorado’s law censored speech based on viewpoint because it prohibited not only long-abandoned aversive physical interventions but also...

Rose Lundy reports: The U.S. Department of Health and Human Services’ Office for Civil Rights announced on March 19 that it would investigate Maine and 12 other states that have laws requiring health insurance plans to cover abortion services. The office is asserting that a federal provision called the Weldon Amendment, which protects “health care entities” such as...

Healthcare IT firm CareCloud has disclosed a data breach incident that exposed sensitive data and caused a network disruption lasting approximately eight hours. [...]