Healthcare and Information Security - Cyber Security Informer

Change Healthcare Breach Hits 100M Americans

Krebs on Security

OCTOBER 30, 2024

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. ” On Oct 22, the healthcare giant notified the U.S.

Healthcare

Healthcare Insurance Computers and Electronics Data breaches

Change Healthcare data breach impacted over 100 million people

Security Affairs

OCTOBER 25, 2024

The Change Healthcare data breach in the February 2024 impacted over 100 million, the largest-ever healthcare data breach in the US. UnitedHealth Group announced that the data breach suffered by Change Healthcare in February 2024 impacted more than 100 million individuals. Change Healthcare now provided an update to the U.S.

Data breaches

Data breaches Healthcare Cybercrime Insurance

Healthcare Now Third-Most Targeted Industry for Ransomware

SecureWorld News

NOVEMBER 14, 2024

Ransomware attacks on healthcare organizations have sharply increased in 2024, as shown by recent research from Safety Detectives. Compared to 2023, healthcare providers are facing a higher frequency of ransomware incidents, impacting their ability to deliver essential services and protect sensitive patient data. Louis, Missouri.

Healthcare

Healthcare Ransomware Identity Theft Data breaches

Change Healthcare data breach exposed the private data of over half the U.S.

Security Affairs

JANUARY 26, 2025

The Change Healthcare data breach is worse than initially estimated: approximately 190 million people have been affected. The Change Healthcare data breach is worse than initially estimated, the incident has impacted 190 million people. The incident impacted thousands of pharmacies and healthcare providers.

Healthcare

Healthcare Data breaches Insurance Cybercrime

NailaoLocker ransomware targets EU healthcare-related entities

Security Affairs

FEBRUARY 20, 2025

NailaoLocker ransomware is a new threat that targeted European healthcare organizations from June to October 2024. “The targeting of healthcare-related entities by state-aligned groups, including from China, is not new. Despite overlaps with known groups, Green Nailao remains unattributed. ” concludes the report.

Healthcare

Healthcare Ransomware VPN Malware

Information Security Manual (ISM)

Security Boulevard

JANUARY 20, 2025

What is the Information Security Manual (ISM)? The Information Security Manual (ISM) is a cybersecurity framework developed by the Australian Signals Directorate (ASD) to help organizations protect their IT and operational technology systems, applications, and data from cyber threats.

Information Security

Information Security Healthcare Cyber threats Government

Information Security Manual (ISM)

Centraleyes

JANUARY 20, 2025

What is the Information Security Manual (ISM)? The Information Security Manual (ISM) is a cybersecurity framework developed by the Australian Signals Directorate (ASD) to help organizations protect their IT and operational technology systems, applications, and data from cyber threats.

Information Security

Information Security Cyber threats Government Small Business

ConnectOnCall data breach impacted over 900,000 individuals

Security Affairs

DECEMBER 16, 2024

ConnectOnCall disclosed a data breach impacting over 900,000 individuals, exposing their personal information. ConnectOnCall is a telehealth platform and after-hours on-call answering service designed to enhance communication between healthcare providers and patients. concludes the notice.

Data breaches

Data breaches Identity Theft Healthcare Insurance

Black Basta ransomware gang hit BT Group

Security Affairs

DECEMBER 4, 2024

Black Basta has targeted at least 12 critical infrastructure sectors, including Healthcare and Public Health. The alert provides Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) obtained from law enforcement investigations and reports from third-party security firms. reads the CSA.

Ransomware

Ransomware Telecommunications Healthcare Insurance

2023 Anna Jaques Hospital data breach impacted over 310,000 people

Security Affairs

DECEMBER 8, 2024

The hospital revealed that the security breach exposed sensitive health data for over 316,000 patients. Anna Jaques Hospital is a not-for-profit community healthcare facility located in Newburyport, Massachusetts. On December 25, 2023, a ransomware attack hit the Anna Jaques Hospital.

