A new wave of ransomware and data breach incidents have been disclosed regarding multiple U.S. healthcare providers, including Glendale Obstetrics & Gynecology (Arizona), Lymphedema Therapy Specialists (Texas), and City Health (California). Glendale Obstetrics suffered a ransomware attack linked to the SafePay group, with sensitive data — ranging from SSNs to medical and insurance information — later leaked on the dark web. Lymphedema Therapy Specialists confirmed unauthorized access to its network, exposing similar patient and employee data to the INC Ransom group. Meanwhile, City Health reported a breach where attackers accessed names, insurance providers, and procedure codes.

A key pattern across these incidents is delayed detection and prolonged forensic investigation timelines. Glendale’s breach, for example, wasn’t fully analyzed until months after the initial intrusion (which occurred back in October 2025), with patient notifications thereafter This lag between compromise, investigation, and disclosure significantly increases exposure risk, especially in healthcare environments governed by HIPAA and strict breach notification requirements. In City Health's case, attackers maintained access for over a week — long enough to exfiltrate sensitive data.

The solution is a unified cybersecurity platform, such as NIKSUN, that combines network visibility, log analytics, and full-packet capture into a single data lake, enabling real-time detection and rapid forensic investigation. By correlating L2–L7 network traffic, user activity, and logs, organizations can identify unauthorized access instantly, trace lateral movement, and reconstruct exactly what data was accessed — critical for both incident response and HIPAA compliance. With AI-driven threat detection and automated response workflows, healthcare providers can drastically reduce dwell time, stop ransomware before exfiltration occurs, and maintain a complete audit trail. Read more about this story on our LinkedIn page