As cyberattacks continue to target healthcare providers, the risks and consequences are growing. This edition covers the latest ransomware incidents, what they mean for patient data security, and how cyber insurance is becoming a critical tool in healthcare’s defense strategy.
Over 1.1 Million Patients Caught in Ransomware Attacks on Maryland and California Healthcare Systems
It happened again. Two healthcare providers, Frederick Health in Maryland and Dameron Hospital in California, were hit with ransomware attacks that exposed the data of more than 1.1 million patients. And that’s not all; hackers claim they stole 480 GB of sensitive files.
Frederick Health reported its breach on March 28 after discovering a ransomware attack on January 27. That attack affected more than 934,000 people.
The hackers got into its systems, copied files from a shared server, and slipped out with patient data. Names, Social Security numbers, driver’s license numbers, medical record numbers, insurance details—you name it.
Frederick Health said it jumped into incident response right away. Systems were locked down. Law enforcement got involved. An outside forensics team stepped in. But despite the fast response, the data was already gone.
Meanwhile, a ransomware gang called RansomHouse took credit for an earlier attack on Dameron Hospital. That breach, reported on April 2, exposed nearly 211,000 people. The group claimed it encrypted Dameron’s systems last November and leaked part of the 480 GB it stole.
Here’s where it gets messy. Dameron Hospital said it discovered the breach on November 5, 2023. But it didn’t finish reviewing the data until March 21, 2025 and didn’t notify patients until April 2. That’s 15 months later.
Under HIPAA rules, healthcare organizations have 60 days to notify affected individuals after discovering a breach. Fifteen months raises questions. Dameron hasn’t explained why it waited that long. And yes, ransomware attacks like these count as reportable breaches.
Both breaches exposed a wide range of information. Depending on the person, that could include names, birth dates, Social Security numbers, government IDs, credit card numbers, insurance details, and medical records.
It’s the kind of data criminals trade, sell, and use for fraud.
Incident Response: Still Falling Short
You’d think by now healthcare organizations would be ready for this. And yet, a recent report paints a different picture. In a survey of 1,000 organizations, including healthcare providers, here’s what was found:
- 98% of organizations said they have a cyber crisis response plan;
- 78% said they’ve integrated that plan into their overall crisis management;
- But 71% still experienced at least one incident that shut down critical operations last year;
- 24% had more than one such incident;
- Only 70% update their playbooks on a monthly or quarterly basis;
The point is, having a plan isn’t enough. There’s a big gap between what organizations think they’re ready for and what actually happens when they’re under attack.
And we can’t stress this enough. You don’t want to be figuring this out in the middle of an attack. Cybercriminals aren’t slowing down. The healthcare sector remains a prime target. Sensitive data keeps getting exposed, and recovery costs keep climbing.
All things considered, if your organization hasn’t reviewed its ransomware defenses, response playbooks, and notification procedures lately, it’s time to start now.
Ransomware Hits Three More Healthcare Providers, Exposing Sensitive Patient Data
In another wave of ransomware attacks, three organizations—DaVita, Bell Ambulance, and Alabama Ophthalmology Associates—reported breaches that exposed sensitive data. These incidents are a reminder that healthcare organizations remain a prime target for cybercriminals.
DaVita, a global dialysis provider operating around 3,000 outpatient centers, discovered a ransomware attack on April 12.
According to an incident response page, the attack encrypted “certain on-premises systems.” DaVita has shifted to contingency plans and manual processes to continue patient care, both in its centers and for patients receiving care at home.
So far, no ransomware group has publicly claimed responsibility.
Bell Ambulance in Milwaukee reported a “data security incident” on April 14.
The company first detected the issue on February 13, later confirming that an unauthorized individual had accessed its network. The Medusa ransomware group has claimed responsibility for the attack.
In its disclosure, Bell Ambulance explained that the review is ongoing, but so far, the compromised information may include names, birth dates, Social Security numbers, driver’s license numbers, financial account details, medical information, and health insurance data.
The company responds to over 120,000 ambulance calls each year across Wisconsin, making the breach significant in scope.
Alabama Ophthalmology Associates announced a separate attack on April 10.
The organization discovered the breach on January 30 and launched an investigation shortly after. That investigation found that an intruder gained access to patient data between January 22 and January 30.