Data breaches

Data breaches Insurance Healthcare Ransomware

RansomHouse gang claims the hack of the Loretto Hospital in Chicago

Security Affairs

MARCH 10, 2025

They provide healthcare services including: primary care, geriatric medicine, vision care, behavioral health services, pediatrics, womens health, pediatric medicine, family planning and dental services. healthcare providers surged in 2024, with 98 attacks compromising 117 million records. Ransomware attacks on U.S.

Hacking

Hacking Healthcare Backups Ransomware

Russia warns financial sector organizations of IT service provider LANIT compromise

Security Affairs

FEBRUARY 25, 2025

” NKTsKI recommends organizations to strengthen monitoring of threats and information security events in systems provided by LANIT. LANIT Group (Laboratory of New Information Technologies) is one of Russia’s largest IT service and software providers.

Telecommunications

Telecommunications Healthcare Software Technology

PTZOptics cameras zero-days actively exploited in the wild

Security Affairs

NOVEMBER 2, 2024

The company discovered the zero-day vulnerabilities in IoT live-streaming cameras, used in industrial operations, healthcare, and other sensitive environments. GreyNoise discovered the two flaws while investigating the use of an exploit detected by its LLM-powered threat-hunting tool Sift.

Firmware

Firmware Manufacturing IoT Healthcare

Memorial Hospital and Manor suffered a ransomware attack

Security Affairs

NOVEMBER 6, 2024

Memorial Hospital and Manor is a community hospital and healthcare facility that serves Decatur County and surrounding areas in southwest Georgia. It offers a range of healthcare services, including emergency care, inpatient and outpatient services, surgical care, and specialized medical services. Ransomware attacks on U.S.

Ransomware

Ransomware Healthcare Antivirus Data breaches

Russian Phobos ransomware operator faces cybercrime charges

Security Affairs

NOVEMBER 19, 2024

“According to the indictment, Ptitsyn facilitated the worldwide use of a dangerous ransomware strain to target corporations and various organizations, including government agencies, healthcare facilities, educational institutions, and critical infrastructure.

Cybercrime

Cybercrime Ransomware Healthcare Hacking

Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia

Security Affairs

NOVEMBER 29, 2024

and New Jersey, as well as organizations in the healthcare and other sectors nationwide. On or about May 27, 2022, the man and his Hive coconspirators allegedly hit a nonprofit behavioral healthcare organization in New Jersey. The attacks hit law enforcement agencies in Washington, D.C.

Ransomware

Ransomware Healthcare Hacking Malware

South African telecom provider Cell C disclosed a data breach following a cyberattack

Security Affairs

APRIL 13, 2025

healthcare providers surged in 2024, with 98 attacks compromising 117 million records. High-profile breaches include Change Healthcare (100M records), Summit Pathology (1.8M), OnePoint Patient Care (796K), and Boston Childrens Health Physicians (909K). Ransomware attacks on U.S.

Data breaches

Data breaches Unstructured Data Identity Theft Healthcare

CEO of cybersecurity firm charged with installing malware on hospital systems

Security Affairs

APRIL 26, 2025

” A statement published by the healthcare organization confirmed that on August 6, 2024, an unauthorized attempt to install malware on a hospital computer was quickly contained. . “When confronted by hospital staff, Bowie claimed he had a family member undergoing surgery and needed to use the computer.

Malware

Malware Cybersecurity Healthcare Media

Richmond University Medical Center data breach impacted 674,033 individuals

Security Affairs

JANUARY 3, 2025

Richmond University Medical Center (RUMC) is a healthcare institution based in Staten Island, New York. Richmond University Medical Center has confirmed that a ransomware attack in May 2023 affected 670,000 individuals. New York’s Richmond University Medical Center confirmed a May 2023 ransomware attack impacted 674,033 individuals.

Data breaches

Data breaches Ransomware Insurance Healthcare

Qilin ransomware gang now offers a “Call Lawyer” feature to pressure victims

Security Affairs

JUNE 22, 2025

The Qilin ransomware group has been active since at least August 2022 but gained attention in June 2024 for attacking Synnovis , a UK governmental service provider for healthcare. The group typically employs “double extortion,” stealing and encrypting victims’ data, then threatening to expose it unless a ransom is paid.

