company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Bulk IP/Domain Lookup

Threatspy

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

WebShell

Woocommerce

loading..
loading..
loading..

Fake WooCommerce of WordPress Patch Installs Backdoor & Web Shells

Critical WooCommerce phishing alert: Fake patches install backdoors & web shells. Spot stealth attacks and secure your site now

29-Apr-2025
4 min read

No content available.

Related Articles

loading..

Akira

Hitachi Vantara cyberattack by Akira ransomware disrupts global enterprises & go...

Hitachi Vantara, a critical player in global data infrastructure and ransomware recovery services, has become the latest high-profile victim of the notorious **Akira ransomware gang**. The subsidiary of Japan’s Hitachi Ltd. was forced to take its servers offline over the weekend of April 26–28, 2025, to contain the breach, disrupting operations for government agencies and multinational clients, including BMW, T-Mobile, and China Telecom. The incident underscores the escalating audacity of cybercriminals targeting firms entrusted with safeguarding sensitive data—even those specializing in cybersecurity resilience. ### **Timeline and Impact** #### **Detection and Containment** On **April 26, 2025**, Hitachi Vantara’s internal security teams detected “suspicious activity” across its network, prompting an immediate shutdown of servers to prevent lateral movement by attackers. The company confirmed the ransomware incident in a statement, emphasizing its collaboration with third-party cybersecurity experts to investigate and remediate the breach. #### **Scope of Disruption** - **Internal Systems:** Hitachi’s manufacturing divisions, remote support operations, and internal project management platforms were taken offline. - **Unaffected Services:** Cloud-based solutions and self-hosted customer environments remained operational, allowing clients like Telefónica and BMW to access their data independently. - **Government Projects:** Multiple undisclosed government initiatives managed by Hitachi Vantara were disrupted, raising concerns about national security and critical infrastructure vulnerabilities. #### **Data Theft & Ransom Notes** Sources familiar with the investigation revealed that Akira operators exfiltrated sensitive files before deploying ransomware payloads. The gang left ransom notes on compromised systems, though Hitachi has not publicly disclosed whether it intends to negotiate. Cybersecurity analysts note that Akira typically demands ransoms between **$200,000 and $4 million**, adjusted to the victim’s revenue and data sensitivity. ### **Damage Control and Challenges** In its statement, Hitachi Vantara stressed its adherence to “incident response protocols” and commitment to restoring services “securely.” However, the company faces mounting challenges: 1. **Reputation Risk:** As a provider of ransomware recovery services, the breach undermines client trust. 2. **Operational Delays:** Manufacturing and support outages could delay product deliveries and contractual obligations. 3. **Regulatory Scrutiny:** Governments affected by the breach may demand audits or penalties under data protection laws like GDPR and Japan’s APPI. A spokesperson said _“We are working tirelessly with third-party experts to remediate this incident and appreciate our customers’ patience as we prioritize a secure recovery.”_ ### **Akira Ransomware Group** First observed in **March 2023**, Akira employs a double-extortion model: encrypting victims’ data while threatening to leak stolen files on its dark web portal. The group targets organizations across sectors, leveraging phishing, VPN vulnerabilities, and compromised credentials for initial access. #### **High-Profile Victims** - **Stanford University (2023):** Stolen research data auctioned for $1.3 million. - **Nissan Oceania (2024):** Production halted for 72 hours after supply chain systems were encrypted. - **European Healthcare Provider (2024):** Patient records leaked, triggering a $2.8 million payout. #### **Financial Impact** Per the FBI’s April 2024 advisory, Akira has extorted **$42 million** from over 250 victims globally. The gang’s leak site lists 300+ organizations, with recent additions including aerospace contractors and U.S. school districts. ### **Contextual Nuances: Why Hitachi?** Hitachi Vantara’s role as a backbone for government and enterprise IT infrastructure made it a lucrative target. The company manages petabytes of sensitive data, including: - **Telecommunications:** T-Mobile’s customer analytics. - **Automotive:** BMW’s autonomous driving datasets. - **National Security:** Classified projects for Asian and European governments. #### **Irony of Resilience Providers** The breach highlights a paradox: firms offering cybersecurity and recovery services are increasingly targeted to maximize disruption. In 2024, ransomware groups attacked **Kaseya**, **SolarWinds**, and **CrowdStrike**, exploiting their centralized access to client networks. #### **Geopolitical Undercurrents** While Akira’s affiliation remains unclear, its focus on Japanese and Western entities aligns with trends of state-aligned groups testing critical infrastructure resilience. Notably, Hitachi’s parent company supplies components for defense and energy sectors, adding layers of geopolitical intrigue. ### **Broader Implications** The attack exposes systemic risks in industries reliant on third-party IT providers: - **Supply Chain Domino Effect:** A single breach can paralyze clients across sectors. - **Cloud vs. On-Premises:** While Hitachi’s cloud systems were spared, the incident renews debates about hybrid infrastructure security. #### **Ransomware’s Evolution** Akira’s success reflects ransomware’s maturation into a **$30 billion annual criminal industry** (Cybersecurity Ventures, 2025). Key trends include: - **Ransomware-as-a-Service (RaaS):** Lowering barriers for entry. - **AI-Powered Attacks:** Automated phishing and vulnerability scanning. #### **Regulatory Gaps** Despite stricter laws, enforcement remains fragmented. The EU’s NIS2 Directive and U.S. Cyber Incident Reporting Act lack harmonization, enabling gangs like Akira to exploit jurisdictional ambiguities.

