Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Healthcare. Show all posts
Industrial Cybersecurity Risks
AI-Driven Ransomware Banking Cyber Threats Cybercrime In India Cybersecurity In India Data Breach Digital Security Challenges Healthcare Industrial Cybersecurity Risks

Healthcare, Banking and Industry in India Struggle Amid Rising Cyber Attacks

 


The Indian economy today stands at a crossroads of a profound digital transformation, in which technology has seamlessly woven its way into the fabric of everyday life, in both cities and remote villages. Smartphones and internet connectivity are transforming the way people live, work and transact around the country.

UPI powered digital banking, e-commerce, and the widespread shift toward remote work have all contributed to the rapid evolution of the country into a digital first economy. However, behind the impressive progress made in the past few years, there is a darker reality: cyberattacks that threaten to undermine the very foundations of this transformation. In the healthcare, banking, and industrial sectors, as digital tools become increasingly commonplace, they are also facing unprecedented security challenges. 

As a consequence, the healthcare industry, as well as its associated industries, has emerged as one of the most vulnerable frontlines in the world, with numerous high-profile cyber incidents demonstrating how a cyber incident can threaten the safety of patients, disrupt crucial services, and undermine public trust. 

A chief information security officer (CISO) is responsible for safeguarding critical systems and sensitive data, even though they must deal with legacy infrastructure, shortages of workforce, and rapidly evolving threats all while struggling to protect their critical systems and sensitive data. 

Despite the benefits of artificial intelligence as a means of alleviating operational burdens, it also brings with it complex security demands, which makes cyber leaders a priority to ensure resilience in the future. In a rapidly emerging world filled with increasing risks, cybersecurity is no longer an optional skill but rather a necessity—a crucial tool for professionals, organisations, and citizens alike as India advances in its digital revolution. 

India's critical sectors are experiencing a surge in cyberattacks, with an average of 4.1 million attacks occurring in the financial services industry, insurance industry, banking industry, and healthcare industry between January and June 2025. In spite of the fact that India remained the primary target, countries such as the United States, France, Singapore and Germany all contributed to this wave of malicious activities. 

A wide range of vulnerabilities, ranging from system flaws to employee accounts, were exploited, testing the resilience of digital infrastructure. Insurers, which depend heavily on consumer data, have experienced threefold increases in the number of vulnerabilities exploited, as well as 350 per cent increases in distributed denial-of-service (DDoS) attacks. 

It has emerged that Application Programming Interfaces (APIs), often overlooked yet central to digital ecosystems, have become a major weak point, with targeted attacks soaring by 126 per cent and DDoS attacks soaring by 3per cent. Even though supply chains and production systems are increasingly vulnerable, the manufacturing and industrial sectors have been hit hard. 

Overall breaches increased by 31 per cent, including a staggering increase of 427 per cent in DDoS attacks, highlighting the need to protect these systems. There was also an increase of 46 per cent in employee-focused attacks and 17 per cent in politically motivated disruptions, and that resulted in increased DDoS activity of 1 per cent during peak operations during the financial year. 

Even though smaller businesses often have limited resources, they have not been spared—attacks against their websites have gone up by 202 per cent, while cloud-based intrusions have increased seventy-fourfold during this period. There has been a surge in attacks on the healthcare sector, which have risen by 247 per cent, posing a grave threat to patient data and life-critical hospital services. 

Despite being viewed as low-hanging fruit for cybercriminals, retail and e-commerce platforms experienced 42 per cent higher DDoS attacks, along with an increase in credential theft and fraudulent card transactions. Cybercrime has the potential to significantly impact national security as well as economic stability in the near future as a result of this massive increase in attacks. 

The cybercrime specialist Professor Triveni Singh, who is also a former IPS officer, said that artificial intelligence and advanced detection systems have prevented more than 4.26 billion attempted breaches worldwide by preventing them from being attempted. 

As India's digital economy accelerates, it requires stronger technologies, skilled professionals, continuous monitoring, and robust policies strengthened by international cooperation as well as stronger technology. 

A major component of the Indian cyber landscape has emerged as a complex and vulnerable healthcare sector. Hospitals and medical groups operate in high-stakes environments, which can be very difficult for anyone to deal with. 

Even a few minutes of system downtime could mean the difference between life and death for the patient. In light of this, ransomware groups have targeted them as prime targets, exploiting the urgency of care to extract money from patients. 

A growing number of medical Internet of Things (MIoT) devices, including heart monitors, infusion pumps, and many other devices that interact with the internet, has led to a widening of attack surfaces in recent years. In spite of the promises of these technologies, their historically weak security makes them more appealing to threat actors that are powered by artificial intelligence, raising the possibility of patient data being stolen or even being interfered with directly. 

As telehealth has increased in popularity, the risks have increased further, as both patients and providers are at risk of being attacked via the internet, which can harvest sensitive information from patients. It is important to note that India's healthcare sector continues to struggle with legacy systems, financial constraints, and a shortage of cybersecurity experts, which leaves small and mid-sized institutions particularly vulnerable, despite the country's progress in digitisation. 

Despite the fragmentation of national regulations, frameworks like the Information Technology Act, SPDI Rules, and the Digital Personal Data Protection Act have only limited coverage, and there are still many gaps to fill in systemic coverage, according to industry bodies such as the Data Security Council of India and the Healthcare Information and Management Systems Society (HIMSS). 

One real-world example of this problem can be found in August last year, when an artificial intelligence-driven ransomware attack crippled a healthcare provider specialising in artificial intelligence, making the urgency of the issue clear. The malware was triggered by a phishing email, and after a few minutes, it had encrypted electronic patient records, billing systems, and admissions, forcing surgeries to be delayed and critical procedures rerouted. 

However, even though the organisation did not pay the ransom and instead cooperated with law enforcement, there was a severe fallout from the incident: patient trust was shattered, data was compromised, and the incident highlighted India's healthcare cybersecurity posture as being extremely fragile. 

It is becoming increasingly apparent that cyber threats are evolving at an alarming rate, posing an increasing threat to individuals as well as organisations. In the era where millions of devices are connected to the internet, attackers have access to a larger pool of entry points, so they can exploit weaknesses across both personal and corporate networks more easily. 

A report from Seqrite, which tracked over eight million endpoints, revealed that millions of malware infections were detected in just a matter of seconds, demonstrating how large the problem is. It has become increasingly common for cybercriminals to take advantage of the surge in digital services, whether it is small businesses' adoption of online platforms or individuals sharing their personal information on social media. 

For instance, a newly established organisation without adequate security can become a target for ransomware or phishing attacks, while an individual who shares too much information online may be unwittingly vulnerable to identity theft because of it. It has been warned that as technology adoption grows, so will the sophistication of threats, requiring stronger security strategies across every sector. 

The digital expansion of India is undeniably one of the world’s largest markets, but it is also accompanied by many vulnerabilities, making awareness and resilience crucial for long-term growth. India is speeding ahead on the digital journey, but it must maintain a balance between innovation and resiliency to achieve long-term growth. 