Ransomware

Ransomware DDOS Cybercrime Healthcare

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks

Security Affairs

DECEMBER 21, 2024

Hulea pleaded guilty to computer fraud conspiracy and wire fraud conspiracy on June 20 for his role in the NetWalker ransomware attacks against organizations worldwide, including healthcare during COVID-19. The man admitted to extorting 1,595 bitcoin (~$21.5M) in ransom payments. ” reads the press release published by DoJ.

Ransomware

Ransomware Healthcare Cryptocurrency Government

Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM

Security Affairs

DECEMBER 19, 2024

“While we found it to be popular with State, Local, and Education (SLED) and healthcare focused customers, luckily the internet exposure is fairly limited to around 15 instances.” Threat actors frequently target Fortinet devices, making it crucial for customers to update their installations promptly. ” concludes the report.

Wireless

Wireless Authentication Healthcare Education

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Security Affairs

NOVEMBER 2, 2024

Since mid-2022, threat actors shifted to targeted, manual attacks on high-value targets like government agencies, critical infrastructure, R&D, healthcare, and finance.

Firmware

Firmware Government Firewall Malware

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

The Last Watchdog

DECEMBER 18, 2024

And industries like healthcare face persistent targeting due to their outdated systems and high-value data. CISA updated its Secure by Design guidance, and the EUs Cyber Resilience Act and NIS2 added new requirements. Proactive collaboration and cyber risk quantification are key to ensuring operational resilience and security.

Cybersecurity

Cybersecurity CISO Risk Government

Healthcare services company Episource data breach impacts 5.4 Million people

Security Affairs

JUNE 18, 2025

Data breach at Healthcare services company Episource exposes personal and health data of over 5.4 A cyberattack on healthcare firm Episource led to a data breach exposing personal and health data of over 5.4 Healthcare organizations continue to be under attack. million people in major cyberattack. million individuals.

Data breaches

Data breaches Healthcare Insurance Marketing

Medusa Ransomware targeted over 40 organizations in 2025

Security Affairs

MARCH 7, 2025

Medusa demands ransoms from $100,000 to $15 million, victims are organizations in healthcare, non-profits, finance, and government sectors. The group targets known vulnerabilities, mainly in Exchange Server. The researchers speculate that the ransomware group relies on initial access brokers to access target infrastructure.

Ransomware

Ransomware Antivirus Healthcare Encryption

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

Security Affairs

JUNE 26, 2025

telecom and healthcare firms. (likely BreachForums )” West offered stolen data for sale at least 41 times and distributed it freely or for credits about 117 times, seeking over $2M and causing over $25M in damages. He accepted Monero for payment and was even listed as Forum-1’s owner from Aug 2024 to January 2025. His targets included U.S.

Cybercrime

Cybercrime Hacking Healthcare Accountability

Bitdefender released a decryptor for the ShrinkLocker ransomware

Security Affairs

NOVEMBER 13, 2024

Bitdefender observed an attack on a healthcare organization, where threat actors encrypted Windows 10, Windows 11, and Windows Server devices, including backups. However, the investigation revealed positive news: it’s possible to develop a decryptor and configure BitLocker to mitigate such attacks. The encryption process took just 2.5

Ransomware

Ransomware Encryption Passwords Backups

A cyberattack hit hospitals operated by Covenant Health

Security Affairs

JUNE 2, 2025

We are working to provide healthcare services as normal. In 2025, multiple cyberattacks targeted healthcare organizations in the U.S. healthcare providers surged in 2024, with 98 attacks compromising 117 million records. Patients are encouraged to keep all appointments. Ransomware attacks on U.S.

