All news with #phi tag

Synnovis Notifies NHS Clients After 2024 Ransomware

🔔 Synnovis has begun notifying its NHS customers and affected data controllers about the volume of patient information compromised in a June 2024 ransomware attack. The incident, attributed to a Qilin affiliate, saw roughly 400GB of data published and caused widespread disruption to blood services, cancelled appointments and at least one reported death. Synnovis said notifications will be completed by 21 November, citing the 'exceptional scale and complexity' of an unstructured and fragmented dataset, a delay that has drawn sharp criticism from security experts.

Synnovis Notifies NHS of Patient Data Theft After Ransomware

🔒 Synnovis has notified NHS organisations that a June 2024 ransomware incident resulted in the theft of patient data, including names, NHS numbers, dates of birth, and some test results. The company says the exfiltrated files were unstructured and fragmented, requiring specialist analysis to reassemble. Synnovis confirmed no ransom was paid, is coordinating notifications with affected trusts and expects to complete notifications by 21 November 2025. The incident has been linked to the Qilin ransomware operation.

Cybersecurity Experts Charged Over BlackCat Ransomware

🔒 Three cybersecurity professionals have been indicted for allegedly operating an ALPHV/BlackCat ransomware affiliate network that attacked at least five U.S. companies between May and November 2023. Prosecutors named former Sygnia incident response manager Ryan Clifford Goldberg and negotiator Kevin Tyler Martin of DigitalMint, accusing them of exfiltrating data, encrypting systems, and demanding cryptocurrency extortion payments. An FBI affidavit describes encrypted dark‑web negotiations, multi‑hop transfers using privacy coins such as Monero, and meticulous spreadsheets that tracked ransoms, receipts, and wallet addresses. Charges include conspiracy to extort and intentional damage to protected computers, with potential forfeiture of crypto assets.

Conduent Breach Exposes Data of Over 10.5 Million People

🔒 Conduent has confirmed a breach affecting more than 10.5 million individuals, with customer notices sent in October 2025 after the incident was discovered on 13 January 2025. Unauthorized access reportedly began on 21 October 2024 and persisted for nearly three months. The criminal group SafePay claimed responsibility and said it exfiltrated large volumes of data, potentially including names, Social Security numbers, dates of birth, and medical and insurance information.

SimonMed: 1.2M Patients Affected in January Breach

🔒 SimonMed Imaging is notifying more than 1.2 million individuals that attackers accessed its network between January 21 and February 5, 2025. The company says hackers stole data and the Medusa ransomware group claimed a 212 GB exfiltration and published proof files including ID scans, medical reports, payment details and raw scans. SimonMed reset passwords, implemented multifactor authentication, deployed EDR, removed vendor access, restricted traffic, notified law enforcement and is offering affected people free Experian identity monitoring.

Seattle Children’s Uses AI to Accelerate Pediatric Care

🤖 Seattle Children’s partnered with Google Cloud to build Pathway Assistant, a multimodal AI chatbot that turns thousands of pediatric clinical pathway PDFs into conversational, searchable guidance. Using Vertex AI and Gemini, the assistant extracts JSON metadata, parses diagrams and flowcharts, and returns cited answers in seconds. The tool logs clinician feedback to BigQuery and stores source documents in Cloud Storage, enabling continuous improvement of documentation and metadata.

Senator Wyden Urges FTC Probe of Microsoft Ransomware Lapses

🔍 Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft for what he describes as "gross cybersecurity negligence" that he says facilitated ransomware attacks on U.S. critical infrastructure, including healthcare. Wyden's four-page letter to FTC Chair Andrew Ferguson cites the 2024 Ascension breach attributed to Black Basta and details an attack chain that began when a contractor clicked a malicious link after using Microsoft's Bing search. The senator highlights exploitation of insecure default Kerberos settings and legacy RC4 support enabling Kerberoasting, and criticizes Microsoft for not enforcing stronger defaults and minimum password requirements while noting the company's published mitigations and planned deprecations.

KillSec Ransomware Disrupts Brazilian Healthcare IT

🔒 A ransomware incident attributed to KillSec has disrupted MedicSolution, a Brazilian healthcare IT vendor, after attackers claimed to exfiltrate more than 34 GB comprising 94,818 files. Resecurity reports the haul includes medical evaluations, lab results, X‑rays and unredacted patient photos, and says data was exposed via misconfigured AWS cloud buckets. MedicSolution has not publicly responded; regulators and affected providers face notification and remediation challenges.

EuroDaT and Google Cloud: Secure Financial Data Exchange

🔒 EuroDaT, a state-owned data trustee, built safeAML with major German banks to enable controlled, pseudonymous transaction matching while preserving GDPR compliance. The cloud-native service runs on Google Cloud and Google Kubernetes Engine, using infrastructure-as-code, isolated VPCs and auditable processing so EuroDaT never accesses personal-data content. By letting banks request targeted supplementary information, safeAML accelerates suspicious-activity checks, reduces false positives and lays groundwork for wider use in ESG and health data sharing.

Anthropic Disrupts AI-Powered Data Theft and Extortion

🔒 Anthropic said it disrupted a sophisticated July 2025 operation that weaponized its AI chatbot Claude and the agentic tool Claude Code to automate large-scale theft and extortion targeting at least 17 organizations across healthcare, emergency services, government and religious institutions. The actor exfiltrated personal, financial and medical records and issued tailored ransom demands in Bitcoin from $75,000 to over $500,000. Anthropic reported building a custom classifier and sharing technical indicators with partners to mitigate similar abuses.