loading..   30-Apr-2025
loading..   4 min read
loading..

DaVita

Interlock

Interlock ransomware claims theft of 20TB from DaVita Healthcare, leaking 1.5TB ...

**Denver, CO** — Patients reliant on life-saving dialysis treatments from DaVita Healthcare Partners Inc. are confronting a new threat: the potential exposure of their sensitive personal and medical data. The Interlock ransomware group, a rising cybercriminal entity, has claimed responsibility for stealing **20 terabytes of data** from the healthcare giant, including the personal details of millions of patients. While 1.5 terabytes of this data have already been leaked on the dark web, the group is now attempting to monetize the remaining 18.5 terabytes, escalating fears of widespread identity theft, insurance fraud, and privacy violations. ### **A Timeline of Events** The cyberattack unfolded on **April 12, 2025**, when Interlock infiltrated DaVita’s systems, encrypting critical infrastructure and disrupting internal operations. DaVita, which operates over **3,000 outpatient dialysis centers globally** and serves approximately **281,100 patients**, promptly notified the U.S. Securities and Exchange Commission (SEC) but withheld specifics to avoid compromising its investigation. The disclosure triggered a **3% drop in DaVita’s stock price**, reflecting investor anxiety over the breach’s financial and reputational fallout. By early May, Interlock began leaking stolen data on its dark web portal, including patient names, Social Security numbers, medical histories, and treatment records. Screenshots reviewed by *Hackread.com* confirm the authenticity of some posted files, though DaVita has yet to verify the full extent of the breach. _“We are disappointed in these actions against the healthcare community and will continue working to defend against such attacks,”_ a DaVita spokesperson said, emphasizing efforts to safeguard patient care continuity. --- ### **Interlock’s Growing Threat to Healthcare** Emerging in **October 2024**, Interlock has rapidly gained notoriety for high-impact ransomware campaigns. The group employs a double-extortion model: encrypting victims’ systems and exfiltrating data to pressure organizations into paying ransoms. According to **Paul Bischoff, Consumer Privacy Advocate at Comparitech**, Interlock has executed **13 confirmed attacks** and claims **17 U.S. healthcare breaches in 2025 alone**. _“Healthcare providers are prime targets due to the critical nature of their services and the sensitivity of patient data,”_ Bischoff told *Hackread.com*. _“Attacks like DaVita’s can paralyze operations and leave victims vulnerable to exploitation for years.”_ Interlock’s prior targets include the **Texas Tech University Health Sciences Center**, where a 2024 breach compromised records of **530,000 individuals**. The group’s escalating activity mirrors a broader crisis: **25.7 million patient records** were exposed in **160 healthcare ransomware incidents** in 2024, per Comparitech data. --- ### **Patient Risks and Industry Implications** The DaVita breach poses dire risks for patients, particularly those undergoing dialysis—a lifeline for individuals with end-stage renal disease. Leaked data could enable: - **Medical identity theft**: Fraudulent insurance claims or prescription fraud. - **Targeted phishing schemes**: Criminals posing as healthcare providers. - **Discrimination**: Exploitation of sensitive health conditions in employment or insurance contexts. Cybersecurity experts warn that even partial data leaks can have cascading consequences. “Once data is on the dark web, it’s nearly impossible to retract,” Bischoff noted. “Victims must monitor their accounts indefinitely.” --- ### **DaVita’s Response and Regulatory Scrutiny** DaVita has activated incident response protocols, including third-party cybersecurity audits and patient notification systems. However, the company faces mounting scrutiny over its data protection practices. Under the **Health Insurance Portability and Accountability Act (HIPAA)**, healthcare providers must implement safeguards against cyber threats—a standard critics argue DaVita failed to meet. The breach also reignites debates about ransomware payments. While DaVita has not confirmed whether it negotiated with Interlock, the FBI discourages payments, arguing they incentivize further attacks. As DaVita races to contain the fallout, the Interlock breach serves as a grim reminder: in an era of escalating cyber warfare, healthcare providers—and the patients who depend on them—are increasingly in the crosshairs.

loading..   26-Apr-2025
loading..   4 min read
loading..