No sector is immune to the impact of cyberattacks, as evidenced by the increasingly widespread attacks affecting industries such as healthcare, banking, and small businesses, all of which are rising at an alarming rate. 

The price of inaction will only increase over time. It is still important to keep in mind that technology is only one factor of cybersecurity - creating a culture of cyber awareness, strengthening digital hygiene, and hiring skilled talent will prove to be just as important as deploying advanced firewalls and artificial intelligence services. 

For organisations with limited resources, policymakers, regulators, and industry leaders must work in tandem in order to develop a comprehensive framework aimed at enforcing data protection as well as incentivising proactive security measures. In order to effectively combat cybercrime, it is vital that we foster international collaboration. Cybercrime transcends national boundaries, which requires collective intelligence to combat.

Individuals are advised to protect their personal information, to exercise caution online, and to update their digital practices in order to combat the threat at the grassroots level. In addition to protecting India's critical infrastructure, India will also inspire global confidence that it can lead a secure, technology-driven future as long as it combines security with the very foundations of its digital revolution.
Read more »
Privacy
Data Leak Doctor Healthcare Hong Kong Hospital Privacy

2 Doctors in Hong Kong Arrested for Leaking Patient Data


Two doctors at a Hong Kong public hospital were arrested on charges of accessing computers with dishonest or criminal intent, allegedly involved in a data leak. According to police superintendent Wong Yick-lung, a 57-year-old consultant and a 35-year-old associate consultant from Tseung Kwan O Hospital were arrested in Ho Man Tin and Fo Tan, respectively.

Officers seized computers and other records; the pair is in police custody. On Sunday, the hospital stated the alleged leak, but the exact details were not disclosed at that time. The hospital’s chief executive, Dr. Kenny Yuen Ka-ye, said that the data of a few patients had been given to a third party. An internal complaint a month ago prompted the investigation. 

According to Dr Ka-ye, the hospital found at least one doctor who accessed the patient’s personal data without permission. The hospital believes the documents containing information about other patients might have also been exposed to the third party. Police said experts are working to find out more details concerning the number of patients impacted by the incident.

While the investigation is ongoing, the consultant Dr has given his resignation, while the associate consultant has been suspended. At the time of writing this story, the motivation behind the attack is not known. According to Yuen, every doctor has access to the clinical management system that has patient information, but the use is only permitted under a strict “need-to-know” for research purposes or as part of the medical team taking care of a patient. 

The investigation revealed that the two doctors didn’t fit into either category, which was a violation. According to SCMP’s conversation with a source, the portal reported that the two doctors (both members of the surgery department)  sent details of a female pancreatic cancer patient who died after a surgical operation. 

The pair illegally accessed the info and sent it to the family, asking them to file a complaint against the doctor who did the operation. This was done to show the doctor’s alleged incompetence.

The hospital has sent the case to the Office of the Privacy Commissioner for Personal Data, and has also reported the incident to the police and the Medical Council.

Read more »
Technology
Conti Healthcare Hospital Monti Ransomware Technology

Hospital Notifies victims of a one-year old data breach, personal details stolen

Hospital Notifies victims of a one-year old data breach, personal details stolen

Hospital informs victims about data breach after a year

Wayne Memorial Hospital in the US has informed its 163,440 people about a year old data breach in May 2024 that exposed details such as: names, social security numbers, user IDs, and passwords, financial account numbers, credit and debit card numbers, expiration dates, and CVV codes, medical history, diagnoses, treatments, prescriptions, lab test results and images, health insurance, Medicare, and Medicaid numbers, healthcare provider numbers, state-issued ID numbers, and dates of birth. 

Initially, the hospital informed only 2,500 people about the attack in August 2024. Ransomware group Monti took responsibility for the attack and warned that it would leak the data by July 8, 2024.

Ransom and payment

Wayne Memorial Hospital, however, has not confirmed Monti’s claim. As of now, it is not known if the hospital paid a ransom, what amount Monti demanded, or why the hospital took more than a year to inform victims, or how the threat actors compromised the hospital infrastructure. 

According to the notice sent to victims, “On June 3, 2024, WMH detected a ransomware event, whereby an unauthorized third party gained access to WMH’s network, encrypted some of WMH’s data, and left a ransom note on WMH’s network.” The forensic investigation by WMH found evidence of unauthorized access to a few WMH systems between “May 30, 2024, and June 3, 2024.”

The hospital has offered victims a one-year free credit monitoring and fraud assistance via CyberScout. The deadline to apply is three months from the date of the notice letter.

What is the Monti group?

Monti is a ransomware gang that shares similarities with the Conti group. It was responsible for the first breach in February 2023. The group, however, has been working since June 2022. Monti is infamous for abusing software bugs like Log4Shell. Monti encrypts target systems and steals data as well. This pushes victims to pay ransom money in exchange for deleting stolen data and restoring the systems.

To date, Monti has claimed responsibility for 16 attacks. Out of these, two attacks hit healthcare providers. 

Monti attacks on health care providers

In April 2023, Avezzano Sulmona L’Aquila (Italy) reported a ransomware attack that resulted in large-scale disruption for a month. Monti asked for $3 million ransom for the 500 GB of stolen data. ASL denies payment of the ransom. 

Excelsior Othopedics informed 394,752 people about a June 2024 data compromise

Read more »
SSN leak
Data Breach Experian credit monitoring financial data exposure Healthcare HSGI cyberattack identity theft protection SSN leak

Over 624,000 Impacted in Major Healthcare Data Breach: SSNs, Financial Data, and Identity Theft Risks

 


A massive healthcare data breach has exposed the sensitive information of more than 624,000 individuals, putting Social Security numbers, financial details, and account credentials at risk.

The breach targeted Healthcare Services Group Inc. (HSGI), a Pennsylvania-based company that manages dining, housekeeping, and laundry services for hospitals across 48 U.S. states. According to BleepingComputer, HSGI has begun notifying impacted individuals through official letters.

Hackers infiltrated HSGI’s network in late September 2024, but the intrusion wasn’t discovered until October 7, 2024. An investigation revealed that a wide range of personal data may have been compromised, including:
  • Full names
  • Social Security numbers
  • Driver’s license and state ID numbers
  • Financial account details
  • Login credentials

The type of data exposed varies for each victim. Some may only have had their names leaked, while others also had SSNs and financial data exposed.

If you receive a data breach notification letter from HSGI, it will outline exactly what information of yours was exposed. The company is offering affected individuals free identity theft protection services from Experian, though the coverage period (12 months vs. 24 months) has not been confirmed.

Even though there’s no evidence yet of misuse of stolen data, experts warn that hackers could use the information for phishing attacks, fraud, or identity theft. Victims are urged to:
  • Monitor bank and credit card accounts closely
  • Watch for suspicious emails or texts
  • Avoid clicking unknown links or downloading attachments
  • Use trusted antivirus software on all devices

The healthcare industry has become a prime target for cybercriminals due to the high value of medical and financial records. Analysts believe this will not be the last attack of its kind, as similar breaches have been reported throughout the past year.