Healthcare

Healthcare Ransomware Hacking Cybersecurity

EU announced sanctions on three members of Russia’s GRU Unit 29155

Security Affairs

JANUARY 28, 2025

The threat actors targeted critical infrastructure sectors such as government, finance, transportation, energy, and healthcare. GRU Unit 29155 has been conducting cyber operations against NATO members, European countries, Latin America, and Central Asia. Since 2022, the unit focused on disrupting aid efforts for Ukraine.

Cyber Attacks

Cyber Attacks Government Healthcare Financial Services

Great Plains Regional Medical Center ransomware attack impacted 133,000 individuals

Security Affairs

NOVEMBER 18, 2024

The healthcare center discovered that a threat actor accessed and encrypted files on their systems between September 5, 2024 and September 8, 2024. On September 8, 2024, Great Plains Regional Medical Center (Oklahoma) suffered a ransomware attack. The experts believe that the attackers also copied some of those files.

Ransomware

Ransomware Insurance Encryption Healthcare

Omni Family Health data breach impacts 468,344 individuals

Security Affairs

OCTOBER 18, 2024

Omni Family Health is a nonprofit organization that provides healthcare services to communities in California, focusing on underserved populations. Omni Family Health aims to improve access to quality healthcare and address health disparities in the regions they serve.

Data breaches

Data breaches Healthcare Insurance Engineering

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

Security Affairs

JULY 24, 2025

Notable sectors touched by AI include: Healthcare: the healthcare sector is rapidly leveraging AI for personalized treatments and faster diagnoses. Finance: the finance industry is riddled with fraud and deceptive trading practices.

Marketing

Marketing Data privacy Cloud Migration Manufacturing

ChatGPT SSRF bug quickly becomes a favorite attack vector

Security Affairs

MARCH 18, 2025

.” reported Veriti “35% of companies analyzed were unprotected due to misconfigured Intrusion Prevention Systems in their NextGenFirewall or WebApplicationFirewall” Attacks also targeted financial and healthcare firms in Germany, Thailand, Indonesia, Colombia, and the UK. ” conclude the report.“Security

Government

Government Healthcare Authentication Hacking

Cloak ransomware group hacked the Virginia Attorney General’s Office

Security Affairs

MARCH 24, 2025

The group has extended its operations to countries in Asia and targets various sectors, including healthcare, real estate, construction, IT, food, and manufacturing.” . “Cloak primarily targets small to medium-sized businesses in Europe, with Germany as a key focus. ” reads a report published by Halcyon.

Ransomware

Ransomware Hacking Social Engineering Manufacturing

The Role of Differential Privacy in Protecting Sensitive Information in the Era of Artificial Intelligence

Security Affairs

MARCH 7, 2025

This article uses differential privacy in healthcare, finance, and government data analytics to explore the mathematical foundation, implementation strategies, and real-world applications of differential privacy. Data protection in healthcare, finance, and government requires differential privacy rather than pseudonymization.

Artificial Intelligence

Artificial Intelligence Healthcare Data privacy Banking

Yale New Haven Health (YNHHS) data breach impacted 5.5 million patients

Security Affairs

APRIL 24, 2025

Yale New Haven Health (YNHHS) disclosed a data breach that exposed personal information of 5.5 Yale New Haven Health System (YNHHS) is a nonprofit healthcare network headquartered in New Haven, Connecticut. It stands as the largest healthcare system in the state, encompassing a comprehensive array of medical services and facilities.

Data breaches

Data breaches Healthcare Hacking Cybersecurity

Rhysida Ransomware gang claims the hack of the Government of Peru

Security Affairs

MAY 3, 2025

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. According to the gangs Tor leak site, at least 182 companies are victims of the operation. The victims of the group are targets of opportunity.

Government

Government Hacking Ransomware Manufacturing

Port of Seattle ‘s August data breach impacted 90,000 people

Security Affairs

APRIL 5, 2025

The ransomware gang hit organizations in multiple industries, including education, healthcare, manufacturing, information technology, and government sectors. In September 2024, Port of Seattle confirmed that the Rhysida ransomware group was behind the cyberattack. The Rhysida ransomware group has been active since May 2023.

