Several organizations have recently reported cybersecurity incidents, including Lake Washington Vascular, Topy America, HealthRev Partners, and St. Charles County Ambulance District. Additionally, a mobile device theft has impacted Roswell Park Comprehensive Cancer Center.

Lake Washington Vascular Breach

Lake Washington Vascular, a medical facility in Bellevue, Washington, experienced a ransomware attack on February 14, 2025. The attack was detected early in the morning, prompting a swift response from the technology team, which managed to halt the attack before it could fully encrypt the systems. Despite this, the ransomware managed to encrypt electronic health records and management systems.

The Qilin ransomware group took responsibility for the attack, demanding a ransom. However, Lake Washington Vascular restored its systems using secure off-site backups, avoiding the need to pay the ransom. An investigation revealed that the data of 21,534 patients might have been compromised, including personal and medical information, though financial data remained secure.

Roswell Park Device Theft

In Buffalo, New York, Roswell Park Comprehensive Cancer Center reported that a mobile phone belonging to an employee was stolen in late October 2024. Although systems were in place to disable the device, an investigation revealed that a Roswell Park email account was accessible via the Microsoft Outlook app on the phone.

While no evidence of unauthorized access was found, the possibility of data exposure could not be ruled out. Exposed information included patient names, medical record numbers, and treatment details. Roswell Park is enhancing security measures and retraining staff to prevent future incidents.

Topy America Network Intrusion

Topy America Inc., based in Frankfort, Kentucky, discovered unauthorized access to its network on January 13, 2025. The breach, which occurred between December 8, 2024, and January 11, 2025, involved the copying of files containing sensitive employee and beneficiary information.

Compromised data included personal details, Social Security numbers, and health plan information. Affected individuals were notified on March 14, 2025, and offered credit monitoring services. Topy America has since strengthened its data security measures.

St. Charles County Ambulance District Incident

The St. Charles County Ambulance District in Missouri reported a security breach on January 17, 2025. An unauthorized user accessed a single account in a sophisticated malware attack. Although the threat was quickly neutralized, sensitive data was potentially exposed.

Exposed information included personal and treatment details of individuals who received services from the district. Affected parties have been offered identity theft protection, and security policies have been reviewed and enhanced.

HealthRev Partners Email Breach

HealthRev Partners, located in Ozark, Missouri, detected unauthorized access to employee email accounts on February 20, 2025. The breach involved protected health information of 1,446 patients. Immediate measures were taken to secure the accounts and notify affected individuals.

Learn more about zero-day vulnerabilities and how to protect your organization in our detailed Research section.

The link has been copied!