While individuals cannot control a company’s cybersecurity, they can take proactive measures once a breach occurs. As experts warn: You may not stop the breach, but you can protect yourself from becoming the next victim of identity fraud.
Read more »
New York
BCNYS Data Breach Financial Data Healthcare New York

Cyberattack on New York Business Council Exposes Thousands to Risk



The Business Council of New York State (BCNYS), an influential body representing businesses and professional groups, has confirmed that a recent cyberattack compromised the personal information of more than 47,000 people.

In a report submitted to the Office of the Maine Attorney General, the Council disclosed that attackers accessed a wide range of sensitive data. The files included basic identifiers such as names and dates of birth, along with highly confidential records like Social Security numbers, state-issued IDs, and taxpayer identification numbers. Financial data was also exposed, including bank account details, payment card numbers, PINs, expiration dates, and even electronic signatures.

What makes this breach particularly concerning is the theft of medical records. The stolen information included healthcare providers’ names, diagnostic details, treatment histories, prescription data, and insurance documents, material that is often harder to replace or protect than financial information.

Investigators believe the attack took place in late February 2025, but the Council only uncovered it months later in August. The delay meant that for several months, criminals could have had access to the stolen records without detection. So far, officials have not confirmed any cases of identity theft linked to this incident. However, security experts note that breaches of this scale often have long-term consequences, as stolen data may circulate for years before being used.


Why it matters

The mix of financial, medical, and personal details gives criminals a powerful toolkit. With such data, they can open fraudulent credit lines, make unauthorized purchases, or submit false tax returns. Medical information raises another layer of danger — allowing fraudsters to access health services or prescriptions under someone else’s identity, potentially leaving victims to untangle costly disputes with insurers and providers.


Protective steps for those affected

1. Secure credit and banking accounts: Victims are advised to place fraud alerts or credit freezes with major credit bureaus, closely watch account activity, and notify banks of potential exposure.

2. Strengthen account security: Change passwords, use multifactor authentication wherever possible, and avoid reusing old login details.

3. Guard against tax fraud: Apply for an IRS Identity Protection PIN, which blocks others from filing tax returns in your name.

4. Monitor medical use: Review insurance and healthcare statements for unfamiliar claims or treatments, and flag suspicious activity immediately.


While BCNYS has offered free credit monitoring to those affected, the larger lesson extends far beyond this single breach. For organizations, it is a reminder that delayed detection amplifies the damage of any cyberattack. For individuals, it shows how deeply personal data, financial and medical can be intertwined in ways that make recovery especially difficult.

Cybersecurity experts warn that these breaches are no longer isolated events but part of a larger pattern where institutions become targets precisely because they store such valuable data. The question is no longer if data will be stolen, but how quickly victims can respond and how effectively organizations can limit the fallout.



Read more »
Software
Businesses Cyber Attacks Finance Healthcare Online Safety organisations Software

Don’t Wait for a Cyberattack to Find Out You’re Not Ready

 



In today’s digital age, any company that uses the internet is at risk of being targeted by cybercriminals. While outdated software and unpatched systems are often blamed for these risks, a less obvious but equally serious problem is the false belief that buying security tools automatically means a company is well-protected.

Many businesses think they’re cyber resilient simply because they’ve invested in security tools or passed an audit. But overconfidence without real testing can create blind spots leaving companies exposed to attacks that could lead to data loss, financial damage, or reputational harm.


Confidence vs. Reality

Recent years have seen a rise in cyberattacks, especially in sectors like finance, healthcare, and manufacturing. These industries are prime targets because they handle valuable and sensitive information. A report by Bain & Company found that while 43% of business leaders felt confident in their cybersecurity efforts, only 24% were actually following industry best practices.

Why this mismatch? It often comes down to outdated evaluation methods, overreliance on tools, poor communication between technical teams and leadership, and a natural human tendency to feel “safe” once something has been checked off a list.


Warning Signs of Overconfidence

Here are five red flags that a company may be overestimating its cybersecurity readiness:

1. No Real-World Testing - If an organization has never run a simulated attack, like a red team exercise or breach test, it may not know where its weaknesses are.

2. Rare or Outdated Risk Reviews - Cyber risks change constantly. Companies that rely on yearly or outdated assessments may be missing new threats.

3. Mistaking Compliance for Security - Following regulations is important, but it doesn’t mean a system is secure. Compliance is only a baseline.

4. No Stress Test for Recovery Plans - Businesses need to test their recovery strategies under pressure. If these plans haven’t been tested, they may fail when it matters most.

5. Thinking Cybersecurity Is Only an IT Job - True resilience requires coordination across departments. If only IT is involved, the response to an incident will likely be incomplete.


Building Stronger Defenses

To improve cyber resilience, companies should:

• Test and monitor security systems regularly, not just once.

• Train employees to recognize threats like phishing, which remains a common cause of breaches.

• Link cybersecurity to overall business planning, so that recovery strategies are realistic and fast.

• Work with outside experts when needed to identify hidden vulnerabilities and improve defenses.


If a company hasn’t tested its cybersecurity defenses in the past six months, it likely isn’t as prepared as it thinks. Confidence alone won’t stop a cyberattack but real testing and ongoing improvement can.

Read more »
Interlock ransomware
Ascension Cyber Attacks critical infrastructure attack cybersecurity threat Double extortion FBI CISA advisory Healthcare Interlock ransomware

CISA, FBI Issue Alert Over Rising Interlock Ransomware Attacks on Critical Infrastructure

 

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have raised an alarm over an increase in ransomware activity linked to the Interlock gang. The advisory, released on Tuesday in collaboration with the Department of Health and Human Services (HHS) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), warns that the group is actively targeting businesses and critical infrastructure in double extortion attacks.

The alert includes indicators of compromise (IOCs) gathered from recent investigations—some as recent as June 2025—and outlines protective measures for network defenders.

Emerging in September 2024, Interlock is a relatively new but rapidly growing ransomware operation. It has launched attacks across various global sectors, with a particular focus on healthcare. The gang has previously been connected to ClickFix intrusions, where they impersonated IT utilities to breach networks, and to malware campaigns using a remote access trojan (RAT) known as NodeSnake, particularly affecting U.K. universities.

The group recently claimed responsibility for cyberattacks on DaVita, a Fortune 500 kidney care company, leaking 1.5 terabytes of stolen data, and Kettering Health, a major healthcare provider with over 120 outpatient locations and more than 15,000 employees.

According to the FBI, the Interlock gang has been observed using unusual methods to infiltrate systems.

"FBI observed actors obtaining initial access via drive-by download from compromised legitimate websites, which is an uncommon method among ransomware groups," the advisory notes.

The gang uses a double extortion model—first stealing and then encrypting victims’ data—forcing organizations to pay not just to restore systems but also to prevent public data leaks.
Read more »
Patient Data
Data Analytics Agency Data Breach Data Leak Data Privacy data security Data Theft Healthcare Healthcare Data Healthcare Security Patient Data

Episource Healthcare Data Breach Exposes Personal Data of 5.4 Million Americans

 

In early 2025, a cyberattack targeting healthcare technology provider Episource compromised the personal and medical data of over 5.4 million individuals in the United States. Though not widely known to the public, Episource plays a critical role in the healthcare ecosystem by offering medical coding, risk adjustment, and data analytics services to major providers. This makes it a lucrative target for hackers seeking access to vast troves of sensitive information. 

