United Seating and Mobility experienced the largest single healthcare email breach in the first half of the year, exposing over 500,000 patient records. The attack targeted Microsoft 365, a common weak point in healthcare cybersecurity, where phishing or credential compromise was likely the entry vector. The breach highlights systemic vulnerabilities in healthcare IT, including ineffective DMARC protections (79% of breached organizations), reliance on human vigilance, and gaps in third-party vendor security. With healthcare breaches costing an average of $11 million per incident (IBM 2025), the exposure of sensitive patient data—including potential personal and medical histories—poses severe financial, reputational, and regulatory risks (e.g., HIPAA violations). The attack aligns with broader industry trends where 81% of breaches are classified as cyber attacks, often exploiting under-resourced IT teams and unpatched email security configurations. Staff negligence (e.g., bypassing secure messaging, underreporting phishing) further exacerbated the breach’s scale.

Numotion, a prominent U.S. supplier of wheelchairs and mobility equipment, has suffered a data breach affecting its entire customer base, compromising the personal information of over 494,000 individuals. Compromised data includes names, birth dates, financial details, medical data, and health insurance information, with some cases involving Social Security and driver's license numbers. The breach occurred through unauthorized email account access from September to November. Although there is no current evidence of data misuse, Numotion warns customers to monitor their accounts for fraud or identity theft risks. This breach follows a prior incident where over 600,000 individuals' data was stolen by the Black Basta ransomware gang.

Numotion reported a data breach involving unauthorized access to employee email accounts on several occasions between September 2, 2024, and November 18, 2024. The breach potentially exposed personal information, including names, but there is no indication that the information has been misused. The report was made available on January 22, 2025.

The Washington State Office of the Attorney General reported that United Seating and Mobility, L.L.C., d/b/a Numotion, experienced a ransomware cyberattack that was discovered on March 2, 2024. The breach potentially affected 35,143 individuals and involved the compromise of personal information, including names, Social Security numbers, and health insurance details. The reporting date for the breach was May 1, 2024.

Numotion Data Breach Settlement: Key Details on Compensation and Deadlines Medical equipment provider Numotion has agreed to a $4 million settlement following two data breaches in March and September 2024, which allegedly exposed sensitive customer information. The breaches prompted a class action lawsuit, with claims that the company failed to implement adequate security measures to prevent the incidents. Affected customers those who received breach notifications may be eligible for compensation, including: - Up to $15,000 for documented out-of-pocket expenses related to identity theft, fraud, or other financial damages. - Pro-rata cash payments if settlement funds remain after claims are processed. - Two years of free credit monitoring via CyEx Identity Defence Plus. - Two additional years of medical monitoring (for those whose Social Security numbers were exposed) through CyEx Medical Shield Pro. To qualify, claimants must submit a valid claim form with supporting documentation (e.g., receipts) by the March 18 deadline. The settlement does not include an admission of wrongdoing by Numotion. A final hearing is scheduled for April 2, after which eligible individuals may lose the opportunity to seek compensation. The settlement covers only those notified about the March or September 2024 breaches.

The Maine Office of the Attorney General reported a data breach involving Numotion on April 15, 2024. The breach occurred between February 29, 2024, and March 2, 2024, due to an external system breach (hacking), affecting a total of 4,190 individuals. The compromised information included personal details such as names, dates of birth, Social Security numbers, and employment information. In response, the company is offering 12 months of complimentary identity theft protection through Experian IdentityWorks Credit 3B.