Three healthcare providers recently suffered significant data breaches, highlighting the diverse threats facing the industry. These incidents underscore the importance of robust cybersecurity measures, including insider threat protection, strong defenses against extortion attempts, and careful vetting of third-party vendors.
Stram Center for Integrative Medicine: Insider Attack Leads to Potential Payment Card Compromise
New York’s Stram Center for Integrative Medicine reported a security incident involving a former employee’s misuse of patient payment card information. The employee was arrested, and the center is cooperating with law enforcement. While the center is unaware of any other misuse, a review identified 15,263 patients whose data could have been accessed. Notification letters were sent to these individuals, advising them to monitor their financial accounts. Importantly, Stram Center stated, “no Social Security numbers were accessed by the employee.”
SSK Plastic Surgery: Extortion Attempt Following Data Breach
SSK Plastic Surgery in Newport Beach, California, fell victim to an extortion attempt after a data breach. The attackers obtained patient data, including names, addresses, phone numbers, email addresses, and limited health information. In some cases, images from virtual consultations, Social Security numbers, and driver’s license numbers were also compromised. The breach was confirmed on January 13, 2025. SSK Plastic Surgery has notified law enforcement and is working with cybersecurity experts. Affected individuals received notification letters and access to free credit monitoring. The exact number of affected individuals remains unclear.
The Grove at Valhalla Rehabilitation and Nursing Center: Third-Party Breach Exposes Patient Data
The Grove at Valhalla Rehabilitation and Nursing Center discovered a potential data breach involving one of its third-party vendors on September 19, 2024. The vendor’s incident, occurring around July 20, 2024, potentially exposed names, addresses, medical information, and, for some, Social Security numbers. 4,196 individuals were potentially affected, and notifications were mailed on January 28, 2025. The Grove has since taken steps to enhance its security practices.
Learn more about protecting your enterprise from similar threats by reading our comprehensive guide on Top Cyber Threats Facing Enterprise Businesses in 2025.