The breach took place between January 27 and February 6. During this time, attackers infiltrated the company’s systems and extracted confidential data, including names, addresses, contact details, Social Security numbers, insurance information, Medicaid IDs, and medical records. Fortunately, no banking or payment card information was exposed in the incident. The U.S. Department of Health and Human Services reported the breach’s impact affected over 5.4 million people. 

What makes this breach particularly concerning is that many of those affected likely had no direct relationship with Episource, as the company operates in the background of the healthcare system. Its partnerships with insurers and providers mean it routinely processes massive volumes of personal data, leaving millions exposed when its security infrastructure fails. 

Episource responded to the breach by notifying law enforcement, launching an internal investigation, and hiring third-party cybersecurity experts. In April, the company began sending out physical letters to affected individuals explaining what data may have been exposed and offering free credit monitoring and identity restoration services through IDX. These notifications are being issued by traditional mail rather than email, in keeping with standard procedures for health-related data breaches. 

The long-term implications of this incident go beyond individual identity theft. The nature of the data stolen — particularly medical and insurance records combined with Social Security numbers — makes those affected highly vulnerable to fraud and phishing schemes. With full profiles of patients in hand, cybercriminals can carry out advanced impersonation attacks, file false insurance claims, or apply for loans in someone else’s name. 

This breach underscores the growing need for stronger cybersecurity across the healthcare industry, especially among third-party service providers. While Episource is offering identity protection to affected users, individuals must remain cautious by monitoring accounts, being wary of unknown communications, and considering a credit freeze as a precaution. As attacks on healthcare entities become more frequent, robust data security is no longer optional — it’s essential for maintaining public trust and protecting sensitive personal information.
Read more »
Ransomwares
Cyberattack Data Breach Data Leak data security Employee Data Healthcare Interlock gang Interlock ransomware Kettering Health Ransomware attack Ransomware group Ransomwares

Kettering Health Ransomware Attack Linked to Interlock Group

 

Kettering Health, a prominent healthcare network based in Ohio, is still grappling with the aftermath of a disruptive ransomware attack that forced the organization to shut down its computer systems. The cyberattack, which occurred in mid-May 2025, affected operations across its hospitals, clinics, and medical centers. Now, two weeks later, the ransomware gang Interlock has officially taken responsibility for the breach, claiming to have exfiltrated more than 940 gigabytes of data.  

Interlock, an emerging cybercriminal group active since September 2024, has increasingly focused on targeting U.S.-based healthcare providers. When CNN first reported on the incident on May 20, Interlock had not yet confirmed its role, suggesting that ransom negotiations may have been in progress. With the group now openly taking credit and releasing some of the stolen data on its dark web site, it appears those negotiations either failed or stalled. 

Kettering Health has maintained a firm position that they are against paying ransoms. John Weimer, senior vice president of emergency operations, previously stated that no ransom had been paid. Despite this, the data breach appears extensive. Information shared by Interlock indicates that sensitive files were accessed, including private patient records and internal documents. Patient information such as names, identification numbers, medical histories, medications, and mental health notes were among the compromised data. 

The breach also impacted employee data, with files from shared network drives also exposed. One particularly concerning element involves files tied to Kettering Health’s in-house police department. Some documents reportedly include background checks, polygraph results, and personally identifiable details of law enforcement staff—raising serious privacy and safety concerns. In a recent public update, Kettering Health announced a key development in its recovery process. 

The organization confirmed it had restored core functionalities of its electronic health record (EHR) system, which is provided by healthcare technology firm Epic. Officials described this restoration as a significant step toward resuming normal operations, allowing teams to access patient records, coordinate care, and communicate effectively across departments once again. The full scope of the breach and the long-term consequences for affected individuals still remains uncertain. 

Meanwhile, Kettering Health has yet to comment on whether Interlock’s claims are fully accurate. The healthcare system is working closely with cybersecurity professionals and law enforcement agencies to assess the extent of the intrusion and prevent further damage.
Read more »
Unimed
AI Chatbot Cyber Security Dataleak Healthcare IdentityTheft Kafka phishing Privacy Unimed

Unimed AI Chatbot Exposes Millions of Patient Messages in Major Data Leak

 

iA significant data exposure involving Unimed, one of the world’s largest healthcare cooperatives, has come to light after cybersecurity researchers discovered an unsecured database containing millions of sensitive patient-doctor communications.

The discovery was made by cybersecurity experts at Cybernews, who traced the breach to an unprotected Kafka instance. According to their findings, the exposed logs were generated from patient interactions with “Sara,” Unimed’s AI-driven chatbot, as well as conversations with actual healthcare professionals.

Researchers revealed that they intercepted more than 140,000 messages, although logs suggest that over 14 million communications may have been exchanged through the chat system.

“The leak is very sensitive as it exposed confidential medical information. Attackers could exploit the leaked details for discrimination and targeted hate crimes, as well as more standard cybercrime such as identity theft, medical and financial fraud, phishing, and scams,” said Cybernews researchers.

The compromised data included uploaded images and documents, full names, contact details such as phone numbers and email addresses, message content, and Unimed card numbers.

Experts warn that this trove of personal data, when processed using advanced tools like Large Language Models (LLMs), could be weaponized to build in-depth patient profiles. These could then be used to orchestrate highly convincing phishing attacks and fraud schemes.

Fortunately, the exposed system was secured after Cybernews alerted Unimed. The organization issued a statement confirming it had resolved the issue:

“Unimed do Brasil informs that it has investigated an isolated incident, identified in March 2025, and promptly resolved, with no evidence, so far, of any leakage of sensitive data from clients, cooperative physicians, or healthcare professionals,” the notification email stated. “An in-depth investigation remains ongoing.”

Healthcare cooperatives like Unimed are nonprofit entities owned by their members, aimed at delivering accessible healthcare services. This incident raises fresh concerns over data security in an increasingly AI-integrated medical landscape.
Read more »
Technology
AI biosimilars Cybersecurity Data diagnostics drugdiscovery genomics Healthcare Innovation Privacy Research Startups Technology

AI is Accelerating India's Healthtech Revolution, but Data Privacy Concerns Loom Large

 

India’s healthcare, infrastructure, is undergoing a remarkable digital transformation, driven by emerging technologies like artificialintelligence (AI), machinelearning, and bigdata. These advancements are not only enhancing accessibility and efficiency but also setting the foundation for a more equitable health system. According to the WorldEconomicForum (WEF), AI is poised to account for 30% of new drug discoveries by 2025 — a major leap for the pharmaceutical industry.

As outlined in the Global Outlook and Forecast 2025–2030, the market for AI in drugdiscovery is projected to grow from $1.72 billion in 2024 to $8.53 billion by 2030, clocking a CAGR of 30.59%. Major tech players like IBMWatson, NVIDIA, and GoogleDeepMind are partnering with pharmaceutical firms to fast-track AI-led breakthroughs.

