Telehealth Security Risks: Data Breaches and Ransomware Threaten Patient Privacy

Severity: High (Score: 69.5)

Sources: Kaspersky, Brecorder

Summary

On World Health Day 2026, Kaspersky reported significant cybersecurity risks associated with telehealth services. Medical data breaches are increasingly common, with sensitive records being leaked and traded on the dark web. Recent incidents include the exposure of over 120,000 patient records from the Manage My Health portal and a ransomware attack on SimonMed Imaging that compromised over a million records. Attackers exploit vulnerabilities in telemedicine platforms, leading to disruptions in healthcare services. Scammers are also evolving their tactics, creating fake medical websites to harvest personal information from patients. The rise of AI has facilitated the creation of these fraudulent sites, making it critical for users to verify healthcare providers and use trusted security solutions. The healthcare sector's security model has not kept pace with the rapid adoption of digital services, highlighting the urgent need for improved defenses. Key Points: • Telehealth services are increasingly targeted by cybercriminals, leading to significant data breaches. • Recent attacks have exposed sensitive medical records of over 1 million patients. • Users must be vigilant against phishing scams and fake medical websites to protect their data.

Key Entities

• Data Breach (attack_type)
• Malware (attack_type)
• Phishing (attack_type)
• Ransomware (attack_type)
• Cerebral (company)
• Change Healthcare (company)
• Manage My Health (company)
• SimonMed Imaging (company)
• UnitedHealth Group (company)
• Healthcare (industry)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1486 - Data Encrypted for Impact (mitre_attack)
• T1566 - Phishing (mitre_attack)
• T1567 - Exfiltration Over Web Service (mitre_attack)
• BlackCat (ransomware_group)