Data breaches

Data breaches Ransomware Cyber Attacks Manufacturing

McLaren Health Care data breach impacted over 743,000 people

Security Affairs

JUNE 23, 2025

.” The compromised information can include names, Social Security numbers, driver’s license numbers, health insurance details, and medical information. McLaren notified the Maine AGO that 743,131 individuals were impacted by the security incident.

Data breaches

Data breaches Insurance Identity Theft Ransomware

China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure

Security Affairs

MAY 26, 2025

Targeted organizations span critical sectors including healthcare, telecommunications, aviation, municipal government, finance, and defense across Europe, North America, and the Asia-Pacific region.” .” reads the post published by EclecticIQ. “The earliest observed exploitation activity dates back to May 15, 2025.

Mobile

Mobile Telecommunications Authentication Malware

Community Health Center data breach impacted over 1 million patients

Security Affairs

JANUARY 31, 2025

Community Health Center (CHC) data breach impacted over 1 million patients in Connecticut, the healthcare provider started notifying them. Community Health Center (CHC) is a leading healthcare provider based in Connecticut, offering primary care, dental, behavioral health, and specialty services.

Data breaches

Data breaches Healthcare Identity Theft Insurance

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure. Each year, the first week of March (March 2-8) is recognized as National Consumer Protection Week (NCPW).

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

BlackLock Ransomware Targeted by Cybersecurity Firm

Security Affairs

MARCH 26, 2025

Victims included organizations from different segments, including electronics, academia, religious organizations, defense, healthcare, technology, IT/MSP vendors, and government agencies. BlackLock Ransomware was named as one of the fastest-growing ransomware strains for today.

Ransomware

Ransomware Cybersecurity Healthcare Accountability

Change Healthcare Breach Hits 100M Americans

Change Healthcare data breach impacted over 100 million people

Trending Sources

Healthcare Now Third-Most Targeted Industry for Ransomware

Change Healthcare data breach exposed the private data of over half the U.S.

NailaoLocker ransomware targets EU healthcare-related entities

Information Security Manual (ISM)

Information Security Manual (ISM)

ConnectOnCall data breach impacted over 900,000 individuals

Black Basta ransomware gang hit BT Group

2023 Anna Jaques Hospital data breach impacted over 310,000 people

RansomHouse gang claims the hack of the Loretto Hospital in Chicago

Russia warns financial sector organizations of IT service provider LANIT compromise

PTZOptics cameras zero-days actively exploited in the wild

Memorial Hospital and Manor suffered a ransomware attack

Russian Phobos ransomware operator faces cybercrime charges

Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia

South African telecom provider Cell C disclosed a data breach following a cyberattack

CEO of cybersecurity firm charged with installing malware on hospital systems

Richmond University Medical Center data breach impacted 674,033 individuals

Qilin ransomware gang now offers a “Call Lawyer” feature to pressure victims

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks

Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

Healthcare services company Episource data breach impacts 5.4 Million people

Medusa Ransomware targeted over 40 organizations in 2025

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

Bitdefender released a decryptor for the ShrinkLocker ransomware

A cyberattack hit hospitals operated by Covenant Health

EU announced sanctions on three members of Russia’s GRU Unit 29155

Great Plains Regional Medical Center ransomware attack impacted 133,000 individuals

Omni Family Health data breach impacts 468,344 individuals

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

ChatGPT SSRF bug quickly becomes a favorite attack vector

Cloak ransomware group hacked the Virginia Attorney General’s Office

The Role of Differential Privacy in Protecting Sensitive Information in the Era of Artificial Intelligence

Yale New Haven Health (YNHHS) data breach impacted 5.5 million patients

Rhysida Ransomware gang claims the hack of the Government of Peru

Port of Seattle ‘s August data breach impacted 90,000 people

McLaren Health Care data breach impacted over 743,000 people

China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure

Community Health Center data breach impacted over 1 million patients

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

BlackLock Ransomware Targeted by Cybersecurity Firm

Stay Connected