Advertising software program and providers firm Cierant Company and legislation agency Zumpano Patricios have independently disclosed knowledge breaches, every impacting greater than 200,000 people.
What the Cierant and Zumpano Patricios incidents have in widespread is that the variety of impacted individuals was dropped at gentle in current days by the healthcare knowledge breach tracker maintained by the US Division of Well being and Human Companies (HHS).
The Zumpano Patricios breach impacts almost 280,000 people. The legislation agency, which has places of work in a number of main US cities, is representing healthcare suppliers in disputes with medical insurance corporations over medical service funds to sufferers.
Zumpano Patricios is informing impacted people that it had detected an intrusion in its IT community on Could 6, 2025, however couldn’t decide the date and time of preliminary entry.
An investigation revealed that the hackers accessed and presumably exfiltrated recordsdata containing data resembling affected person identify, date of delivery, Social Safety quantity, supplier identify, well being insurer data, dates of service, and quantities charged by the supplier and funds they acquired.
It’s unclear if the legislation agency was focused in a ransomware assault — no recognized risk group has taken credit score for the intrusion.
Within the case of Cierant, the HHS knowledge breach tracker reveals that greater than 232,000 persons are impacted.
In a knowledge incident discover, the corporate revealed that it was focused in late 2024 within the assaults by which the infamous Cl0p ransomware group exploited vulnerabilities in Cleo file switch merchandise to achieve entry to the recordsdata of organizations that had been utilizing the impacted functions.Commercial. Scroll to proceed studying.
Cl0p focused dozens of organizations by these vulnerabilities, and in some circumstances the victims had been corporations offering providers to healthcare organizations. Some incidents have impacted a major variety of individuals.
Cierant was listed on Cl0p’s leak web site as a sufferer of the Cleo assault in early February. The cybercriminals in some unspecified time in the future claimed that the stolen recordsdata had been made public, however SecurityWeek was unable to confirm these claims.
Cierant, which had used Cleo’s VLTrader device, mentioned the compromised recordsdata saved private and well being knowledge processed on behalf of third-party well being plans.
“The kinds of private data that will have been concerned fluctuate by particular person and may embody the next: identify, deal with, date of delivery, treatment-related dates, a generic description of providers acquired, supplier identify, medical document quantity, well being plan beneficiary quantity, claims quantity, and/or plan member account quantity, premium data,” Cierant mentioned.
Lots of the healthcare knowledge breaches that got here to gentle in current months impacted lots of of 1000’s and even thousands and thousands of people.
Associated: 1.4 Million Affected by Knowledge Breach at Virginia Radiology Follow
Associated: Anne Arundel Dermatology Knowledge Breach Impacts 1.9 Million Folks
Associated: Compumedics Ransomware Assault Led to Knowledge Breach Impacting 318,000
