"On December 8, 2024, DataBreaches reported that Watsonville Community Hospital in California was continuing to respond to what they referred to as a cyberattack on November 29. No gang had claimed responsibility at that point, patients hadn't been notified yet, and the hospital wasn't stating whether the attack involved encryption of any files. Weeks later, and in a substitute notice posted on December 31, 2024, they noted that patients' name, date of birth, Social Security number, passport number, and diagnosis information may have been present in files that had been accessed in a "recent data security event" that was still under investigation. The hospital did not confirm or deny whether this was a ransomware attack."
"But even before the substitute notice was posted, threat actors known as Termite had added the hospital to its dark web leak site on December 11, 2024. Termite's leak site was last updated on January 8, 2025, and their proof of claims included personnel data and patient data. By March 21, 2025, there was still no public indication that the hospital had notified patients or HHS, and employees were reporting becoming victims of tax refund fraud. Email inquiries DataBreaches submitted to the hospital in March went unanwered, and the hospital did not issue any update to its substitute notice, even after Termite leaked what it claimed was the hospital's data in July 2025."
"Then on October 1, 2025, the "Sinobi" group added the hospital to their leak site, with a breach date of August 9, 2025. They claimed that they had encrypted files and had 13 GB of data. Sinobi subsequently leaked the data. The data do not match the description of data in the Termite incident, and many of the files leaked by Sinobi are from March 2025, which was after the November 2024 incident. DataBreaches was unable to access Termite's data leak as the server was not available at this time."
Watsonville Community Hospital experienced a reported cyberattack on November 29, 2024, and issued a substitute notice on December 31, 2024, noting potential exposure of patients' names, birth dates, Social Security numbers, passport numbers, and diagnosis information. Threat actors named Termite added the hospital to a dark web leak site on December 11, 2024, with proof claims and an update through January 8, 2025. The hospital had not publicly notified patients or HHS by March 21, 2025, and employees reported tax refund fraud. Termite later claimed a July 2025 leak but its server was inaccessible. A separate group, Sinobi, later claimed encryption and leaked different data dated March and August 2025, indicating multiple or distinct incidents and preventing a definitive conclusion about Termite's continued access.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]