According to a press release, the compromised information may include names, addresses, dates of birth, driver’s license details, Social Security numbers, medical records, and insurance information.
Not every patient had every type of data exposed, but the breach still raises serious concerns. The BianLian ransomware group claimed responsibility for the attack in February.
Together, these three breaches have affected hundreds of thousands of people.
Data from the U.S. Department of Health and Human Services shows that Bell Ambulance’s breach impacted 114,000 individuals, while Alabama Ophthalmology Associates’ breach affected 131,576 individuals.
So far this year, the HHS breach tracker has recorded 194 data breaches across healthcare organizations. The trend is hard to ignore. Patient data continues to be highly valuable to cybercriminals because of its sensitivity and because attackers believe it increases their chances of getting paid quickly.
The point is, healthcare organizations can’t afford to assume they’re safe. Each breach carries real consequences for patients and providers alike.
How Healthcare Organizations Can Use Cyber Insurance as Part of a Comprehensive Defense Strategy
Healthcare organizations continue to face relentless cyber threats. Ransomware attacks, data breaches, and system disruptions are now a daily reality for providers large and small.
The stakes are uniquely high in healthcare, where a cyberattack can compromise patient safety, disrupt care delivery, and expose sensitive health information.
While strong cybersecurity practices are essential, many healthcare organizations are also turning to cyber insurance as part of a broader strategy to manage these risks. But insurance is not a replacement for cybersecurity—it’s a complement to it.
When used effectively, cyber insurance can help healthcare organizations recover from an attack, mitigate financial losses, and improve their security posture over time.
In 2024, the global average cost of a cyber incident rose to $4.88 million, pushing the average cost for US organizations up to $9.36 million.
For healthcare providers, these costs include more than just IT recovery. Regulatory fines, legal expenses, loss of revenue from operational downtime, patient notification efforts, and damage to reputation can quickly multiply the financial impact.
Unfortunately, ransomware attacks targeting healthcare are not slowing down.
The nature of healthcare operations, which relies on electronic records, medical devices, and interconnected systems, makes this sector especially vulnerable. And for many organizations, the consequences go beyond finances: patient trust and safety are directly at stake.
Cyber insurance helps healthcare organizations manage the financial fallout of an attack. Policies can cover expenses such as:
- Incident response and forensic investigation costs
- Regulatory penalties and compliance costs
- Legal defense and liability settlements
- Notification and credit monitoring for affected patients
- Business interruption and revenue loss
While most large health systems now carry cyber insurance, many smaller hospitals, clinics, and specialty practices remain uninsured or underinsured. Yet it’s often these smaller providers, without extensive IT resources, who face the greatest difficulty recovering from a breach.
Besides providing a financial safety net, many insurers also offer proactive services, such as risk assessments, staff training resources, and access to vetted cybersecurity vendors.
For healthcare providers operating with limited budgets, these added services can strengthen defenses while keeping costs more manageable.
Healthcare organizations seeking cyber insurance may encounter some obstacles. Due to the rising number of claims in the healthcare sector, insurers are tightening requirements.
Policies may have:
- Higher premiums for organizations with weaker cybersecurity controls
- Coverage exclusions if basic security measures are missing
- Lower limits or sublimits for certain attack types (like ransomware)
For smaller healthcare providers, meeting insurer expectations can feel daunting. But improving security is not only critical for coverage but it directly reduces the likelihood and impact of an attack.
Healthcare providers don’t need to overhaul their cybersecurity overnight. It is a good idea to take targeted, incremental steps to improve your defenses and eligibility for better insurance coverage.
Your priorities should include:
- Implementing phishing-resistant multifactor authentication (MFA), since many breaches begin with stolen credentials
- Regularly updating systems and software to address existing security gaps.
- Conducting regular vulnerability assessments and penetration tests to identify weak points before attackers do
- Providing ongoing staff training on phishing and security awareness, since human error remains a leading cause of breaches
- Developing and testing an incident response plan so teams are prepared to act quickly under pressure
In addition, healthcare organizations should work with insurers who provide proactive risk management support, helping align coverage requirements with achievable security goals.
Staying ahead of cyber threats requires both awareness and timely action. To explore how Infoguard Cybersecurity can help strengthen your organization’s defenses, visit our website.
If you found this newsletter valuable, please consider forwarding it to colleagues or peers in your network who may benefit from these insights.
Best regards,