Healthcare

Yale New Haven Health data breach exposed the personal information of 5.5M patie...

Connecticut's largest healthcare system, Yale New Haven Health System (YNHHS), has reported a significant data breach affecting approximately 5.5 million patients. The cyberattack, which occurred in March 2025, allowed unauthorized access to sensitive patient information including personal identifiers and some healthcare-related data. While the organization has implemented mitigation measures and begun notifying affected individuals, the incident has already resulted in multiple class-action lawsuits. This breach represents one of the largest healthcare data compromises reported in 2025 and highlights the persistent cybersecurity challenges facing the healthcare sector. ## Timeline and Discovery of the Breach The security incident began on March 8, 2025, when YNHHS detected unusual activity affecting its information technology systems[1][4][14]. The organization immediately took steps to contain the incident, engaging external cybersecurity experts, including Mandiant, to assist with system restoration and forensic investigation. Federal law enforcement authorities were promptly notified about the breach. On March 11, 2025, YNHHS made its first public statement about the cybersecurity incident, acknowledging system disruptions but emphasizing that patient care operations remained unaffected[1]. Approximately one month later, on April 11, 2025, the healthcare system confirmed through its investigation that the incident was indeed a data breach, revealing that an unauthorized third party had gained network access and obtained copies of certain data. The data breach was formally reported to the U.S. Department of Health and Human Services Office for Civil Rights on April 11, 2025, with documentation confirming that 5,556,702 individuals were affected. Beginning April 14, 2025, YNHHS started mailing notification letters to affected patients whose information was involved in the breach. ## Scope of the Compromised Data The investigation revealed that the unauthorized third party accessed YNHHS's network and obtained copies of sensitive patient information[4]. The compromised data varied by individual but potentially included several categories of personally identifiable information and limited healthcare-related data. The types of data exposed in the breach include: - Full names - Dates of birth - Home addresses - Telephone numbers - Email addresses - Race/ethnicity information - Social Security numbers - Patient type classifications - Medical record numbers ImportSignificantly, YNHHS has clarified that specific categories of sensitive information were not compromised in the breach. The organization's statement emphasized that electronic medical records and treatment information were not accessed during the incident. Additionally, financial account details and payment information were also confirmed not to be part of the exposed data. ## YNHHS Response and Mitigation Efforts Yale New Haven Health System implemented a multi-faceted response to contain the breach and mitigate potential harm to affected individuals. Upon detecting the unauthorized activity, the organization immediately engaged cybersecurity firm Mandiant to assist with system restoration and conduct a thorough forensic investigation. The healthcare system also reported the incident to law enforcement authorities, who initiated an ongoing investigation. In accordance with federal regulations, YNHHS began sending notification letters to affected patients on April 14, 2025[1][4]. In a statement on its website, the organization noted: "YNHHS considers the health, safety, and privacy of patients our top priority. We are continuously updating and enhancing our systems to protect the data we maintain and to help prevent events such as this from occurring in the future". For patients whose Social Security numbers were exposed in the breach, YNHHS is offering complimentary credit monitoring and identity protection services. When contacted by media outlets, YNHHS Director of Public Relations Dana Marnane stated that the health system takes its "responsibility to safeguard patient information incredibly seriously"[10]. When pressed by TechCrunch about whether the incident was ransomware-related, Marnane did not dispute this characterization, noting that "the sophistication of the attack leads us to believe that it was executed by an individual or group who has a pattern of these types of incidents"[query]. ## Legal and Regulatory Implications The data breach has promptly triggered legal action, with at least eight federal lawsuits filed against YNHHS as of late April 2025[10]. These class-action complaints allege that the healthcare system failed to adequately protect patients' personally identifiable and health information, particularly sensitive data like Social Security numbers and medical record numbers. The lawsuits further claim that YNHHS delayed clearly