Three Healthcare Orgs Across the US Hit By Ransomware
Three healthcare organizations — Issaqueena Pediatric Dentistry (South Carolina), Enhabit Home Health & Hospice (Texas), and AltaMed Health Services (California) — have disclosed cybersecurity incidents consistent with ransomware-related compromise, highlighting how both direct providers and third-party platforms remain vulnerable. Issaqueena Pediatric Dentistry reported unauthorized access between Nov. 9–11, 2025, discovering the intrusion after files were encrypted with ransomware. The Interlock ransomware group claimed responsibility and alleged exfiltration of 118GB of data, suggesting extortion and potential leak pressure.
Meanwhile, Enhabit notified 22,552 patients after its business associate Doctor Alliance was breached via valid stolen credentials, exposing PHI including medical record numbers and clinical details. The incident is tied to the Kazu ransomware group, reinforcing how identity compromise remains a dominant entry path. AltaMed Health Services also confirmed a cyber incident that temporarily restricted access to systems — language commonly associated with ransomware operations. AltaMed indicated impacted data may include names, dates of service, and payment information, and has engaged law enforcement. Across all three cases, investigations are ongoing and breach scope is still being finalized, with some incidents not yet reflected in the HHS Office for Civil Rights (OCR) breach portal, demonstrating how disclosure often lags behind intrusion timelines.
These events reinforce the urgent need for healthcare to adopt unified ransomware defense across endpoint, identity, network, and third-party environments. A modern platform, like NIKSUN, that correlates credential anomalies, lateral movement signals, data access patterns, and outbound exfiltration traffic can stop ransomware earlier — either by blocking initial compromise or automatically isolating infected systems before PHI is stolen or operations are disrupted. In today’s healthcare threat landscape, ransomware resilience depends on full visibility, not siloed security tools. Read more about this story on our LinkedIn page
Meanwhile, Enhabit notified 22,552 patients after its business associate Doctor Alliance was breached via valid stolen credentials, exposing PHI including medical record numbers and clinical details. The incident is tied to the Kazu ransomware group, reinforcing how identity compromise remains a dominant entry path. AltaMed Health Services also confirmed a cyber incident that temporarily restricted access to systems — language commonly associated with ransomware operations. AltaMed indicated impacted data may include names, dates of service, and payment information, and has engaged law enforcement. Across all three cases, investigations are ongoing and breach scope is still being finalized, with some incidents not yet reflected in the HHS Office for Civil Rights (OCR) breach portal, demonstrating how disclosure often lags behind intrusion timelines.
These events reinforce the urgent need for healthcare to adopt unified ransomware defense across endpoint, identity, network, and third-party environments. A modern platform, like NIKSUN, that correlates credential anomalies, lateral movement signals, data access patterns, and outbound exfiltration traffic can stop ransomware earlier — either by blocking initial compromise or automatically isolating infected systems before PHI is stolen or operations are disrupted. In today’s healthcare threat landscape, ransomware resilience depends on full visibility, not siloed security tools. Read more about this story on our LinkedIn page