Tag: healthcare
-
7 biggest healthcare security threats
Tags: access, ai, api, attack, breach, business, cloud, control, credentials, cyber, cyberattack, cybersecurity, dark-web, data, data-breach, email, endpoint, google, government, hacking, healthcare, HIPAA, infrastructure, injection, insurance, Internet, phishing, risk, security-incident, service, software, spam, sql, threat, tool, vulnerabilityCloud vulnerabilities and misconfigurations: Many healthcare organizations have adopted cloud services as part of broader digital transformation initiatives. As a result, patient health information (PHI) and other sensitive data is increasingly being hosted in vendor cloud environments.The trend has broadened attack surface at healthcare organizations, says Anthony James, vice president of products at Infoblox, especially…
-
Ukrainian emergency services and hospitals hit by espionage campaign using new AgingFly malware
Hackers have targeted Ukrainian hospitals and local government bodies in a new espionage campaign using a malware tool dubbed AgingFly, researchers say. First seen on therecord.media Jump to article: therecord.media/aging-fly-espionage-campaign-targets-ukraine-emergency-services
-
Cookeville Regional Medical Center hospital data breach impacts 337,917 people
A ransomware attack on Cookeville Regional Medical Center hospital (Tennessee) exposed data of 337,000 people after hackers stole 500GB of sensitive information from its systems. A ransomware attack on Cookeville Regional Medical Center (CRMC) in Tennessee led to a major data breach affecting about 337,000 people. The attack, carried out by the Rhysida group, involved…
-
From clinics to government: UAC-0247 expands cyber campaign across Ukraine
CERT-UA reports UAC-0247 targeting Ukrainian clinics and government bodies with malware stealing data from Chromium browsers and WhatsApp. CERT-UA has revealed a cyber campaign by the threat actor UAC-0247 targeting Ukrainian government entities and municipal healthcare facilities, including clinics and emergency hospitals. The operation between March and April 2026, used malware designed to steal sensitive…
-
Breach Roundup: Mr. Raccoon Wants Your Password
Tags: breach, china, data, data-breach, flaw, fortinet, healthcare, leak, password, phishing, ransomware, scamAlso, Eurail Breach, ChipSoft Hospital Disruptions, W3LL Phishing Takedown. This week, a Raccoon-linked actor hit help desks, Eurail exposed 308K users, Fortinet patched critical flaws, Pushpaganda scams, major data leaks hit healthcare and China, ransomware and phishing ops surged, and multiple breaches impacted firms and hospitals. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/breach-roundup-mr-raccoon-wants-your-password-a-31450
-
New AgingFly malware used in attacks on Ukraine govt, hospitals
A new malware family named ‘AgingFly’ has been identified in attacks against local governments and hospitals that steal authentication data from Chromium-based browsers and WhatsApp messenger. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-agingfly-malware-used-in-attacks-on-ukraine-govt-hospitals/
-
Signed software abused to deploy antivirus-killing scripts
A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endpoints, some in the educational, utilities, government, and healthcare sectors. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/signed-software-abused-to-deploy-antivirus-killing-scripts/
-
UAC-0247 Hits Hospitals, Governments With Browser and WhatsApp Data Theft
A surge of targeted cyberattacks was detected against local governments and municipal healthcare institutions particularly clinical and ambulance hospitals. The campaign has been attributed to threat cluster UAC-0247, known for advanced data theft, persistence, and lateral movement methods. The attack chain begins with well-crafted phishing emails that appear to discuss humanitarian aid proposals. These emails typically…
-
Lawsuit: AI Illegally Recorded Doctor-Patient Encounters
Patients Allege Health Entities Did Not Get Consent to Record Conversations. Proposed federal class action litigation alleges that two California healthcare organizations violated patient privacy in their use of an AI-enabled ambient tool that records, transcribes, and processes sensitive conversations between clinicians and patients without individuals’ consent. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/lawsuit-ai-illegally-recorded-doctor-patient-encounters-a-31408
-
What are the best practices for managing NHIs securely?
Why is NHI Management Crucial for Cloud Security? How can organizations protect machine identities effectively? Non-Human Identities (NHIs) have become integral to cybersecurity strategies. These machine identities play a significant role, especially in environments where cloud security is paramount. With sectors like financial services, healthcare, and DevOps relying heavily on the cloud, the importance of……
-
What are the best practices for managing NHIs securely?
Why is NHI Management Crucial for Cloud Security? How can organizations protect machine identities effectively? Non-Human Identities (NHIs) have become integral to cybersecurity strategies. These machine identities play a significant role, especially in environments where cloud security is paramount. With sectors like financial services, healthcare, and DevOps relying heavily on the cloud, the importance of……
-
What are the best practices for managing NHIs securely?
