Data Breach Notification
,
Data Security
,
Healthcare
Attacks Hit Hospitals, Clinics in California, Alabama and Colorado

Three healthcare organizations – including a California hospital and outpatient care provider, an Alabama cardiology practice, and a Colorado community health system, are notifying a total of more than 1.2 million individuals that their sensitive information was compromised in 2024 hacks.
See Also: Using the Netskope HIPAA Mapping Guide
The incidents are part of an ongoing, troubling spree of cybercriminal attacks hitting a wide variety of healthcare providers and their suppliers that end up affecting wide swaths of patients.
The largest of the breaches – affecting more than 569,000 individuals – was reported on Jan. 29 to Maine’s attorney general by NorthBay Healthcare, which operates two hospitals and multiple healthcare clinics in Solano County, Calif.
As of Tuesday, the NorthBay incident was not yet posted on the U.S. Department of Health and Human Services’ HIPAA Breach Reporting Tool website listing health data breach affecting 500 or more individuals.
NorthBay said it identified “suspicious activity” in its network on Feb. 23, 2024. The healthcare system said it coordinated with law enforcement and worked with a third-party cyber forensics firm to “confirm” the security of its systems and conduct an investigation into the incident.

The investigation found that an unauthorized third party gained access to some files on NorthBay’s systems between Jan. 11, 2024, and April 1, 2024. Information potentially compromised in the incident includes individuals’ names, date of birth, Social Security number, passport number, financial account number, medical information, biometric information, and health insurance information.
Also potentially affected are some individuals’ driver’s license number, state or other government-issued identification number, username and password, and credit or debit card number, including the expiration date, security code, and PIN.
An attorney representing NorthBay in its breach report did not immediately respond to Information Security Media Group’s request for additional details, including whether the compromise involved ransomware and why it took many months after the discovery of the incident for NorthBay to report the breach to regulators.
NorthBay in its breach notice said that it is enhancing its “technical security measures” in the wake of the incident. It is also offering 12 months of complimentary identity and credit monitoring to affected patients, but said it does “not believe” the information has been misused for fraud or identity theft.
River Region Cardiology Hack
Meanwhile, Alabama-based River Region Cardiology told federal regulators in a recent breach report that it is notifying 500,000 people of a hacking incident discovered in September.
Ransomware group BianLian on its dark web leak site claims to have published a large trove of the cardiology clinic’s data, including patient records, human resources and finance information, internal and external email correspondence, and various databases – with the rest of the stolen data “coming soon.” The cybercriminal gang claims it has 1.2 terabytes of River Region Cardiology’s data.
In a breach notice posted on its website, River Region Cardiology said that on Sept. 16, 2024, it detected unauthorized access to its system, which exposed patient information. “This breach was the result of a cyberattack against a remote connection utilized by a vendor of River Region Cardiology,” the practice said, not naming the third-party firm. “Upon discovery, we took the vendor offline to prevent further access to the systems.”
Affected information includes individuals’ name, Social Security number, date of birth, weight, height and sex.
“We are working diligently with cybersecurity experts to strengthen the security of our systems and prevent future incidents. Our investigation is ongoing, and we are cooperating with law enforcement and regulatory authorities to address the situation,” River Region Cardiology said.
The practice said in its breach notice that so far there is no indication that individuals’ data has been used maliciously.
River Region Cardiology did not immediately respond to ISMG’s request for additional details about the incident and for comment on Bian Lian’s darkweb claims.
Delta Health Attack
Colorado-based Delta County Memorial Hospital District – which operates a 49-bed hospital and other care facilities under the name Delta Health – reported to Maine’s attorney general on Jan. 31 that a hacking incident detected last May has affected more than 148,000 individuals.

Delta Health first reported the incident to federal regulators last July as affecting 501 individuals, a placeholder estimate.
In a breach notice posted on its website, Delta Health said that on May 30, 2024, it became aware of “suspicious activity” on it computer network.
The healthcare group said it notified law enforcement and immediately began an investigation with the help of outside cybersecurity experts.
The investigation determined that “an unknown, unauthorized third party” gained access to Delta Health’s network between May 27 and May 30, 2024, acquiring certain files from the entity’s systems.
Information affected varied for each individual but may have included name, address, telephone number, date of birth, Social Security number, driver’s license number, medical information, health insurance information, and financial account information.
Delta Health began mailing written notifications on July 29, 2024, to individuals whose personal information was involved in the incident and for whom Delta Health had a valid mailing address. “We finished mailing these written notifications on or about Jan. 31, 2025,” Delta Health said.
Delta Health did not immediately respond to ISMG’s request for additional details about the hacking incident.
In the Bull’s Eye
The reports of large healthcare breaches follows recent threat intelligence reports of cybercriminals increasingly targeting the health sector. Healthcare was the fourth most targeted sectors by ransomware groups last year, security firm GuidePoint said in a recent report.
Cybercriminal groups RansomHub, LockBit and BianLian – which claimed to be behind the attack on River Regional Cardiology – were the most active in the healthcare sector, GuidePoint said.
Healthcare sector victims were once considered “taboo” for ransomware groups due to the additional scrutiny that such attacks could garner from law enforcement, GuidePoint wrote.
“However, established groups have appeared emboldened to openly claim healthcare victims in 2024, possibly spurned by the success of Alphv’s alleged payment in the wake” of the Change Healthcare attack, GuidePoint wrote.
UnitedHealth Group – Change Healthcare’s parent company – admitted paying AlphV a $22 million ransom on the aftermath of the gang’s attack on the IT services firm. The attack on Change Healthcare affected 190 million individuals, by far an all-time record for health data breaches to date (see: Change Healthcare Now Counts 190 Million Data Breach Victims).