| Editor's Choice: Cybersecurity | The data breach at Singing River Health System occurred in December 2025 and resulted in sensitive medical information being stolen by cybercriminals. If a post on the dark web is to be believed, an infamous group called Anubis is responsible for the intrusion. The data breach at Singing River Health System occurred in December 2025 and resulted in sensitive medical information being stolen by cybercriminals. If a post on the dark web is to be believed, an infamous group called Anubis is responsible for the intrusion. | | |
| The intrusion was caused by the compromised credentials of a Hartford HealthCare employee. Data stolen included full names, Medicaid ID numbers and patient treatment details. The intrusion was caused by the compromised credentials of a Hartford HealthCare employee. Data stolen included full names, Medicaid ID numbers and patient treatment details. | | |
| First revealed in March, the incident was confirmed to be months long. NYC Health + Hospitals blamed the intrusion on an unnamed third-party vendor. Stolen data includes medical records, finger and palm prints, and location data from patients and workers alike. First revealed in March, the incident was confirmed to be months long. NYC Health + Hospitals blamed the intrusion on an unnamed third-party vendor. Stolen data includes medical records, finger and palm prints, and location data from patients and workers alike. | | |
| Tennessee-based Xsolis said the incident occurred in January, and the sensitive data was from its clients. The company provides AI-powered case management software to hospitals and health insurers. Tennessee-based Xsolis said the incident occurred in January, and the sensitive data was from its clients. The company provides AI-powered case management software to hospitals and health insurers. | | |
| In what’s being called a “data security incident,” Acadia Healthcare confirmed a compromised email account led to sensitive patient data being accessed by hackers. The full number of victims is being tabulated. In what’s being called a “data security incident,” Acadia Healthcare confirmed a compromised email account led to sensitive patient data being accessed by hackers. The full number of victims is being tabulated. | | |
| Frustratingly to hospital leadership, the upward trajectory in attacks and harms is happening despite healthcare’s striving—and spending—to be more proactive with defensive measures. Frustratingly to hospital leadership, the upward trajectory in attacks and harms is happening despite healthcare’s striving—and spending—to be more proactive with defensive measures. | | |
| The caper was carried out by a former employee of Nuance Communications, a Microsoft subsidiary. According to court documents, the man used his credentials to access patient data from 1.3 million patients at Geisinger. Police said they found the trove stored on a flash drive in his car. The caper was carried out by a former employee of Nuance Communications, a Microsoft subsidiary. According to court documents, the man used his credentials to access patient data from 1.3 million patients at Geisinger. Police said they found the trove stored on a flash drive in his car. | | |
| Check Point Research revealed in a new report that VECT 2.0—advertised as a powerful, secure ransomware service—contains a fatal coding error that wipes victims’ data instead of encrypting it. Check Point Research revealed in a new report that VECT 2.0—advertised as a powerful, secure ransomware service—contains a fatal coding error that wipes victims’ data instead of encrypting it. | | |
| In a Final Rule revealed last week, the Centers for Medicare & Medicaid Services outlined its plan to exchange medical records, diagnostic images and clinical notes electronically using secure protocols. Once the rule is published in the Federal Register, any HIPAA-covered entity that interacts with Medicare will have two years to follow CMS into the modern age. In a Final Rule revealed last week, the Centers for Medicare & Medicaid Services outlined its plan to exchange medical records, diagnostic images and clinical notes electronically using secure protocols. Once the rule is published in the Federal Register, any HIPAA-covered entity that interacts with Medicare will have two years to follow CMS into the modern age. | | |
| Developer Anthropic released the tool to a small number of organizations in hopes they can find security vulnerabilities. Now comes a report revealing that a group of people on the popular Discord chat app have gained access. Mythos could be used as a powerful cybersecurity weapon. Developer Anthropic released the tool to a small number of organizations in hopes they can find security vulnerabilities. Now comes a report revealing that a group of people on the popular Discord chat app have gained access. Mythos could be used as a powerful cybersecurity weapon. | | |
| |
|
| ![]() | |
|