Why is NHI Management Crucial for Cloud Security? How can organizations protect machine identities effectively? Non-Human Identities (NHIs) have become integral to cybersecurity strategies. These machine identities play a significant role, especially in environments where cloud security is paramount. With sectors like financial services, healthcare, and DevOps relying heavily on the cloud, the importance of……
-
Can Agentic AI solutions be trusted for financial services?
How Secure Are Your Machine Identities in the Cloud? Have you ever wondered about the security measures in place to protect the machine identities your organization relies on? With the proliferation of cloud services across industries like financial services, healthcare, and travel, the importance of robust machine identity management has never been more evident. Understanding……
-
How does Agentic AI ensure compliance in healthcare?
What Role Does Non-Human Identities (NHI) Play in Securing Cloud Environments? Cybersecurity domain is continually evolving, and threats increasingly target gaps left by human oversight. Have you considered how Non-Human Identities (NHI) are becoming pivotal in mitigating these threats, especially within cloud environments? With machine identities become more prominent, their management proves crucial in strengthening……
-
How safe are NHIs in regulated industries
Can Non-Human Identities Securely Navigate the Complexities of Regulated Industries? Ensuring the safety of Non-Human Identities (NHIs) within regulated industries emerges as a paramount concern. NHIs, essentially machine identities, play a critical role in cybersecurity, particularly in sectors that are under stringent regulatory oversight, such as financial services, healthcare, and travel. These industries face unique……
-
RaaS Gang Anubis Claims Signature Healthcare Data Theft
Attackers Allege They Stole 2TBs of Patient Data, But Didn’t Encrypt IT System. Ransomware group Anubis claimed it stole 2 terabytes of patient data in an attack this week on Signature Healthcare. The Massachusetts health system is still diverting ambulance patients from its hospital and using paper charts while it continues to recover. First seen…
-
TDL 019 – The Psychology Behind a Cyber Breach and the Leaders Who Survive It – Nim Nadarajah
Tags: access, ai, apple, automation, breach, business, cctv, ceo, cio, ciso, cloud, computing, conference, control, corporate, crowdstrike, cve, cyber, cyberattack, cybersecurity, data, dns, edr, email, finance, firewall, governance, group, healthcare, incident, incident response, infrastructure, injection, insurance, Internet, jobs, law, LLM, metric, microsoft, msp, network, office, powershell, privacy, programming, psychology, risk, saas, service, siem, soar, soc, software, startup, strategy, supply-chain, switch, technology, threat, tool, training, usa, vulnerability, windows, zero-trustLeading Through the Cyber Abyss In Episode 019 of The Defender’s Log, host David Redekop sits down with Nim Nadarajah, CISO and Managing Partner of Critical Matrix, to explore the evolving landscape of cybersecurity leadership. From the “annual pilgrimage” of RSAC 2026 to the front lines of incident response, the conversation shifts from technical bits…
-
TDL 019 – The Psychology Behind a Cyber Breach and the Leaders Who Survive It – Nim Nadarajah
Tags: access, ai, apple, automation, breach, business, cctv, ceo, cio, ciso, cloud, computing, conference, control, corporate, crowdstrike, cve, cyber, cyberattack, cybersecurity, data, dns, edr, email, finance, firewall, governance, group, healthcare, incident, incident response, infrastructure, injection, insurance, Internet, jobs, law, LLM, metric, microsoft, msp, network, office, powershell, privacy, programming, psychology, risk, saas, service, siem, soar, soc, software, startup, strategy, supply-chain, switch, technology, threat, tool, training, usa, vulnerability, windows, zero-trustLeading Through the Cyber Abyss In Episode 019 of The Defender’s Log, host David Redekop sits down with Nim Nadarajah, CISO and Managing Partner of Critical Matrix, to explore the evolving landscape of cybersecurity leadership. From the “annual pilgrimage” of RSAC 2026 to the front lines of incident response, the conversation shifts from technical bits…
-
Ransomware attack on ChipSoft knocks EHR services offline across hospitals in the Netherlands and Belgium
Dutch healthcare IT firm ChipSoft suffered a ransomware attack, forcing services and its HiX platform offline, impacting hospitals and patients. ChipSoft, a major Dutch provider of EHR systems, was hit by a ransomware attack that forced it to take its website and digital services offline, disrupting access for hospitals, healthcare providers, and patients. EHR (Electronic…
-
Dutch hospitals face disruptions after ransomware attack on software provider ChipSoft
A ransomware attack on Dutch healthcare software vendor ChipSoft has forced the company to disable parts of its digital services used by hospitals and patients across the Netherlands, the national cybersecurity center for the healthcare sector said. First seen on therecord.media Jump to article: therecord.media/chipsoft-ransomware-attack-disrupts-dutch-hospitals
-
What to Know About CyberAv3ngers: The IRGC-Linked Group Targeting Critical Infrastructure