Microsoft Azure and NVIDIA Accelerate Scientific AI

🔬 This blog highlights how Microsoft Azure and NVIDIA combine cloud infrastructure and GPU-accelerated AI tooling to speed scientific discovery and commercial deployment. It profiles three startups—Pangaea Data, Basecamp Research, and Global Objects—demonstrating applications from clinical decision support to large-scale protein databases and photorealistic digital twins. The piece emphasizes measurable outcomes, compliance, and the importance of scalable compute and optimized AI frameworks for real-world impact.

FUJIFILM Synapse Mobility Privilege Escalation Advisory

🔒 FUJIFILM Healthcare Americas Corporation has released fixes for a privilege-escalation vulnerability (CVE-2025-54551) affecting Synapse Mobility. The issue is an external control of an assumed-immutable web parameter that can be abused remotely with low attack complexity; CVSS v4 score is 5.3. FUJIFILM recommends upgrading to 8.2 or applying patches for 8.0–8.1.1. Immediate mitigations include disabling the configurator search function or unchecking "Allow plain text accession number," and CISA advises minimizing network exposure and using secure remote access.

AWS Achieves Standards Exceeded in NHS DSPT 2024-25

🔒 Amazon Web Services (AWS) has completed the NHS Data Security and Protection Toolkit (NHS DSPT) assessment for 2024–25, achieving Standards Exceeded. The certification is valid until June 30, 2026 and is available via NHS England and AWS Artifact. NHS DSPT measures performance against the National Data Guardian’s 10 data security standards, covering Personal Confidential Data, Continuity Planning, and IT Protection. AWS emphasises that security is a shared responsibility and directs customers to its compliance resources.

AWS Achieves HITRUST Certification for 177 Services

🔒 Amazon Web Services announced that 177 AWS services achieved HITRUST certification for the 2025 assessment cycle, with five services certified for the first time: Amazon Verified Permissions, AWS B2B Data Interchange, AWS Payment Cryptography, AWS Resource Explorer, and AWS Security Incident Response. A third‑party assessor audited the services under the HITRUST CSF v11.5.1 framework. Customers can inherit the certification for validated assessments when they use in‑scope services and follow the AWS Shared Responsibility Model, and evidence is available through AWS Artifact.

KrebsOnSecurity Featured in HBO Max 'Most Wanted' Series

📰 The HBO Max documentary Most Wanted: Teen Hacker features interviews with Brian Krebs and examines the criminal trajectory of Julius Kivimäki, a Finnish hacker convicted for extensive data breaches and later mass extortion. The four-part series traces his early role in the Lizard Squad, high-profile DDoS attacks, swatting incidents, and the Vastaamo psychotherapy breach and patient extortion. Directed by Sami Kieski and co-written by Joni Soila, episodes will stream weekly on Fridays throughout September.

Thai Hospital Fined After Patient Records Used as Wrappers

📄 A Thai hospital was fined after more than 1,000 patient records, sent for destruction, were found being used as street-food wrappers for crispy crepes. Thailand’s Personal Data Protection Committee (PDPC) determined the documents leaked following handling by a contracted disposal firm that stored them at a private residence. The hospital was fined 1.21 million baht and the disposal business owner received a separate penalty. The episode highlights failures in secure disposal and vendor oversight.

Medico Inc. S3 Misconfiguration Exposes Patient Data

🔓 Medico Inc. left an Amazon S3 bucket publicly accessible, exposing nearly 14,000 documents (approximately 1.7GB) that included medical records, insurance claims, legal files, and internal business data. The UpGuard Data Breach Research Team discovered the bucket on June 20, 2019, and Medico closed it within hours after notification. The dataset contained unredacted PII such as SSNs, bank account numbers, and payment card data, and also included plaintext credentials that could enable further compromise.

Medcall S3 Misconfiguration Exposed Medical Records

🔓 UpGuard disclosed that an unsecured Medcall Healthcare Advisors Amazon S3 bucket exposed roughly 7 GB of sensitive information, including PDF intake forms, CSV files containing full Social Security numbers, and 715 recorded patient-doctor and operator calls. The bucket was publicly readable and writable with an 'Everyone - Full Control' ACL and was taken offline after UpGuard notified Medcall. The case underscores the danger of vendor misconfiguration and third-party exposure of protected health information.

Neoclinical Database Exposed Sensitive Health Data

🔒 UpGuard researchers discovered a publicly accessible MongoDB database belonging to Neoclinical, exposing profiles for 37,170 users in Australia and New Zealand. Records included names, contact details, geocoordinates, dates of birth and structured health-screening answers that revealed diagnoses and treatments. UpGuard notified the company and AWS; access was removed on July 26. The exposure underscores the need for proper access controls and rapid incident response.

Open rsync Repository Exposes 42,000+ Patients' Records

🔒 UpGuard discovered a publicly accessible rsync repository tied to Cohen Bergman Klepper Romano Mds PC that exposed records for more than 42,000 patients and over three million medical notes. The exposed data included patient and physician names, Social Security numbers, dates of birth, phone numbers, email and insurance information, along with an Outlook .pst and a virtual hard drive containing staff home addresses and family details. UpGuard notified the affected parties and Accenture, and the repository was secured after follow-up, underscoring failures in basic access controls and the need for faster remediation.