Healthcare was the most frequently targeted industry. It is because of two reasons – one that it is a goldmine of sensitive data from patient health/treatment/diagnoses records to personal identifiable information (PII) like Social Security Numbers, addresses, and financial information.

Another reason why healthcare is a prime target of cybercrime groups, especially state-sponsored groups, is to conduct espionage, strategically disrupt operations of essential/emergency services, and steal scientific research data.

Here are the top 10 data breaches in healthcare (so far):

The top 10 data breaches in the healthcare sector 2026

1. Victim: Auforum AG

About

Auforum AG is a Switzerland-based provider of healthcare and rehabilitation supplies that include daily living aids, mobility aids, and care products.

What happened?

Auforum AG has become a victim of a ransomware attack for which the Quilin ransomware group has claimed responsibility through a post on a data breach forum.   

Impact

Over 74 GB of data has been compromised in the data breach. The nature of the data compromised is under investigation.

Source

2. Victim: Apex Spine & Neurosurgery

About

Apex Spine and Neurosurgery is a healthcare services provider that specializes in neurological treatment. It offers multiple options for treatment for patients in Atlanta and Georgia.

What happened?

Apex Spine and Neurosurgery became a target of a ransomware attack carried out by the Interlock ransomware group.

Impact

The data breach compromised over 12 GB of its sensitive data. The nature of the data compromised is under investigation.

Source

3. Victim: Cardiovascular Medical Group of Southern California

About

Cardiovascular Medical Group is a heart hospital that offers a range of specialized cardiovascular services and diagnostics. Their services include risk screening, consultation, and treatment-related services.

What happened?

CVMG became a victim of a ransomware attack that was orchestrated by the Shinobi ransomware group.

Impact

The data breach compromised CVMG’s data. The nature and quantity of data compromised is under investigation.

Source

4. Victim: Manage My Health

About

Manage My Health is a New Zealand-based software solution provider that helps people to stay connected with their healthcare providers through its online portal and mobile application.

What happened?

On 3rd January, Manage My Health reported that it discovered unauthorized access to its systems that could have compromised data.

Impact

The data breach compromised 400000 medical documents of 120000 patients, including sensitive data like hospital discharge summaries, referrals from specialists, and uploaded documents on the application.

Source

5. Victim: AZ Monica

About

AZ Monica is a Belgium-based healthcare services provider that offers services across Antwerp and Deurne.

What happened?

On January 13th, AZ Monica discovered unauthorized access to its systems. In response to the incident, it disconnected all its servers.

Impact

The cyber attack severely impacted the hospital’s operations, causing suspension of all scheduled procedures, disruption of its Emergency Department (MUG) and Intensive Care Unit (PIT), and postponement of all consultations. The nature and quantity of data stolen are under investigation.

Source

6. Victim: Call on Doc

About

Call-on-Doc is a telemedicine service provider that offers patients across the US care and consultation services from certified doctors for 150 conditions.

What happened?

Call-On-Doc reported that it became a victim of a ransomware attack in which attackers exfiltrated information belonging to its patients.

Impact

The data breach has compromised 1144223 patient records, including patient codes, names, transaction numbers, Email addresses, medical categories, phone numbers, medical conditions, services prescribed, and paid amounts.

Source

7. Victim: Mirra Healthcare

About

Mirra is a Florida-based healthcare provider that offers high-quality, easy-to-use, technology-driven products and services for providers and patients.

What happened?

Mira Healthcare LLC was suspended by the Florida Insurance Commissioner after it found that it had sent private medical information to unlicensed companies in the Philippines and India.

Impact

Private medical information of over 23000 Medicare Advantage members in Florida has been compromised.

Source

8. Victim: Hong Kong Hospital Authority

About

Hong Kong Hospital Authority is a supreme body that governs all the government hospitals and institutes in Hong Kong. It was established in 1990 and has over 43 public hospitals.

What happened?

The Hospital Authority’s monitoring system detected unauthorized access to patient information and a leak on a third-party platform.

Impact

The data breach has exposed patient data and personal data of over 56000 patients, including their names, genders, dates of birth, dates of visits, and surgical procedure details.

Source

9. Victim: UMMC – University of Mississippi Medical Center

About

University of Mississippi Medical Center, which is also known as Medical Center, offers patient-centered treatment and clinical services to the residents of Mississippi.

What happened?

UMMC became a victim of a ransomware attack. The medical center immediately engaged its incident response measures.

Impact

The ransomware attack caused disruption of the medical center’s services. The healthcare had to shift to manual processes, reschedule appointments, and cancel outpatient appointments.

Source

10. Victim: Minidoka

About

Minidoka Memorial Hospital is a Minidoka County-based not-for-profit hospital that was founded in 1960 to offer the residents of the county access to general and personalized healthcare services.

What happened?

On 5th April (Easter), Minidoka Memorial Hospital was hit by a cyber attack that impacted some of its systems and operations.

Impact

The cyber attack caused partial disruption of its imaging services and the transfer of emergency patients. The attackers have claimed to have stolen 576.6 GB of data.

Source

To be continued

We saw some of the most devastating data breaches in healthcare in 2026. Keep checking this space as we update our list of the top data breaches with a closer look at how they happened and their impact.

Note: Our list only highlights the breaches that have either occurred in 2026 or been reported/disclosed in 2026. All breaches reported in previous years, as of 2026, will be excluded from the list.