Tags: access, advisory, ai, attack, authentication, automation, backup, cctv, chatgpt, cisa, communications, compliance, control, credentials, crypto, cve, cyber, cybersecurity, data, data-breach, defense, detection, dns, email, exploit, finance, firewall, flaw, government, group, healthcare, infrastructure, intelligence, international, Internet, iot, iran, kev, leak, linux, malicious, malware, mitigation, mitre, monitoring, network, office, openai, password, radius, resilience, risk, router, service, siem, software, strategy, switch, technology, threat, tool, update, vpn, vulnerability, vulnerability-managementAn Iran-affiliated threat group has evolved from defacing water utility displays to deploying custom ICS malware and exploiting Rockwell Automation PLCs across multiple U.S. critical infrastructure sectors. Key takeaways: CyberAv3ngers is a state-directed threat group operating under Iran’s IRGC Cyber-Electronic Command. The U.S. Treasury sanctioned six named officials in February 2024 and the State Department…
-
Mythos and Like AI Tools Raise Stakes for Healthcare Cyber
Experts Warn of Faster and Higher Volume Attacks, Rising Patient Safety Worries. Emerging powerful AI tools – such as Anthropic’s new Claude Mythos – that are capable of autonomously identifying and exploiting software bugs in a flash could reshape the healthcare cyber landscape by accelerating attacks and raising the risk of widespread operational disruption, experts…
-
Healthcare IT solutions provider ChipSoft hit by ransomware attack
Dutch healthcare software vendor ChipSoft has been impacted by a ransomware attack that forced the company to take offline its website and digital services for patients and healthcare providers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/healthcare-it-solutions-provider-chipsoft-hit-by-ransomware-attack/
-
Weak at the seams
Tags: advisory, ai, attack, automation, business, cloud, compliance, control, crowdstrike, cybersecurity, data, data-breach, endpoint, exploit, finance, firewall, framework, healthcare, infrastructure, insurance, Internet, network, resilience, risk, service, supply-chain, technology, tool, update, vulnerability, windows, zero-dayThe normal choices are the dangerous ones: Consider the stack a typical large enterprise was running in 2024: One vendor for ERP and supply chain, another for perimeter enforcement, another for networking and another for endpoint protection. Standard choices, responsibly made. Within a twelve-month window, each of those categories experienced significant disruptions, from zero-day exploits…
-
Signature Healthcare Cyberattack Causes Service Disruptions, Treatment Delays
A Signature Healthcare cyberattack has disrupted critical hospital systems at Signature Healthcare and Signature Healthcare Brockton Hospital, affecting patient care, laboratory testing, pharmacy services, and administrative operations. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/signature-healthcare-cyberattack/
-
Weak at the seams
Tags: advisory, ai, attack, automation, business, cloud, compliance, control, crowdstrike, cybersecurity, data, data-breach, endpoint, exploit, finance, firewall, framework, healthcare, infrastructure, insurance, Internet, network, resilience, risk, service, supply-chain, technology, tool, update, vulnerability, windows, zero-dayThe normal choices are the dangerous ones: Consider the stack a typical large enterprise was running in 2024: One vendor for ERP and supply chain, another for perimeter enforcement, another for networking and another for endpoint protection. Standard choices, responsibly made. Within a twelve-month window, each of those categories experienced significant disruptions, from zero-day exploits…
-
Signature Healthcare hit by cyberattack, services and pharmacies impacted
Massachusetts’ Signature Healthcare diverts ambulances and cancels services after a cyberattack disrupts hospital operations and pharmacy access. The hospital Signature Healthcare in Brockton, Massachusetts, diverted ambulances and canceled some services after a cyberattack disrupted operations. Pharmacies couldn’t fill prescriptions, though urgent care and walk-in services remained open. Signature Healthcare Brockton Hospital is a non-profit community…
-
Storm-1175 Deploys Medusa Ransomware Within 24 Hours of Flaw Disclosure
Microsoft researchers have uncovered a fast-moving group, Storm-1175, launching high-speed Medusa ransomware attacks against healthcare and education sectors in the UK, US, and Australia by exploiting security flaws in as little as 24 hours. First seen on hackread.com Jump to article: hackread.com/storm-1175-hackers-24-hour-medusa-ransomware-flaw/
-
Iran”‘linked PLC attacks cause real”‘world disruption at critical US infra sites
Tags: access, advisory, apt, attack, automation, ciso, control, cyber, group, healthcare, infrastructure, iran, switch, threatA recurring Iranian playbook: The advisory linked the current campaign to a pattern of Iranian state-affiliated targeting of US industrial control systems. The authoring agencies have previously reported similar activity by CyberAv3ngers, affiliated with Iran’s Islamic Revolutionary Guard Corps Cyber Electronic Command, which compromised at least 75 Unitronics PLC devices across water, wastewater, and other…
-
Dutch healthcare software vendor goes dark after ransomware attack
ChipSoft’s website remains down but emails are functioning First seen on theregister.com Jump to article: www.theregister.com/2026/04/08/chipsoft_ransomware/