Beyond R&D, AI is transforming clinical workflows by digitising patientrecords and decentralising models to improve diagnostic precision while protecting privacy.

During an interview with AnalyticsIndiaMagazine (AIM), Rajan Kashyap, Assistant Professor at the National Institute of Mental Health and Neuro Sciences (NIMHANS), shared insights into the government’s push toward innovation: “Increasing the number of seats in medical and paramedical courses, implementing mandatory rural health services, and developing Indigenous low-cost MRI machines are contributing significantly to hardware development in the AI innovation cycle.”

Tech-Driven Healthcare Innovation

Kashyap pointed to major initiatives like the GenomeIndia project, cVEDA, and the AyushmanBharatDigitalMission as critical steps toward advancing India’s clinical research capabilities. He added that initiatives in genomics, AI, and ML are already improving clinicaloutcomes and streamlining operations.

He also spotlighted BrainSightAI, a Bengaluru-based startup that raised $5 million in a Pre-Series A round to scale its diagnostic tools for neurological conditions. The company aims to expand across Tier 1 and 2 cities and pursue FDA certification to access global healthcaremarkets.

Another innovator, Niramai Health Analytics, offers an AI-based breast cancer screening solution. Their product, Thermalytix, is a portable, radiationfree, and cost-effective screening device that is compatible with all age groups and breast densities.

Meanwhile, biopharma giant Biocon is leveraging AI in biosimilar development. Their work in predictivemodelling is reducing formulation failures and expediting regulatory approvals. One of their standout contributions is Semglee, the world’s first interchangeablebiosimilar insulin, now made accessible through their tie-up with ErisLifesciences.

Rising R&D costs have pushed pharma companies to adopt AI solutions for innovation and costefficiency.

Data Security Still a Grey Zone

While innovation is flourishing, there are pressing concerns around dataprivacy. A report by Netskope Threat Labs highlighted that doctors are increasingly uploading sensitive patient information to unregulated platforms like ChatGPT and Gemini.

Kashyap expressed serious concerns about lax data practices:

“During my professional experience at AI labs abroad, I observed that organisations enforced strict data protection regulations and mandatory training programs…The use of public AI tools like ChatGPT or Gemini was strictly prohibited, with no exceptions or shortcuts allowed.”

He added that anonymised data is still vulnerable to hacking or reidentification. Studies show that even brainscans like MRIs could potentially reveal personal or financial information.

“I strongly advocate for strict adherence to protected data-sharing protocols when handling clinical information. In today’s landscape of data warfare, where numerous companies face legal action for breaching data privacy norms, protecting health data is no less critical than protecting national security,” he warned.

Policy Direction and Regulatory Needs

The Netskope report recommends implementing approved GenAI tools in healthcare to reduce “shadow AI” usage and enhance security. It also urges deploying datalossprevention (DLP) policies to regulate what kind of data can be shared on generative AI platforms.

Although the usage of personal GenAI tools has declined — from 87% to 71% in one year — risks remain.

Kashyap commented on the pace of India’s regulatory approach:

“India is still in the process of formulating a comprehensive data protection framework. While the pace may seem slow, India’s approach has traditionally been organic, carefully evolving with consideration for its unique context.”

He also pushed for developing interdisciplinary medtech programs that integrate AIeducation into medicaltraining.

“Misinformation and fake news pose a significant threat to progress. In a recent R&D project I was involved in, public participation was disrupted due to the spread of misleading information. It’s crucial that legal mechanisms are in place to counteract such disruptions, ensuring that innovation is not undermined by false narratives,” he concluded.
Read more »
Privacy
Ascension Cyber Attacks Cyber Hacking CyberCrime Cybersecurity CyberThreat Healthcare Privacy

Ascension Faces New Security Incident Involving External Vendor

 


There has been an official disclosure from Ascension Healthcare, one of the largest non-profit healthcare systems in the United States, that there has been a data breach involving patient information due to a cybersecurity incident linked to a former business partner. Ascension, which has already faced mounting scrutiny for its data protection practices, is facing another significant cybersecurity challenge with this latest breach, proving the company's commitment to security.

According to the health system, the recently disclosed incident resulted in the compromise of personal identifiable information (PII), including protected health information (PHI) of the patient. A cyberattack took place in December 2024 that was reported to have stolen data from a former business partner, a breach that was not reported publicly until now. This was the second major ransomware attack that Ascension faced since May of 2024, when critical systems were taken offline as a result of a major ransomware attack. 

A breach earlier this year affected approximately six million patients and resulted in widespread disruptions of operations. It caused ambulance diversions in a number of regions, postponements of elective procedures, and temporary halts of access to essential healthcare services in several of these regions. As a result of such incidents recurring repeatedly within the healthcare sector, concerns have been raised about the security posture of third-party vendors and also about the potential risks to patient privacy and continuity of care that can arise. 

According to Ascension's statement, the organisation is taking additional steps to evaluate and strengthen its cybersecurity infrastructure, including the relationship with external software and partner providers. The hospital chain, which operates 105 hospitals in 16 states and Washington, D.C., informed the public that the compromised data was "likely stolen" after being inadvertently disclosed to the third-party vendor, which, subsequently, experienced a breach as a result of an external software vulnerability. 

In a statement issued by Ascension Healthcare System, it was reported that the healthcare system first became aware of a potential security incident on December 5, 2024. In response to the discovery of the breach, the organisation initiated a thorough internal investigation to assess the extent of the breach. An investigation revealed that patient data had been unintentionally shared with an ex-business partner, who then became the victim of a cybersecurity attack as a result of the data being shared. 

In the end, it appeared that the breach was caused by a vulnerability in third-party software used by the vendor. As a result of the analysis concluded in January 2025, it was determined that some of the information disclosed had likely been exfiltrated during this attack. 

In spite of Ascension failing to disclose the specific types of data that were impacted by the attack, the organization did acknowledge that multiple care sites in Alabama, Michigan, Indiana, Tennessee, and Texas have been affected by the attack. In a statement released by Ascension, the company stressed that it continues to collaborate with cybersecurity experts and legal counsel to better understand the impact of the breach and to inform affected individuals as necessary. 

In addition, the company has indicated that in the future it will take additional steps to improve data sharing practices as well as third party risk management protocols. There is additional information released by Ascension that indicates that the threat actors who are suspected of perpetrating the December 2024 incident likely gained access to and exfiltrated sensitive medical and personal information. 

There are several types of compromised information in this file, including demographics, Social Security numbers, clinical records, and details about visits such as names of physicians, names, diagnoses, medical record numbers, and insurance provider details. Although Ascension has not provided a comprehensive estimate of how many people were affected nationwide, the organization did inform Texas state officials that 114,692 people were affected by the breach here in Texas alone, which was the number of individuals affected by the breach. 

