Dignity Health, St. Mary’s Medical Center and Clinical Registry Solutions: Clinical Registry Solutions Data Breach Exposes Sensitive Patient Data

Dignity Health, St. Mary’s Medical Center and Clinical Registry Solutions: Clinical Registry Solutions Data Breach Exposes Sensitive Patient Data

Cyberattack on Clinical Registry Solutions Exposes Patient and Employee Data

Brooklyn-based healthcare data management firm Clinical Registry Solutions (CRS) disclosed a data breach affecting patient information it maintained for St. Mary’s Medical Center, a Dignity Health hospital. CRS, which provides clinical data abstraction and registry support to healthcare providers, detected suspicious activity on its network on April 9, 2026, prompting an immediate investigation.

The company confirmed that an unauthorized party accessed its systems on the same day, acquiring files containing patient data from St. Mary’s Medical Center. According to CRS’s notification, the exposed information included names, medical record numbers, and procedure dates classified as both personally identifiable information (PII) and protected health information (PHI). The company clarified that Social Security numbers, diagnoses, and treatment plans were not part of the compromised patient data.

However, on May 6, 2026, the Akira ransomware group claimed responsibility for the attack via a Tor-based dark web posting, asserting it had exfiltrated 41 GB of data from CRS. The group’s claims extended beyond patient records, alleging the theft of employee PII including passports, driver’s licenses, and Social Security numbers as well as corporate documents, financial records, payment details, contracts, and non-disclosure agreements. The discrepancy between CRS’s disclosure and Akira’s claims remains unresolved.

CRS reported the breach to the California Attorney General and stated it found no evidence of misuse of the exposed data for fraud or identity theft. The company engaged Cyberscout (a TransUnion subsidiary) to manage breach notifications, sending letters to affected individuals with guidance on fraud alerts, credit freezes, and credit monitoring. A dedicated call center was established for inquiries, operating Monday through Friday from 8:00 a.m. to 8:00 p.m. EST.

The incident highlights the risks of third-party vendor breaches in healthcare, where sensitive data is often shared across multiple entities. While CRS has taken steps to mitigate the fallout, the full scope of the exposure particularly regarding employee and corporate records remains under scrutiny.

Source: https://www.claimdepot.com/data-breach/clinical-registry-solutions-2026

Dignity Health cybersecurity rating report: https://www.rankiteo.com/company/dignity-health

St. Mary's Medical Center, San Francisco cybersecurity rating report: https://www.rankiteo.com/company/st-mary's-medical-center-san-francisco

Clinical Registry Solutions cybersecurity rating report: https://www.rankiteo.com/company/clinical-registry-solutions

"id": "DIGST-CLI1781224155",
"linkid": "dignity-health, st-mary's-medical-center-san-francisco, clinical-registry-solutions",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'St. Mary’s Medical Center '
                                              '(Dignity Health)',
                        'industry': 'Healthcare',
                        'location': 'Brooklyn, New York',
                        'name': 'Clinical Registry Solutions (CRS)',
                        'type': 'Healthcare Data Management Firm'}],
 'attack_vector': 'Unauthorized access',
 'customer_advisories': 'Letters sent to affected individuals with guidance on '
                        'fraud alerts, credit freezes, and credit monitoring.',
 'data_breach': {'data_exfiltration': 'Yes (41 GB)',
                 'personally_identifiable_information': ['Names',
                                                         'Medical record '
                                                         'numbers',
                                                         'Procedure dates',
                                                         'Passports',
                                                         'Driver’s licenses',
                                                         'Social Security '
                                                         'numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Protected Health Information '
                                              '(PHI)',
                                              'Employee PII',
                                              'Corporate documents',
                                              'Financial records',
                                              'Payment details',
                                              'Contracts',
                                              'Non-disclosure agreements']},
 'date_detected': '2026-04-09',
 'description': 'Brooklyn-based healthcare data management firm Clinical '
                'Registry Solutions (CRS) disclosed a data breach affecting '
                'patient information it maintained for St. Mary’s Medical '
                'Center, a Dignity Health hospital. The breach involved '
                'unauthorized access to systems containing patient and '
                'employee data, with the Akira ransomware group later claiming '
                'responsibility and alleging exfiltration of 41 GB of data.',
 'impact': {'brand_reputation_impact': 'High',
            'data_compromised': '41 GB',
            'identity_theft_risk': 'High',
            'legal_liabilities': 'Potential',
            'payment_information_risk': 'High',
            'systems_affected': 'Clinical Registry Solutions network'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'Highlights risks of third-party vendor breaches in '
                    'healthcare, where sensitive data is shared across '
                    'multiple entities.',
 'motivation': 'Data exfiltration, Financial gain',
 'post_incident_analysis': {'corrective_actions': 'Breach notifications, '
                                                  'credit monitoring, fraud '
                                                  'alerts, credit freezes, '
                                                  'dedicated call center',
                            'root_causes': 'Unauthorized access to CRS '
                                           'systems'},
 'ransomware': {'data_exfiltration': 'Yes (41 GB)',
                'ransomware_strain': 'Akira'},
 'recommendations': 'Enhanced vendor security assessments, stricter access '
                    'controls, and improved monitoring for unauthorized '
                    'access.',
 'references': [{'source': 'Clinical Registry Solutions breach notification'},
                {'source': 'Akira ransomware group dark web posting'}],
 'regulatory_compliance': {'regulations_violated': ['HIPAA'],
                           'regulatory_notifications': ['California Attorney '
                                                        'General']},
 'response': {'communication_strategy': 'Letters to affected individuals, '
                                        'public disclosure',
              'containment_measures': 'Investigation initiated',
              'incident_response_plan_activated': 'Yes',
              'recovery_measures': 'Dedicated call center established',
              'remediation_measures': 'Breach notifications, credit '
                                      'monitoring, fraud alerts, credit '
                                      'freezes',
              'third_party_assistance': 'Cyberscout (TransUnion subsidiary)'},
 'threat_actor': 'Akira ransomware group',
 'title': 'Cyberattack on Clinical Registry Solutions Exposes Patient and '
          'Employee Data',
 'type': 'Data Breach, Ransomware'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.