Multiple Healthcare Data Breaches Expose Sensitive Patient Information Across U.S.
A series of cyberattacks targeting healthcare providers in 2025 and 2026 has compromised the personal and medical data of tens of thousands of patients nationwide.
Blue Fish Pediatrics (Texas)
In July 2025, Houston-based Blue Fish Pediatrics detected unauthorized access to its IT systems between July 11 and July 17. A forensic investigation revealed that threat actors accessed files containing sensitive patient data, including full names, dates of birth, Social Security numbers, driver’s license numbers, medical records, diagnoses, lab results, and treatment details. While the total number of affected individuals remains undisclosed, the Texas Attorney General reported that 41,485 Texas residents were impacted. Affected patients are being notified and offered complimentary credit monitoring if their Social Security numbers were exposed.
Cherry Health (Michigan)
Michigan’s largest non-profit Federally Qualified Health Center, Cherry Health, announced a breach on June 18, 2026, after detecting suspicious network activity on April 19, 2026. Unauthorized access led to the theft of patient data, including names, addresses, insurance details, and, in some cases, Social Security numbers. The organization has not reported any misuse of the stolen data but is implementing additional security measures. The full scope of the breach is still under review.
Coastal Carolina Centers of Urology and Surgery (South Carolina)
The Rivertown Surgery Center in Conway, South Carolina, reported a ransomware attack by the Qilin ransomware group, which accessed patient records on August 26, 2025. The breach exposed names and health records of 2,886 individuals, with the group posting stolen data on its dark web leak site on September 4, 2025. Notifications were sent to affected patients in May 2026.
Regence (Oregon)
Regence Blue Cross Blue Shield of Oregon disclosed a breach affecting 2,856 members after unauthorized actors accessed digital accounts between January 1 and April 15, 2026. The attackers redeemed wellness rewards for gift cards, potentially exposing account information. The incident was reported to federal authorities, though no further details on data exposure have been released.
These breaches highlight ongoing vulnerabilities in healthcare cybersecurity, with attackers targeting sensitive patient data across multiple states.
Source: https://www.hipaajournal.com/blue-fish-pediatrics-data-breach/
Coastal Medical cybersecurity rating report: https://www.rankiteo.com/company/coastal-medical
Cherry Health cybersecurity rating report: https://www.rankiteo.com/company/cherryhealthmi
"id": "COACHE1782138294",
"linkid": "coastal-medical, cherryhealthmi",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '41,485 Texas residents',
'industry': 'Healthcare',
'location': 'Houston, Texas, USA',
'name': 'Blue Fish Pediatrics',
'type': 'Healthcare Provider'},
{'industry': 'Healthcare',
'location': 'Michigan, USA',
'name': 'Cherry Health',
'size': 'Largest non-profit in Michigan',
'type': 'Federally Qualified Health Center'},
{'customers_affected': '2,886 individuals',
'industry': 'Healthcare',
'location': 'Conway, South Carolina, USA',
'name': 'Coastal Carolina Centers of Urology and '
'Surgery (Rivertown Surgery Center)',
'type': 'Healthcare Provider'},
{'customers_affected': '2,856 members',
'industry': 'Healthcare/Insurance',
'location': 'Oregon, USA',
'name': 'Regence Blue Cross Blue Shield of Oregon',
'type': 'Health Insurance Provider'}],
'attack_vector': ['Unauthorized Access', 'Ransomware'],
'customer_advisories': 'Patient notifications sent (Blue Fish Pediatrics, '
'Coastal Carolina Centers of Urology and Surgery, '
'Regence)',
'data_breach': {'data_exfiltration': 'Yes (Qilin ransomware group posted '
'stolen data on dark web)',
'number_of_records_exposed': ['41,485 (Blue Fish Pediatrics)',
'2,886 (Coastal Carolina '
'Centers of Urology and '
'Surgery)',
'2,856 (Regence)'],
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Full names',
'Dates of birth',
'Social Security numbers',
'Driver’s license numbers',
'Medical records',
'Diagnoses',
'Lab results',
'Treatment details',
'Addresses',
'Insurance details',
'Health records']},
'description': 'A series of cyberattacks targeting healthcare providers in '
'2025 and 2026 has compromised the personal and medical data '
'of tens of thousands of patients nationwide.',
'impact': {'data_compromised': 'Sensitive patient data, including personal '
'and medical information',
'identity_theft_risk': 'High'},
'investigation_status': 'Ongoing (Cherry Health), Under Review (Regence)',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Qilin'},
'references': [{'source': 'Texas Attorney General'},
{'source': 'Cherry Health Announcement'},
{'source': 'Qilin Ransomware Group Dark Web Leak Site'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to Texas '
'Attorney General (Blue '
'Fish Pediatrics), '
'federal authorities '
'(Regence)'},
'response': {'communication_strategy': 'Patient notifications',
'law_enforcement_notified': 'Reported to federal authorities '
'(Regence incident)',
'remediation_measures': 'Additional security measures (Cherry '
'Health), credit monitoring (Blue Fish '
'Pediatrics)'},
'threat_actor': ['Qilin ransomware group'],
'title': 'Multiple Healthcare Data Breaches Expose Sensitive Patient '
'Information Across U.S.',
'type': ['Data Breach', 'Ransomware']}