notifying affected patients, potentially hindering their ability to take timely protective measures[10]. Plaintiffs are seeking various remedies, including financial damages, free lifetime identity protection services, and comprehensive improvements to the health system's cybersecurity practices[10]. One complaint specifically alleges that YNHHS failed to implement basic security protections such as file encryption, proper employee training on data security, and multi-factor authentication[10]. Another lawsuit claims that patients now face "a lifetime risk of identity theft due to the nature of the information lost, which they cannot change and which cannot be made private again"[10]. Some plaintiffs have reported experiencing an increase in spam calls and phishing attempts since the incident, suggesting that their information may already be circulating in illicit channels[10]. Law firm Levi & Korsinsky, investigating the breach, noted that it exemplifies insufficient data protections in a sector handling highly sensitive personal information[10]. ## Context of Healthcare Data Breaches The YNHHS breach occurs amid a concerning pattern of data security incidents within the healthcare sector. Just days before this breach was publicly confirmed, Blue Shield of California disclosed that it had inadvertently exposed protected health information of 4.7 million members to Google's analytics and advertisement platforms between April 2021 and January 2024[8][11]. Unlike the apparent malicious attack on YNHHS, the Blue Shield incident resulted from a misconfiguration of Google Analytics that allowed sensitive data to be shared with Google Ads[8]. Earlier in 2025, UK healthcare provider HCRG Care Group confirmed it was investigating a cybersecurity incident after the Medusa ransomware group claimed to have stolen more than two terabytes of sensitive data from the company[3]. In that case, the ransomware group threatened to publish the allegedly stolen data unless HCRG paid a $2 million ransom demand[3]. The healthcare sector remains particularly vulnerable to cyberattacks due to the high value of medical data on illicit markets and the critical nature of healthcare operations that creates pressure to resolve disruptions quickly. According to cybersecurity experts, about 83% of organizations admit to paying hackers following a ransomware attack, with more than half paying at least $100,000[7]. However, paying ransoms carries significant risks-80% of ransomware victims who paid were subsequently targeted again, often with higher ransom demands[7]. As of the reporting date, no major ransomware group has publicly claimed responsibility for the YNHHS attack[1]. However, the spokesperson's comments about the "sophistication of the attack" and reference to attackers with "a pattern of these types of incidents" suggest potential ransomware involvement, though the healthcare provider has declined to confirm whether it received any ransom demands[query]. ## Conclusion The Yale New Haven Health System data breach represents one of the most significant healthcare security incidents of 2025, affecting approximately 5.5 million patients. While the organization acted quickly to contain the breach and has begun offering protective services to those with exposed Social Security numbers, the incident has already generated multiple lawsuits and raised serious questions about data security practices within the healthcare sector. For affected individuals, the breach creates potential long-term risks of identity theft and fraud, particularly concerning given the sensitive nature of the exposed information. Patients whose data was compromised should carefully monitor their credit reports and financial accounts for suspicious activity, consider accepting the offered credit monitoring services, and remain vigilant against potential phishing attempts that might leverage the stolen information. The incident underscores the persistent and evolving cybersecurity challenges facing healthcare organizations, which must balance operational demands with the need to protect vast amounts of sensitive patient information. As investigations continue and legal proceedings advance, this breach will likely influence healthcare security practices and potentially shape regulatory approaches to data protection in the healthcare sector. Citations: [1] https://www.bleepingcomputer.com/news/security/yale-new-haven-health-data-breach-affects-55-million-patients/ [2] https://www.govinfosecurity.com/yale-new-haven-health-notifying-55-million-march-hack-a-28081 [3] https://techcrunch.com/2025/02/20/uk-healthcare-giant-hcrg-confirms-hack-after-ransomware-gang-claims-theft-of-sensitive-data/ [4] https://www.pymnts.com/cybersecurity/2025/yale-new-haven-health-system-reports-data-breach-affecting-5-5-million-patients/ [5] https://www.techtarget.com/healthtechsecurity/news/366623025/Yale-New-Haven-Health-notifies-nearly-56M-people-of-breach [6] https://www.hartfordbusiness.com/article/federal-judge-oks-1m-settlement-in-ynhh-retirement-fee-lawsuit [7] https://techcrunch.com/2023/10/31/ransomware-victims-paying-hackers-ransom/ [8] https://www.bleepingcomputer.com/news/security/blue-shield-of-california-leaked-health-data-of-47-million-members-to-google/ [9] https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf [10] https://yaledailynews.com/blog/2025/04/25/patients-sue-ynhh-after-cyberattack-compromises-health-data/ [11] https://techcrunch.com/2025/04/25/data-breach-at-connecticut-yale-new-haven-health-affects-over-5-million/ [12] https://yaledailynews.com/blog/2025/02/12/ynhh-systematically-underpaid-employees-lawsuit-alleges/ [13] https://www.hhs.gov/sites/default/files/new-haven-resolution-agreement-corrective-action-plan.pdf [14] https://www.ynhhs.org/legal-notices [15] https://aspe.hhs.gov/sites/default/files/private/pdf/77196/rpt_Disclosure.pdf [16] https://www.ynhhs.org/policies [17] https://www.techmonitor.ai/technology/cybersecurity/ynhhs-cyberattack-data-5-5-million-patients [18] https://patch.com/connecticut/across-ct/details-emerge-number-patients-impacted-yale-data-breach [19] https://www.digitalhealthnews.com/yale-new-haven-health-breach-exposes-data-of-5-5-mn-patients [20] https://www.ynhhs.org/policies [21] https://yaledailynews.com/blog/2023/10/13/following-cyberattack-yale-new-haven-health-asks-for-state-aid-lowered-price-to-aquire-connecticut-hospitals/ [22] https://www.bankinfosecurity.com/yale-new-haven-health-notifying-55-million-march-hack-a-28081 [23] https://ssojet.com/blog/yale-new-haven-health-data-breach-impacts-over-55-million-patients/ [24] https://www.ynhhs.org/news/yale-new-haven-health-notifies-patients-of-data-security-incident [25] https://yalehealth.yale.edu/nondiscrimination-notice [26] https://ctmirror.org/2024/01/04/ct-welltok-data-breach-ynhh/ [27] https://www.securityweek.com/5-5-million-patients-affected-by-data-breach-at-yale-new-haven-health/ [28] https://lifehacker.com/tech/yale-new-haven-health-data-breach [29] https://www.ctpost.com/business/article/yale-new-haven-health-data-breach-20292710.php [30] https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf [31] https://www.hipaajournal.com/yale-new-haven-health-system-data-breach/ [32] https://www.malwarebytes.com/blog/news/2025/04/4-7-million-customers-data-accidentally-leaked-to-google-by-blue-shield-of-california [33] https://www.ynhhs.org [34] https://news.bloomberglaw.com/daily-labor-report/yale-new-haven-health-system-hit-with-wages-hours-class-action?context=search&index=7 [35] https://www.beckershospitalreview.com/cybersecurity/yale-new-haven-seeks-price-reduction-in-hospital-acquisition-amidst-cyberattack-fallout.html [36] https://www.techtarget.com/healthtechsecurity/news/366623133/Blue-Shield-of-California-Data-of-millions-shared-with-Google [37] https://www.ynhh.org/patients-visitors/patient-rights-responsibilities [38] https://yaledailynews.com/blog/2025/04/25/patients-sue-ynhh-after-cyberattack-compromises-health-data/ [39] https://techcrunch.com/2025/04/25/data-breach-at-connecticut-yale-new-haven-health-affects-over-5-million/ [40] https://www.securityweek.com/blue-shield-of-california-data-breach-impacts-4-7-million-people/ [41] https://aspe.hhs.gov/reports/records-computers-rights-citizens [42] https://www.nbcconnecticut.com/news/local/yale-new-haven-health-investigating-cybersecurity-incident-affecting-it-services/3517226/ [43] https://www.ctinsider.com/business/article/yale-new-haven-health-data-breach-20292710.php [44] https://www.hartfordbusiness.com/article/yale-new-haven-health-faces-lawsuits-over-data-breach-health-system-discloses-more-details [45] https://www.bleepingcomputer.com/news/security/yale-new-haven-health-data-breach-affects-55-million-patients/ [46] https://medicalbuyer.co.in/ynhhs-pmh-locked-in-legal-battle-over-435m-hospital-deal/ [47] https://www.lmhospital.org/news/yale-new-haven-health-notifies-patients-of-data-security-incident [48] https://www.tradingview.com/news/reuters.com,2025-04-17:newsml_GNXc7h6Z4:0-lynch-carpenter-investigates-claims-in-yale-new-haven-health-systems-data-breach/ [49] https://techcrunch.com/2025/02/20/uk-healthcare-giant-hcrg-confirms-hack-after-ransomware-gang-claims-theft-of-sensitive-data/ [50] https://www.hhs.gov/sites/default/files/fy-2018-foia-log.xlsx [51] https://www.pymnts.com/cybersecurity/2025/yale-new-haven-health-system-reports-data-breach-affecting-5-5-million-patients/ --- Answer from Perplexity: pplx.ai/share

loading..   26-Apr-2025
loading..   11 min read
Company Logo
logo

Secure Blink automates the web application and API security for developers and security teams, helping them to rapidly identify and mitigate vulnerabilities more effectively than they can today.

Find Us Online

LinkedIn Logo
Twitter Logo
Discord Logo
Telegram Logo
YouTube Logo
contact@secureblink.com

contact@secureblink.com

@ Copyright 2025 Secure Blink. All rights reserved.

16192, Coastal Highway, Lewes, Delaware, US-19958