The healthcare system has still not confirmed whether this incident is related to the ransomware attack that occurred in May 2024 across a number of states and affected multiple facilities. It has been reported that Ascension Health's operations have been severely disrupted since May, resulting in ambulances being diverted, manual documentation being used instead of electronic records, and non-urgent care being postponed. 

It took several weeks for the organization to recover from the attack, and the cybersecurity vulnerabilities in its digital infrastructure were revealed during the process. In addition to revealing that 5,599,699 individuals' personal and health-related data were stolen in the attack, Ascension later confirmed this information. 

Only seven of the system's 25,000 servers were accessed by the ransomware group responsible, but millions of records were still compromised. The healthcare and insurance industries continue to be plagued by data breaches. It has been reported this week that a data breach involving 4,052,972 individuals, resulting from a cyberattack in February 2024, has affected 4,052,972 individuals, according to a separate incident reported by VeriSource Services, a company that manages employee administration. 

A number of these incidents highlight the growing threat that organisations dealing with sensitive personal and medical data are facing. Apparently, the December 2024 breach involving Ascension's systems and networks was not caused by an internal compromise of its electronic health records, but was caused by an external attack. Neither the health system nor the former business partner with whom the patient information was disclosed has been publicly identified, nor has the health system identified the particular third-party software vulnerability exploited by the attackers.

Ascension has also recently announced two separate third-party security incidents that are separate from this one. A notice was posted by the organisation on April 14, 2025, concerning a breach that took place involving Scharnhorst Ast Kennard Gryphon, a law firm based in Missouri. The organisation reported that SAKG had detected suspicious activity on August 1, 2024, and an investigation later revealed that there had been unauthorised access between the 17th and the 6th of August 2024. 

Several individuals affiliated with the Ascension health system were notified by SAKG on February 14, 2025, about the breach. In that incident, there were compromised records including names, phone numbers, date of birth and death, Social Security numbers, driver's license numbers, racial data, and information related to medical treatment. 

A number of media inquiries have been received regarding the broader scope of the incident, including whether or not other clients were affected by the breach, as well as how many individuals were affected in total. Separately, Ascension announced another data security incident on March 3, 2025 that involved Access Telecare, a third-party provider of telehealth services in the area of Ascension Seton in Texas. 

As with previous breaches, the Ascension Corporation clarified that the breach did not compromise its internal systems or electronic health records, a report filed with the U.S. Department of Health and Human Services Office for Civil Rights (HHS OCR) confirmed on March 8, 2025, that Access Telecare had experienced a breach of its email system, which was reported on March 8, 2025. It is estimated that approximately 62,700 individuals may have been affected by the breach. 

In light of these successive disclosures, it is becoming increasingly apparent that the healthcare ecosystem is at risk of third-party relationships, as organisations continue to face the threat of cybercriminals attempting to steal sensitive medical and personal information from the internet. As a response to the recent security breach involving a former business partner, Ascension has offered two years of complimentary identity protection services to those who have been affected. This company offers credit monitoring services, fraud consultations, identity theft restoration services, aimed at mitigating potential harm resulting from unauthorized access to personal and health information, including credit monitoring, fraud consultation, and identity theft restoration services. 

Even though Ascension has not provided any further technical details about the breach, the timeline and nature of the incident suggest that it may be related to the Clop ransomware group's widespread campaign against data theft. There was a campaign in late 2024 that exploited a zero-day security vulnerability in the Cleo secure file transfer software and targeted multiple organisations. The company has not officially confirmed any connection between the breach and the Clop group, and a spokesperson has not responded to BleepingComputer's request for comment. 

Ascension has not encountered any major cybersecurity incidents in the past, so it is not surprising that this is not the first time they have experienced one. According to Ascension Healthcare's official report from May 2024, approximately 5.6 million patients and employees were affected by a separate ransomware infection attributed to the Black Basta group of hackers. Several hospitals were adversely affected by a security breach that occurred due to the inadvertent download of a malicious file on a company device by an employee. 

A number of data sets were exposed as a result of that incident, including both personal and health-related information, illustrating how the healthcare industry faces ongoing risks due to both internal vulnerabilities and external cyber threats. Despite the ongoing threat of cybersecurity in the healthcare industry, the string of data breaches involving Ascension illustrates the need to be more vigilant and accountable when managing third-party relationships. 

Even in the case of uncompromised internal systems, vulnerabilities in external networks can still result in exposing sensitive patient information to significant risks, even in cases of uncompromised internal systems. To ensure that healthcare organisations are adequately able to manage vendor risk, implement strong data governance protocols, and implement proactive threat detection and response strategies, organisations need to prioritise robust vendor risk management. 

A growing number of regulatory bodies and industry leaders are beginning to realize that they may need to revisit standards that govern network sharing, third-party oversight, and breach disclosure in an effort to ensure the privacy of patients in the increasingly interconnected world of digital health.
Read more »
Ransomware
Cyberattack Data Breach DaVita Healthcare Interlock Ransomware

Interlock Ransomware Gang Claims DaVita Cyberattack, Leaks Alleged Data Online

 

jThe Interlock ransomware group has taken credit for a recent cyberattack on DaVita, a leading U.S. kidney care provider. The group claims to have exfiltrated a significant amount of data, which it has now leaked on the dark web.

DaVita, a Fortune 500 company, operates over 2,600 dialysis centers across the U.S., employs around 76,000 people in 12 countries, and generates more than $12.8 billion in annual revenue. On April 12, the healthcare giant informed the U.S. Securities and Exchange Commission (SEC) that it had been hit by a ransomware incident that disrupted some operations. At the time, the company said it was assessing the impact.

Earlier today, the Interlock group publicly listed DaVita as a victim on its data leak site (DLS) hosted on the dark web. The cybercriminals claim to have stolen approximately 1.5 terabytes of data, including around 700,000 files containing sensitive information—ranging from patient records and user account data to insurance documents and financial details.

The leaked files were released following what appears to be a failed negotiation between Interlock and DaVita. The authenticity of the exposed files has not been independently verified by BleepingComputer.

In response to the data leak, a DaVita spokesperson told BleepingComputer: "We are aware of the post on the dark web and are in the process of conducting a thorough review of the data involved."

"A full investigation regarding this incident is still underway. We are working as quickly as possible and will notify any affected parties and individuals, as appropriate."

"We are disappointed in these actions against the healthcare community and will continue to share helpful information with our vendors and partners to raise awareness on how to defend against these attacks in the future."

Patients who have received care at DaVita facilities are advised to remain alert for phishing attempts and report any suspicious activity to authorities.

Interlock emerged in the ransomware scene in September last year, primarily targeting Windows and FreeBSD systems. Unlike many groups, Interlock does not collaborate with affiliates but has demonstrated increasing activity and sophistication.

