healthcare

Consumer Advisory: Fake Windows Updates, Qilin in Healthcare, and patches you shouldn't skip

John Z Black Apr 27, 2026

Vulnerabilities & Patching #lumma #qilin #healthcare #cisa #windows #patching

A stealer campaign with 0 detections is hiding inside fake Windows 11 upgrade ads. Qilin ransomware hit a Florida dermatology practice. And CISA added more bugs to the mandatory patch list.

The Billion-Dollar Bill: Why the Cost of a Breach Never Ends

John Z Black Apr 22, 2026

Incidents & Breaches #breach-cost #mgm #unitedhealth #sec-fine #settlement #ransomware #healthcare

A major breach cycle only lasts a week in the news but can last five years on the balance sheet. UnitedHealth spent $3.1 billion before the SEC fine even landed.

When the Breach Isn't at Your Bank: Third-Party Risk Hits Healthcare and Finance in the Same Week

John Z Black Apr 15, 2026

Incidents & Breaches #data-breach #third-party-risk #healthcare #financial-services #springfield-hospital #marquis #lapsus #vendor-risk

A hospital email account, a fintech ransomware attack still sending notifications eight months later, and a Lapsus$ claim against a financial vendor. Third-party concentration risk landed in two sectors at once this week.

The Breach Happened in February 2025. Patients Are Just Hearing About It Now.

John Z Black Apr 14, 2026

Incidents & Breaches #dermcare #healthcare #data-breach #hipaa #practice-management #patient-data

DermCare Management, which handles billing and records for dozens of dermatology practices, suffered a breach in February 2025. They confirmed it in March 2026. Patients are getting notified now. The exposed data includes Social Security numbers, financial account info, and medical records.

The Healthcare Multiplier: One Ransomware Attack, Dozens of Hospitals

John Z Black Apr 11, 2026

Ransomware & Cybercrime #ransomware #healthcare #ehr #chipsoft #hix #vendor-security

Ransomware hit ChipSoft, the EHR vendor behind HiX. One intrusion took down clinical systems across hospitals in the Netherlands and Belgium at the same time. That's the geometry attackers are after.

$20.88 Billion Gone: What the FBI's New Cybercrime Report Actually Says

John Z Black Apr 8, 2026

Ransomware & Cybercrime #fbi #ic3 #cybercrime #crypto-fraud #ransomware #bec #ai-fraud #healthcare

The FBI's IC3 report crossed $20 billion for the first time. Crypto fraud, AI-enabled scams, and elder exploitation tell a story the headline number doesn't capture.

A Massachusetts Hospital Is Diverting Ambulances and Cancelling Chemo. The Attacks You Haven't Heard About Are Worse.

John Z Black Apr 8, 2026

Incidents & Breaches #healthcare #hospital-cyberattack #ambulance-diversion #health-isac #ransomware #brockton-hospital

Brockton Hospital is running on paper after a cyberattack forced ambulance diversions and chemo cancellations. Health ISAC says multiple undisclosed incidents are hitting healthcare right now.

ShinyHunters Popped a Telehealth Giant Through Its Help Desk

John Z Black Apr 4, 2026

Incidents & Breaches #shinyhunters #hims-hers #zendesk #okta #healthcare #telehealth #sso #social-engineering

Two employees tricked out of their Okta creds. Millions of telehealth support tickets stolen. And Hims says no medical records were exposed. Sure.

Stryker Recovered from an Iranian Wiper Attack. It Took Three Weeks and 80,000 Devices.

John Z Black Apr 3, 2026

Threat Intelligence #iran #handala #wiper #healthcare #stryker #nation-state #critical-infrastructure #fbi

Iran's Handala group wiped 80,000 devices across Stryker's global network. Maryland EMS lost digital ECG transmission. The DOJ confirmed Iran's government runs Handala.

The Week Toolchain Trust Collapsed, Again

John Z Black Mar 30, 2026

Threat Intelligence #weekly-recap #supply-chain #teampcp #ai-security #authentication #iran #healthcare #bpfdoor #privacy

TeamPCP kept hitting developer tooling. AI attack surfaces went from theoretical to exploited. Attackers logged in instead of breaking in. And Iran went after the FBI director's personal inbox.

Healthcare Had a Bad Week. A Really, Really Bad Week.

John Z Black Mar 29, 2026

Incidents & Breaches #healthcare #data-breach #nyc #france #cerballiance #coastal-carolina #hipaa #third-party-risk #patient-data

Three healthcare breaches in one week, all tracing back to the same problem: third-party vendors with access to patient data and not enough security around it.

Stryker Finds a Malicious File in Its Systems. Production Is Coming Back Online.

John Z Black Mar 25, 2026

Incidents & Breaches #stryker #handala #iran #healthcare #incident-response #unit42

Stryker's forensic investigation with Palo Alto Networks Unit 42 found a malicious file used to run commands and conceal activity, a separate finding from the initial Handala attack. Production recovery is underway.

The Healthcare Benefits Breach You Haven't Heard About (or the One After It, or the One After That)

John Z Black Mar 22, 2026

Incidents & Breaches #data-breach #healthcare #trizetto #navia #marquis #supply-chain #identity-theft #fsa #hsa #cobra

Three healthcare and benefits data breaches disclosed in the same week -- TriZetto (3.4M), Navia (2.7M), and Marquis (672K) -- follow the same disturbing pattern: your most sensitive data lives with vendors you've never heard of, and you find out months later.

Iran Didn't Need Malware to Cripple Stryker. They Just Used Microsoft Intune.

John Z Black Mar 17, 2026

Threat Intelligence #iran #stryker #handala #intune #mdm #wiper #healthcare #nation-state #critical-infrastructure

The Handala group wiped tens of thousands of Stryker devices using the company's own MDM platform. No malware. No exploit. Just admin access and the willingness to press the button.

Hackers Used Stryker's Own IT Tool to Nuke Its Entire Device Fleet

John Z Black Mar 14, 2026

Threat Intelligence #handala #stryker #mdm #microsoft-intune #iran #wiper #healthcare #nation-state

An Iranian-linked group called Handala reportedly hijacked Microsoft Intune and wiped Stryker's devices at scale. The tool designed to secure their fleet became the weapon that destroyed it.

Your Vendors Got Hacked: Supply Chain Breaches Keep Piling Up

John Z Black Mar 10, 2026

Breaches & Incidents #supply-chain #salesforce #shinyhunters #healthcare #cognizant #trizetto #ericsson #breach

ShinyHunters hit 400 companies through Salesforce misconfigs. Cognizant lost 3.4 million patient records. Ericsson got popped via a vendor. The supply chain is the perimeter now, and it's breaking.