Two HIPAA-regulated organizations — Aligned Orthopedic Partners and Pivot Health — reported breaches originating within AWS-hosted environments in May 2026, consistent with S3 misconfiguration or IAM credential compromise patterns. These incidents, combined with a TridentLocker ransomware strike on the World Trade Center Health Program and a REDCap research platform compromise at UNMC, represent a cluster of healthcare-sector attacks with compounding HIPAA regulatory exposure across nine covered entities and business associates.