A recent report by cybersecurity firm Sekoia highlighted a shift in Interlock’s approach. The group is now using “ClickFix” techniques to deceive victims into deploying info-stealers and remote access trojans (RATs)—a method that paves the way for ransomware deployment.
Read more »
Ransomwares
Backdoor Backdoor Attacks Critical Infrastructure Cyber Attacks Healthcare Malware Attack RansomHub Ransomware attack Ransomwares

Symantec Links Betruger Backdoor Malware to RansomHub Ransomware Attacks

 

A sophisticated custom backdoor malware called Betruger has been discovered in recent ransomware campaigns, with Symantec researchers linking its use to affiliates of the RansomHub ransomware-as-a-service (RaaS) group. The new malware is considered a rare and powerful tool designed to streamline ransomware deployment by minimizing the use of multiple hacking tools during attacks. 

Identified by Symantec’s Threat Hunter Team, Betruger is described as a “multi-function backdoor” built specifically to aid ransomware operations. Its functions go far beyond traditional malware. It is capable of keylogging, network scanning, privilege escalation, credential theft, taking screenshots, and uploading data to a command-and-control (C2) server—all typical actions carried out before a ransomware payload is executed. Symantec notes that while ransomware actors often rely on open-source or legitimate software like Mimikatz or Cobalt Strike to navigate compromised systems, Betruger marks a departure from this norm. 

The tool’s development suggests an effort to reduce detection risks by limiting the number of separate malicious components introduced during an attack. “The use of custom malware other than encrypting payloads is relatively unusual in ransomware attacks,” Symantec stated. “Betruger may have been developed to reduce the number of tools dropped on a network during the pre-encryption phase.” Threat actors are disguising the malware under file names like ‘mailer.exe’ and ‘turbomailer.exe’ to pose as legitimate mailing applications and evade suspicion. While custom malware isn’t new in ransomware operations, most existing tools focus on data exfiltration. 

Notable examples include BlackMatter’s Exmatter and BlackByte’s Exbyte, both created to steal data and upload it to cloud platforms like Mega.co.nz. However, Betruger represents a more all-in-one solution tailored for streamlined attack execution. The RansomHub RaaS operation, previously known as Cyclops and Knight, surfaced in early 2024 and has quickly become a major threat actor in the cybercrime world. Unlike traditional ransomware gangs, RansomHub has focused more on data theft and extortion rather than just data encryption. Since its emergence, RansomHub has claimed several high-profile victims including Halliburton, Christie’s auction house, Frontier Communications, Rite Aid, Kawasaki’s EU division, Planned Parenthood, and Bologna Football Club. 

The group also leaked Change Healthcare’s stolen data after the BlackCat/ALPHV ransomware group’s infamous $22 million exit scam. More recently, the gang claimed responsibility for breaching BayMark Health Services, North America’s largest addiction treatment provider. BayMark serves over 75,000 patients daily across more than 400 locations in the US and Canada. According to the FBI, as of August 2024, RansomHub affiliates have compromised over 200 organizations, many of which are part of critical infrastructure sectors such as government, healthcare, and energy. 

As ransomware groups evolve and adopt more custom-built malware like Betruger, cybersecurity experts warn that defenses must adapt to meet increasingly sophisticated threats.
Read more »
US
Cyber Attacks endue software Healthcare Illinois MedEx Sensitive Information US

Cyberattacks Hit U.S. Healthcare Firms, Exposing Data of Over 236,000 People

 


Two separate data breaches in the U.S. have exposed sensitive information of more than 236,000 people. These incidents involve two organizations: Endue Software in New York and Medical Express Ambulance (MedEx) in Illinois.

Endue Software creates software used by infusion centers, which help treat patients with medication delivered directly into their bloodstream. In February this year, the company found that hackers had broken into its system. This breach led to the exposure of personal details of around 118,000 individuals. The leaked information included full names, birth dates, Social Security numbers, and unique medical record identifiers. While there is currently no proof that the stolen data has been used illegally, the company isn’t taking any chances. It has added more safety tools and measures to its systems. It is also offering one year of free credit monitoring and identity protection to help affected people stay safe from fraud.

In a different case, MedEx, a private ambulance service provider based in Illinois, reported that it was also hit by a cyberattack. This breach happened last year, but the details have recently come to light. Information belonging to more than 118,000 people was accessed by attackers. The data included health records, insurance information, and even passport numbers in some cases.

These events are part of a larger pattern of cyberattacks targeting the healthcare industry in the U.S. In recent months, major organizations like UnitedHealth Group and Ascension Health have also suffered large-scale data breaches. Cybercriminals often go after hospitals and medical companies because the data they store is very valuable and can be used for scams or identity theft.

Both Endue and MedEx are working with cybersecurity experts to investigate the breaches and improve their systems. People affected by these incidents are being advised to be extra cautious. They should use the free protection services, monitor their bank and credit accounts, and immediately report anything unusual.



Read more »
Tracking
Cyber Security Healthcare legislation Location Privacy surveillance Tracking

Why Location Data Privacy Laws Are Urgently Needed

 

Your location data is more than a simple point on a map—it’s a revealing digital fingerprint. It can show where you live, where you work, where you worship, and even where you access healthcare. In today’s hyper-connected environment, these movements are silently collected, packaged, and sold to the highest bidder. For those seeking reproductive or gender-affirming care, attending protests, or visiting immigration clinics, this data can become a dangerous weapon.

Last year, privacy advocates raised urgent concerns, calling on lawmakers to address the risks posed by unchecked location tracking technologies. These tools are now increasingly used to surveil and criminalize individuals for accessing fundamental services like reproductive healthcare.

There is hope. States such as California, Massachusetts, and Illinois are now moving forward with legislation designed to limit the misuse of this data and protect individuals from digital surveillance. These bills aim to preserve the right to privacy and ensure safe access to healthcare and other essential rights.

Imagine a woman in Alabama—where abortion is entirely banned—dropping her children at daycare and driving to Florida for a clinic visit. She uses a GPS app to navigate and a free radio app along the way. Without her knowledge, the apps track her entire route, which is then sold by a data broker. Privacy researchers demonstrated how this could happen using Locate X, a tool developed by Babel Street, which mapped a user’s journey from Alabama to Florida.

Despite its marketing as a law enforcement tool, Locate X was accessed by private investigators who falsely claimed affiliation with authorities. This loophole highlights the deeply flawed nature of current data protections and how they can be exploited by anyone posing as law enforcement.

The data broker ecosystem remains largely unregulated, enabling a range of actors—from law enforcement to ideological groups—to access and weaponize this information. Near Intelligence, a broker, reportedly sold location data from visitors to Planned Parenthood to an anti-abortion organization. Meanwhile, in Idaho, cell phone location data was used to charge a mother and her son with aiding an abortion, proving how this data can be misused not only against patients but also those supporting them.

The Massachusetts bill proposes a protected zone of 1,850 feet around sensitive locations, while California takes a broader stance with a five-mile radius. These efforts are gaining support from privacy advocates, including the Electronic Frontier Foundation.

“A ‘permissible purpose’ (which is key to the minimization rule) should be narrowly defined to include only: (1) delivering a product or service that the data subject asked for, (2) fulfilling an order, (3) complying with federal or state law, or (4) responding to an imminent threat to life.”

Time and again, we’ve seen location data weaponized to monitor immigrants, LGBTQ+ individuals, and those seeking reproductive care. In response, state legislatures are advancing bills focused on curbing this misuse. These proposals are grounded in long-standing privacy principles such as informed consent and data minimization—ensuring that only necessary data is collected and stored securely.

These laws don’t just protect residents. They also give peace of mind to travelers from other states, allowing them to exercise their rights without fear of being tracked, surveilled, or retaliated against.

To help guide new legislation, this post outlines essential recommendations for protecting communities through smart policy design. These include:
  • Strong definitions,
  • Clear rules,
  • Affirmation that all location data is sensitive,
  • Empowerment of consumers through a strong private right of action,
  • Prohibition of “pay-for-privacy” schemes, and
  • Transparency through clear privacy policies.
These protections are not just legal reforms—they’re necessary steps toward reclaiming control over our digital movements and ensuring no one is punished for seeking care, support, or safety.
Read more »
Ransomware
Breach Compliance Cybersecurity Data Breach DaVita dialysis Healthcare Hospital incident ITsecurity patientcare Ransomware

DaVita Faces Ransomware Attack, Disrupting Some Operations but Patient Care Continues

 

Denver-headquartered DaVita Inc., a leading provider of kidney care and dialysis services with more than 3,100 facilities across the U.S. and 13 countries, has reported a ransomware attack that is currently affecting parts of its network. The incident, disclosed to the U.S. Securities and Exchange Commission (SEC), occurred over the weekend and encrypted select portions of its systems.

"Upon discovery, we activated our response protocols and implemented containment measures, including proactively isolating impacted systems," DaVita stated in its SEC filing.

The company is working with third-party cybersecurity specialists to assess and resolve the situation, and has also involved law enforcement authorities. Despite the breach, DaVita emphasized that patient care remains ongoing.

"We have implemented our contingency plans, and we continue to provide patient care," the company noted. "However, the incident is impacting some of our operations, and while we have implemented interim measures to allow for the restoration of certain functions, we cannot estimate the duration or extent of the disruption at this time," the company said.

With the investigation still underway, DaVita acknowledged that "the full scope, nature and potential ultimate impact on the company are not yet known."

Founded 25 years ago, DaVita reported $12.82 billion in revenue in 2024. The healthcare giant served over 281,000 patients last year across 3,166 outpatient centers, including 750+ hospital partnerships. Of these, 2,657 centers are in the U.S., with the remaining 509 located in countries such as Brazil, Germany, Saudi Arabia, Singapore, and the United Kingdom, among others. DaVita also offers home dialysis services.

Security experts warn that the scale of the incident could have serious implications.

"There is potential for a very large impact, given DaVita’s scale of operations," said Scott Weinberg, CEO of cybersecurity firm Neovera. "If patient records were encrypted, sensitive data like medical histories and personal identifiers might be at risk. DaVita has not reported data exfiltration, so it’s not clear if data was stolen or not."

Weinberg added, "For dialysis patients needing regular treatments to survive, this attack is extremely serious. Because of disrupted scheduling or inaccessible records, this could lead to health complications. Ransomware disruptions in healthcare may lead to an increase in mortality rates, especially for time-sensitive treatments such as dialysis."

The breach may also bring regulatory challenges due to DaVita’s international footprint.

"Regulations can differ with respect to penalties and reporting requirements after a breach based on the country and even the state in which the patients live or were treated," said Erich Kron, security awareness advocate at KnowBe4.

"A serious cybersecurity incident that affects individuals in multiple countries can be a legal nightmare for some organizations," Kron said. "However, this is something that organizations should plan for and be prepared for prior to an event ever happening. They should already know what will be required to meet regulatory standards for the regions in which they operate."

In a separate statement to Information Security Media Group, DaVita added, "We have activated backup systems and manual processes to ensure there's no disruption to patient care. Our teams, along with external cybersecurity experts, are actively investigating this matter and working to restore systems as quickly as possible."

This cyberattack mirrors similar recent disruptions within the healthcare industry, which continues to be a frequent target.

"The healthcare sector is always considered a lucrative target because of the serious sense of urgency whenever IT operations are disrupted, not to mention potentially disabled," said Jeff Wichman, director of incident response at Semperis. "In case of ransomware attacks, this serves as another means to pressure the victim into paying a ransom."

He added, "At this time, if any systems administering dialysis have been disrupted, the clinics and hospitals within DaVita’s network are most certainly operating machines manually as a last resort and staff are working extremely hard to ensure patient care doesn’t suffer. If any electronic machines in their network are down, the diligence of staff will fill the gaps until electronic equipment is restored."

DaVita joins a growing list of specialized healthcare providers facing cybersecurity breaches in 2025. Notably, Community Care Alliance in Rhode Island recently reported a hack that impacted 115,000 individuals.

In addition, DaVita has previously disclosed multiple health data breaches. The largest, in July 2024, affected over 67,000 individuals due to unauthorized server access linked to the use of tracking pixels in its patient-facing platforms.
Read more »
Privacy
creditmonitoring Cybersecurity Databreach Dataleak Healthcare IdentityTheft labtesting medicalrecords PlannedParenthood Privacy

Over 1.6 Million Affected in Planned Parenthood Lab Partner Data Breach

 

A cybersecurity breach has exposed the confidential health data of more than 1.6 million individuals—including minors—who received care at Planned Parenthood centers across over 30 U.S. states. The breach stems from Laboratory Services Cooperative (LSC), a company providing lab testing for reproductive health clinics nationwide.

In a notice filed with the Maine Attorney General’s office, LSC confirmed that its systems were infiltrated on October 27, 2024, and the breach was detected the same day. Hackers reportedly gained unauthorized access to sensitive personal, medical, insurance, and financial records.

"The information compromised varies from patient to patient but may include the following:
  • Personal information: Name, address, email, phone number
  • Medical information: Date(s) of service, diagnoses, treatment, medical record and patient numbers, lab results, provider name, treatment location
  • Insurance information: Plan name and type, insurance company, member/group ID numbers
  • Billing information: Claim numbers, bank account details, billing codes, payment card details, balance details
  • Identifiers: Social Security number, driver's license or ID number, passport number, date of birth, demographic data, student ID number"

In addition to patient data, employee information—including details about dependents and beneficiaries—may also have been compromised.

Patients concerned about whether their data is affected can check if their Planned Parenthood location partners with LSC via the FAQ section on LSC’s website or by calling their support line at 855-549-2662.

While it's impossible to reverse the damage of a breach, experts recommend immediate protective actions:

Monitor your credit reports (available weekly for free from all three major credit bureaus)

Place fraud alerts, freeze credit, and secure your Social Security number

Stay vigilant for unusual account activity and report potential identity theft promptly

LSC is offering 12–24 months of credit monitoring through CyEx Medical Shield Complete to impacted individuals. Those affected must call the customer service line between 9 a.m. and 9 p.m. ET, Monday to Friday, to get an activation code for enrollment.

For minors or individuals without an SSN or credit history, a tailored service named Minor Defense is available with a similar registration process. The enrollment deadline is July 14, 2025.
Read more »
Subscribe to: Comments (Atom)