Veradigm, a Chicago-based healthcare technology company (formerly Allscripts), suffered a third-party data breach stemming from stolen credentials used to access its storage systems. Discovered on **July 1, 2025**, the incident traced back to unauthorized access in **December 2024**, exposing sensitive data of at least **65,000 individuals** across California, South Carolina, and Texas. Compromised information includes **names, dates of birth, Social Security numbers, driver’s license numbers, medical records, health insurance details, and payment data**. The breach originated from a security lapse at one of Veradigm’s customers, where attackers exploited weak credential protections. While the company has since reinforced security measures—such as stricter access controls and multifactor authentication—the incident underscores persistent vulnerabilities in third-party supply chains, particularly in healthcare, where stolen credentials remain a dominant attack vector. The exposure of **protected health information (PHI)** and financial data heightens risks of identity theft, fraud, and regulatory penalties under **HIPAA** and state privacy laws.
Source: https://www.kaseya.com/blog/the-week-in-breach-news-10-08-25/
TPRM report: https://www.rankiteo.com/company/veradigm
"id": "ver3292432100825",
"linkid": "veradigm",
"type": "Breach",
"date": "12/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '800+ organizations (including '
'Bank of America, JPMorgan '
'Chase, Verizon, AT&T, U.S. '
'Navy, U.S. Senate, NSA)',
'industry': 'Technology',
'location': 'North America',
'name': 'Red Hat',
'type': 'Technology Company'},
{'industry': 'Banking',
'location': 'USA',
'name': 'Bank of America',
'type': 'Financial Institution'},
{'industry': 'Banking',
'location': 'USA',
'name': 'JPMorgan Chase',
'type': 'Financial Institution'},
{'industry': 'Telecom',
'location': 'USA',
'name': 'Verizon',
'type': 'Telecommunications'},
{'industry': 'Telecom',
'location': 'USA',
'name': 'AT&T',
'type': 'Telecommunications'},
{'industry': 'Defense',
'location': 'USA',
'name': 'U.S. Navy',
'type': 'Government/Military'},
{'industry': 'Public Sector',
'location': 'USA',
'name': 'U.S. Senate',
'type': 'Government'},
{'industry': 'Defense',
'location': 'USA',
'name': 'National Security Agency (NSA)',
'type': 'Government/Intelligence'}],
'attack_vector': 'Unauthorized Access (Hacking)',
'data_breach': {'data_exfiltration': 'Yes (570GB compressed data)',
'sensitivity_of_data': 'High (includes data from banking, '
'telecom, and government entities)',
'type_of_data_compromised': ['Customer Engagement Reports '
'(CERs)',
'Repository Data (Source Code, '
'Documents, etc.)']},
'date_detected': '2023-10-02',
'date_publicly_disclosed': '2023-10-01',
'description': 'Red Hat confirmed that its consulting GitLab instance had '
'been compromised, allegedly affecting data from more than 800 '
'organizations across sectors such as banking, telecom, and '
'government. The cybercrime group Crimson Collective claimed '
'to have stolen 570GB of compressed data from over 28,000 '
'repositories, including Customer Engagement Reports (CERs) '
'tied to major organizations like Bank of America, JPMorgan '
'Chase, Verizon, AT&T, the U.S. Navy, the U.S. Senate, and the '
'NSA. Red Hat stated the breach was confined to its consulting '
'GitLab environment, but the group continues to share samples '
'of the allegedly stolen data, claiming the breach is larger '
'than initially assessed.',
'impact': {'brand_reputation_impact': 'High (due to involvement of major '
'organizations and government entities)',
'data_compromised': ['Customer Engagement Reports (CERs)',
'Repository Data (570GB compressed)'],
'identity_theft_risk': 'Moderate (depends on exposed data in '
'repositories)',
'operational_impact': 'Potential indirect exposure for 800+ '
'organizations linked to the compromised '
'GitLab instance',
'systems_affected': ['GitLab Instance (Red Hat Consulting)']},
'investigation_status': 'Ongoing (Red Hat assessing impact; Crimson '
'Collective continues to leak data)',
'lessons_learned': 'Major vendor breaches can indirectly expose partner '
'organizations. Security teams should assess shared '
'credentials, access permissions, and sensitive '
'infrastructure details to mitigate indirect exposure '
'risks.',
'motivation': 'Data Theft / Financial Gain (Presumed)',
'recommendations': ['Review third-party vendor security practices and access '
'controls.',
'Monitor for unauthorized access or data exfiltration in '
'shared environments.',
'Implement network segmentation to limit lateral movement '
'in case of breaches.'],
'references': [{'source': 'Cybersecurity News Report'}],
'response': {'communication_strategy': 'Public disclosure and ongoing '
'assessment',
'containment_measures': 'Isolated the breach to consulting '
'GitLab environment',
'incident_response_plan_activated': 'Yes (confirmed by Red Hat)'},
'stakeholder_advisories': 'Organizations linked to Red Hat Consulting advised '
'to review security postures.',
'threat_actor': 'Crimson Collective',
'title': 'Red Hat Consulting GitLab Instance Compromised',
'type': 'Data Breach'}