Five distinct healthcare organizations across the nation—Crenshaw Community Hospital in Alabama, Waveny LifeCare in Connecticut, Aunt Martha’s Health and Wellness in Illinois, Pulse Urgent Care Center in California, and MyCardiologist in Florida—have recently disclosed security incidents ranging from ransomware attacks to network system breaches. These attacks, detected between March and August of 2025, involved unauthorized access to their networks and the potential exfiltration of sensitive patient data. All of the affected providers engaged third-party cybersecurity experts to investigate the incidents, contain the threats, and restore their systems, though the scope and impact of each attack vary.
Crenshaw Community Hospital in Luverne, Alabama, detected a network disruption on June 16, 2025. The ongoing investigation confirmed that files were copied from the systems, and the Payouts King ransomware group has publicly claimed responsibility for the attack. This group, known for “double extortion,” alleges to have exfiltrated 53 GB of data and published the entire dataset on its dark web leak site after the hospital failed to pay the ransom. Crenshaw Community Hospital is still reviewing the affected data to determine which individuals and what types of information were involved, advising patients to be vigilant against identity theft and fraud until individual notification letters are mailed.
The Waveny LifeCare Network in New Canaan, Connecticut, which provides senior living and healthcare services, detected a cyberattack on or around May 28, 2025. Immediate action was taken to contain the incident, and an investigation confirmed that attackers accessed data on the network. The compromised information is extensive, potentially including name, address, date of birth, Social Security number, medical and financial account numbers, and various medical records and imaging results. While no evidence of data misuse has been found yet, notification letters will be sent to affected individuals once the ongoing file review is complete.
In Illinois, Aunt Martha’s Health and Wellness fell victim to a ransomware attack detected on August 13, 2025. A forensic investigation determined a threat actor gained access a day earlier, exfiltrated sensitive data, and encrypted files. The organization rapidly contained the attack and successfully restored systems and data from backups without paying a ransom. Although no misuse of the compromised data has been found, the exposed information included categories such as name, address, birth date, medical condition, treatment, lab results, and potentially Social Security and driver’s license numbers. The affected individuals have been advised to remain vigilant as the file review continues.
Pulse Urgent Care Center in California, with locations in Redding and Red Bluff, identified a network security breach on March 24, 2025. The attack involved an unauthorized third party deploying malicious software, causing temporary IT system disruption. While network access and data were quickly restored from backups, an investigation confirmed on May 1, 2025, that some patient data had been exposed and may have been viewed or acquired. This data, which varies by individual, could include names, dates of birth, diagnoses, service dates, and treatment information. The center has since strengthened its web server infrastructure and implemented enhanced safeguards.
Finally, MyCardiologist (Cardiovascular Medicine Associates, PA) in South Florida detected a cyberattack on June 12, 2025, following the observation of suspicious activity in its email system. Investigators determined an unauthorized party had access to its environment from May 30 until the breach was blocked. The forensic review, which was comprehensive and time-consuming, confirmed that data was copied from the environment. Notification letters, which began mailing on October 7, 2025, specified the compromised data included names, addresses, dates of birth, clinical information, diagnoses, provider names, and Medicare numbers. As a precaution, the cardiology practice has offered affected individuals 24 months of complimentary credit monitoring and identity theft protection services.
Reference:
