company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Securitybreach

loading..
loading..
loading..

Hacker Broke Into Florida's Treatment System And Tried To Poison It With Lye

A hacker infiltrated the computer system at the Oldsmar, Florida water treatment facility on February 5 and attempted to poison the water treatment facility wit...

10-Feb-2021
3 min read

No content available.

Related Articles

loading..

DaVita

Interlock

Interlock ransomware claims theft of 20TB from DaVita Healthcare, leaking 1.5TB ...

**Denver, CO** — Patients reliant on life-saving dialysis treatments from DaVita Healthcare Partners Inc. are confronting a new threat: the potential exposure of their sensitive personal and medical data. The Interlock ransomware group, a rising cybercriminal entity, has claimed responsibility for stealing **20 terabytes of data** from the healthcare giant, including the personal details of millions of patients. While 1.5 terabytes of this data have already been leaked on the dark web, the group is now attempting to monetize the remaining 18.5 terabytes, escalating fears of widespread identity theft, insurance fraud, and privacy violations. ### **A Timeline of Events** The cyberattack unfolded on **April 12, 2025**, when Interlock infiltrated DaVita’s systems, encrypting critical infrastructure and disrupting internal operations. DaVita, which operates over **3,000 outpatient dialysis centers globally** and serves approximately **281,100 patients**, promptly notified the U.S. Securities and Exchange Commission (SEC) but withheld specifics to avoid compromising its investigation. The disclosure triggered a **3% drop in DaVita’s stock price**, reflecting investor anxiety over the breach’s financial and reputational fallout. By early May, Interlock began leaking stolen data on its dark web portal, including patient names, Social Security numbers, medical histories, and treatment records. Screenshots reviewed by *Hackread.com* confirm the authenticity of some posted files, though DaVita has yet to verify the full extent of the breach. _“We are disappointed in these actions against the healthcare community and will continue working to defend against such attacks,”_ a DaVita spokesperson said, emphasizing efforts to safeguard patient care continuity. --- ### **Interlock’s Growing Threat to Healthcare** Emerging in **October 2024**, Interlock has rapidly gained notoriety for high-impact ransomware campaigns. The group employs a double-extortion model: encrypting victims’ systems and exfiltrating data to pressure organizations into paying ransoms. According to **Paul Bischoff, Consumer Privacy Advocate at Comparitech**, Interlock has executed **13 confirmed attacks** and claims **17 U.S. healthcare breaches in 2025 alone**. _“Healthcare providers are prime targets due to the critical nature of their services and the sensitivity of patient data,”_ Bischoff told *Hackread.com*. _“Attacks like DaVita’s can paralyze operations and leave victims vulnerable to exploitation for years.”_ Interlock’s prior targets include the **Texas Tech University Health Sciences Center**, where a 2024 breach compromised records of **530,000 individuals**. The group’s escalating activity mirrors a broader crisis: **25.7 million patient records** were exposed in **160 healthcare ransomware incidents** in 2024, per Comparitech data. --- ### **Patient Risks and Industry Implications** The DaVita breach poses dire risks for patients, particularly those undergoing dialysis—a lifeline for individuals with end-stage renal disease. Leaked data could enable: - **Medical identity theft**: Fraudulent insurance claims or prescription fraud. - **Targeted phishing schemes**: Criminals posing as healthcare providers. - **Discrimination**: Exploitation of sensitive health conditions in employment or insurance contexts. Cybersecurity experts warn that even partial data leaks can have cascading consequences. “Once data is on the dark web, it’s nearly impossible to retract,” Bischoff noted. “Victims must monitor their accounts indefinitely.” --- ### **DaVita’s Response and Regulatory Scrutiny** DaVita has activated incident response protocols, including third-party cybersecurity audits and patient notification systems. However, the company faces mounting scrutiny over its data protection practices. Under the **Health Insurance Portability and Accountability Act (HIPAA)**, healthcare providers must implement safeguards against cyber threats—a standard critics argue DaVita failed to meet. The breach also reignites debates about ransomware payments. While DaVita has not confirmed whether it negotiated with Interlock, the FBI discourages payments, arguing they incentivize further attacks. As DaVita races to contain the fallout, the Interlock breach serves as a grim reminder: in an era of escalating cyber warfare, healthcare providers—and the patients who depend on them—are increasingly in the crosshairs.

loading..   26-Apr-2025
loading..   4 min read
loading..

Healthcare

Yale New Haven Health data breach exposed the personal information of 5.5M patie...

Connecticut's largest healthcare system, Yale New Haven Health System (YNHHS), has reported a significant data breach affecting approximately 5.5 million patients. The cyberattack, which occurred in March 2025, allowed unauthorized access to sensitive patient information including personal identifiers and some healthcare-related data. While the organization has implemented mitigation measures and begun notifying affected individuals, the incident has already resulted in multiple class-action lawsuits. This breach represents one of the largest healthcare data compromises reported in 2025 and highlights the persistent cybersecurity challenges facing the healthcare sector. ## Timeline and Discovery of the Breach The security incident began on March 8, 2025, when YNHHS detected unusual activity affecting its information technology systems[1][4][14]. The organization immediately took steps to contain the incident, engaging external cybersecurity experts, including Mandiant, to assist with system restoration and forensic investigation. Federal law enforcement authorities were promptly notified about the breach. On March 11, 2025, YNHHS made its first public statement about the cybersecurity incident, acknowledging system disruptions but emphasizing that patient care operations remained unaffected[1]. Approximately one month later, on April 11, 2025, the healthcare system confirmed through its investigation that the incident was indeed a data breach, revealing that an unauthorized third party had gained network access and obtained copies of certain data. The data breach was formally reported to the U.S. Department of Health and Human Services Office for Civil Rights on April 11, 2025, with documentation confirming that 5,556,702 individuals were affected. Beginning April 14, 2025, YNHHS started mailing notification letters to affected patients whose information was involved in the breach. ## Scope of the Compromised Data The investigation revealed that the unauthorized third party accessed YNHHS's network and obtained copies of sensitive patient information[4]. The compromised data varied by individual but potentially included several categories of personally identifiable information and limited healthcare-related data. The types of data exposed in the breach include: - Full names - Dates of birth - Home addresses - Telephone numbers - Email addresses - Race/ethnicity information - Social Security numbers - Patient type classifications - Medical record numbers ImportSignificantly, YNHHS has clarified that specific categories of sensitive information were not compromised in the breach. The organization's statement emphasized that electronic medical records and treatment information were not accessed during the incident. Additionally, financial account details and payment information were also confirmed not to be part of the exposed data. ## YNHHS Response and Mitigation Efforts Yale New Haven Health System implemented a multi-faceted response to contain the breach and mitigate potential harm to affected individuals. Upon detecting the unauthorized activity, the organization immediately engaged cybersecurity firm Mandiant to assist with system restoration and conduct a thorough forensic investigation. The healthcare system also reported the incident to law enforcement authorities, who initiated an ongoing investigation. In accordance with federal regulations, YNHHS began sending notification letters to affected patients on April 14, 2025[1][4]. In a statement on its website, the organization noted: "YNHHS considers the health, safety, and privacy of patients our top priority. We are continuously updating and enhancing our systems to protect the data we maintain and to help prevent events such as this from occurring in the future". For patients whose Social Security numbers were exposed in the breach, YNHHS is offering complimentary credit monitoring and identity protection services. When contacted by media outlets, YNHHS Director of Public Relations Dana Marnane stated that the health system takes its "responsibility to safeguard patient information incredibly seriously"[10]. When pressed by TechCrunch about whether the incident was ransomware-related, Marnane did not dispute this characterization, noting that "the sophistication of the attack leads us to believe that it was executed by an individual or group who has a pattern of these types of incidents"[query]. ## Legal and Regulatory Implications The data breach has promptly triggered legal action, with at least eight federal lawsuits filed against YNHHS as of late April 2025[10]. These class-action complaints allege that the healthcare system failed to adequately protect patients' personally identifiable and health information, particularly sensitive data like Social Security numbers and medical record numbers. The lawsuits further claim that YNHHS delayed clearly notifying affected patients, potentially hindering their ability to take timely protective measures[10]. Plaintiffs are seeking various remedies, including financial damages, free lifetime identity protection services, and comprehensive improvements to the health system's cybersecurity practices[10]. One complaint specifically alleges that YNHHS failed to implement basic security protections such as file encryption, proper employee training on data security, and multi-factor authentication[10]. Another lawsuit claims that patients now face "a lifetime risk of identity theft due to the nature of the information lost, which they cannot change and which cannot be made private again"[10]. Some plaintiffs have reported experiencing an increase in spam calls and phishing attempts since the incident, suggesting that their information may already be circulating in illicit channels[10]. Law firm Levi & Korsinsky, investigating the breach, noted that it exemplifies insufficient data protections in a sector handling highly sensitive personal information[10]. ## Context of Healthcare Data Breaches The YNHHS breach occurs amid a concerning pattern of data security incidents within the healthcare sector. Just days before this breach was publicly confirmed, Blue Shield of California disclosed that it had inadvertently exposed protected health information of 4.7 million members to Google's analytics and advertisement platforms between April 2021 and January 2024[8][11]. Unlike the apparent malicious attack on YNHHS, the Blue Shield incident resulted from a misconfiguration of Google Analytics that allowed sensitive data to be shared with Google Ads[8]. Earlier in 2025, UK healthcare provider HCRG Care Group confirmed it was investigating a cybersecurity incident after the Medusa ransomware group claimed to have stolen more than two terabytes of sensitive data from the company[3]. In that case, the ransomware group threatened to publish the allegedly stolen data unless HCRG paid a $2 million ransom demand[3]. The healthcare sector remains particularly vulnerable to cyberattacks due to the high value of medical data on illicit markets and the critical nature of healthcare operations that creates pressure to resolve disruptions quickly. According to cybersecurity experts, about 83% of organizations admit to paying hackers following a ransomware attack, with more than half paying at least $100,000[7]. However, paying ransoms carries significant risks-80% of ransomware victims who paid were subsequently targeted again, often with higher ransom demands[7]. As of the reporting date, no major ransomware group has publicly claimed responsibility for the YNHHS attack[1]. However, the spokesperson's comments about the "sophistication of the attack" and reference to attackers with "a pattern of these types of incidents" suggest potential ransomware involvement, though the healthcare provider has declined to confirm whether it received any ransom demands[query]. ## Conclusion The Yale New Haven Health System data breach represents one of the most significant healthcare security incidents of 2025, affecting approximately 5.5 million patients. While the organization acted quickly to contain the breach and has begun offering protective services to those with exposed Social Security numbers, the incident has already generated multiple lawsuits and raised serious questions about data security practices within the healthcare sector. For affected individuals, the breach creates potential long-term risks of identity theft and fraud, particularly concerning given the sensitive nature of the exposed information. Patients whose data was compromised should carefully monitor their credit reports and financial accounts for suspicious activity, consider accepting the offered credit monitoring services, and remain vigilant against potential phishing attempts that might leverage the stolen information. The incident underscores the persistent and evolving cybersecurity challenges facing healthcare organizations, which must balance operational demands with the need to protect vast amounts of sensitive patient information. As investigations continue and legal proceedings advance, this breach will likely influence healthcare security practices and potentially shape regulatory approaches to data protection in the healthcare sector. Citations: [1] https://www.bleepingcomputer.com/news/security/yale-new-haven-health-data-breach-affects-55-million-patients/ [2] https://www.govinfosecurity.com/yale-new-haven-health-notifying-55-million-march-hack-a-28081 [3] https://techcrunch.com/2025/02/20/uk-healthcare-giant-hcrg-confirms-hack-after-ransomware-gang-claims-theft-of-sensitive-data/ [4] https://www.pymnts.com/cybersecurity/2025/yale-new-haven-health-system-reports-data-breach-affecting-5-5-million-patients/ [5] https://www.techtarget.com/healthtechsecurity/news/366623025/Yale-New-Haven-Health-notifies-nearly-56M-people-of-breach [6] https://www.hartfordbusiness.com/article/federal-judge-oks-1m-settlement-in-ynhh-retirement-fee-lawsuit [7] https://techcrunch.com/2023/10/31/ransomware-victims-paying-hackers-ransom/ [8] https://www.bleepingcomputer.com/news/security/blue-shield-of-california-leaked-health-data-of-47-million-members-to-google/ [9] https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf [10] https://yaledailynews.com/blog/2025/04/25/patients-sue-ynhh-after-cyberattack-compromises-health-data/ [11] https://techcrunch.com/2025/04/25/data-breach-at-connecticut-yale-new-haven-health-affects-over-5-million/ [12] https://yaledailynews.com/blog/2025/02/12/ynhh-systematically-underpaid-employees-lawsuit-alleges/ [13] https://www.hhs.gov/sites/default/files/new-haven-resolution-agreement-corrective-action-plan.pdf [14] https://www.ynhhs.org/legal-notices [15] https://aspe.hhs.gov/sites/default/files/private/pdf/77196/rpt_Disclosure.pdf [16] https://www.ynhhs.org/policies [17] https://www.techmonitor.ai/technology/cybersecurity/ynhhs-cyberattack-data-5-5-million-patients [18] https://patch.com/connecticut/across-ct/details-emerge-number-patients-impacted-yale-data-breach [19] https://www.digitalhealthnews.com/yale-new-haven-health-breach-exposes-data-of-5-5-mn-patients [20] https://www.ynhhs.org/policies [21] https://yaledailynews.com/blog/2023/10/13/following-cyberattack-yale-new-haven-health-asks-for-state-aid-lowered-price-to-aquire-connecticut-hospitals/ [22] https://www.bankinfosecurity.com/yale-new-haven-health-notifying-55-million-march-hack-a-28081 [23] https://ssojet.com/blog/yale-new-haven-health-data-breach-impacts-over-55-million-patients/ [24] https://www.ynhhs.org/news/yale-new-haven-health-notifies-patients-of-data-security-incident [25] https://yalehealth.yale.edu/nondiscrimination-notice [26] https://ctmirror.org/2024/01/04/ct-welltok-data-breach-ynhh/ [27] https://www.securityweek.com/5-5-million-patients-affected-by-data-breach-at-yale-new-haven-health/ [28] https://lifehacker.com/tech/yale-new-haven-health-data-breach [29] https://www.ctpost.com/business/article/yale-new-haven-health-data-breach-20292710.php [30] https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf [31] https://www.hipaajournal.com/yale-new-haven-health-system-data-breach/ [32] https://www.malwarebytes.com/blog/news/2025/04/4-7-million-customers-data-accidentally-leaked-to-google-by-blue-shield-of-california [33] https://www.ynhhs.org [34] https://news.bloomberglaw.com/daily-labor-report/yale-new-haven-health-system-hit-with-wages-hours-class-action?context=search&index=7 [35] https://www.beckershospitalreview.com/cybersecurity/yale-new-haven-seeks-price-reduction-in-hospital-acquisition-amidst-cyberattack-fallout.html [36] https://www.techtarget.com/healthtechsecurity/news/366623133/Blue-Shield-of-California-Data-of-millions-shared-with-Google [37] https://www.ynhh.org/patients-visitors/patient-rights-responsibilities [38] https://yaledailynews.com/blog/2025/04/25/patients-sue-ynhh-after-cyberattack-compromises-health-data/ [39] https://techcrunch.com/2025/04/25/data-breach-at-connecticut-yale-new-haven-health-affects-over-5-million/ [40] https://www.securityweek.com/blue-shield-of-california-data-breach-impacts-4-7-million-people/ [41] https://aspe.hhs.gov/reports/records-computers-rights-citizens [42] https://www.nbcconnecticut.com/news/local/yale-new-haven-health-investigating-cybersecurity-incident-affecting-it-services/3517226/ [43] https://www.ctinsider.com/business/article/yale-new-haven-health-data-breach-20292710.php [44] https://www.hartfordbusiness.com/article/yale-new-haven-health-faces-lawsuits-over-data-breach-health-system-discloses-more-details [45] https://www.bleepingcomputer.com/news/security/yale-new-haven-health-data-breach-affects-55-million-patients/ [46] https://medicalbuyer.co.in/ynhhs-pmh-locked-in-legal-battle-over-435m-hospital-deal/ [47] https://www.lmhospital.org/news/yale-new-haven-health-notifies-patients-of-data-security-incident [48] https://www.tradingview.com/news/reuters.com,2025-04-17:newsml_GNXc7h6Z4:0-lynch-carpenter-investigates-claims-in-yale-new-haven-health-systems-data-breach/ [49] https://techcrunch.com/2025/02/20/uk-healthcare-giant-hcrg-confirms-hack-after-ransomware-gang-claims-theft-of-sensitive-data/ [50] https://www.hhs.gov/sites/default/files/fy-2018-foia-log.xlsx [51] https://www.pymnts.com/cybersecurity/2025/yale-new-haven-health-system-reports-data-breach-affecting-5-5-million-patients/ --- Answer from Perplexity: pplx.ai/share

loading..   26-Apr-2025
loading..   11 min read
loading..

Zero Day

Watering Hole

We have been tracking the latest attack campaign by the Lazarus group since last...

Lazarus Group‚ North Korea's most notorious hacking collective, has breached at least six major South Korean corporations using never-before-seen vulnerabilities in mandatory security software. Dubbed **Operation SyncHole*, the campaign exploited weaknesses in tools required for online banking and government services, marking one of the most sophisticated supply-chain attacks in recent memory. --- ## Cyber Espionage Campaign Targets Critical Industries The Lazarus Group, sanctioned by the UN for funding Pyongyang‚Äôs weapons programs, infiltrated organizations across software development, semiconductor manufacturing, telecommunications, and finance between November 2024 and February 2025. Kaspersky researchers revealed that the attackers weaponized *Cross EX* and *Innorix Agent*‚Äîtwo programs mandated by South Korean law for secure web transactions‚to hijack systems and steal sensitive data[^1]. Victims included unnamed Fortune 500 semiconductor firms and IT giants central to South Korea‚Äôs tech-dominated economy. While six companies are confirmed compromised, analysts warn the true scale is likely far greater. ‚ÄúThese tools are installed on millions of devices,‚Äù said Sojun Ryu, a Kaspersky researcher. ‚ÄúEvery user who updated their software was a potential target[^1].‚Äù --- ### Watering Hole Attacks The operation began with a **brazen manipulation of South Korean media**. Hackers compromised legitimate news websites, embedding code that redirected specific visitors to fake software download portals. One such site, *smartmanagerex[.]com*, mimicked the official Cross EX vendor, tricking users into triggering exploits[^1]. ‚ÄúImagine reading the morning news and unknowingly downloading malware,‚Äù explained a KrCERT spokesperson. ‚ÄúThe Lazarus Group profiled visitors like predators at a watering hole, striking only high-value targets[^1].‚Äù --- ### Zero-Day Exploits: The Invisible Keys to South Korea‚Äôs Networks At the campaign‚Äôs core lay two critical vulnerabilities: 1. **Cross EX Privilege Escalation**: A flaw in the widely used browser plugin allowed hackers to execute malicious code with system-level access. Researchers confirmed identical attack patterns across all victims, suggesting a single exploit chain[^1]. 2. **Innorix Agent Arbitrary File Download**: A patched but previously unknown vulnerability (KVE-2025-0014) let attackers move laterally through corporate networks, deploying backdoors on internal devices[^1]. The Lazarus Group even developed a custom tool, *Innorix Abuser*, to automate victim profiling and payload delivery. ‚ÄúThis wasn‚Äôt a smash-and-grab‚Äîit was a surgical strike,‚Äù noted Ryu. ‚ÄúThey understood South Korea‚Äôs digital infrastructure better than many local firms[^1].‚Äù --- ## Spy Tools Borrowed from Cybercrime‚Äôs Darkest Corners Operation SyncHole showcased Lazarus‚Äô rapidly evolving toolkit, blending legacy malware with cutting-edge tradecraft: ### ThreatNeedle 2.0: The Spy That Never Sleeps An upgraded version of Lazarus‚Äô signature backdoor used **Curve25519 elliptic-curve encryption** to secure communications. The malware‚Äôs ‚ÄúCore‚Äù component supported 37 commands, enabling real-time file theft, screen capture, and persistence via compromised Windows services[^1]. ### wAgent‚Äôs Crypto Twist Masquerading as *liblzma.dll*, this revamped malware employed the **GNU GMP library** for RSA encryption‚Äîa first for Lazarus. It communicated via HTTP requests disguised as routine browser traffic, complete with decoy cookies like `__Host-next-auth-token[^1]`. ### SIGNBT and COPPERHEDGE: The Cleanup Crew Later attack phases shifted to **SIGNBT 1.2** and **COPPERHEDGE**, tools optimized for evading detection. COPPERHEDGE hid configuration files in Alternate Data Streams (ADS), while SIGNBT used RSA-encrypted AES keys to cloak exfiltrated data[^1]. --- ## How Researchers Unraveled the Plot The breakthrough came from analyzing command timestamps. ‚ÄúMalware executions clustered between GMT 00:00‚Äì09:00‚ÄîPyongyang‚Äôs business hours,‚Äù revealed Ryu. This temporal footprint, paired with historic Lazarus tactics, cemented North Korean attribution[^1]. A critical error also exposed the hackers: **misused Windows commands**. ‚ÄúThey tried killing processes with `/im` instead of PID numbers,‚Äù chuckled a researcher. ‚ÄúEven elite spies get sloppy[^1].‚Äù --- ## Fallout and Future Threats While patches for Cross EX and Innorix Agent are now available, experts warn the Lazarus Group retains stolen source code. ‚ÄúMore zero-days are inevitable,‚Äù cautioned a KrCERT advisory. South Korea‚Äôs National Cyber Security Center has urged corporations to: - Audit all software dependencies - Monitor for anomalous SyncHost.exe activity - Deploy behavior-based threat detection This detects related malware as `Trojan.Win64.Lazarus` and `MEM:Trojan.Win32.SEPEH.gen`, but the Lazarus Group‚Äôs shift toward **lightweight, modular tools** poses an ongoing challenge. As Ryu grimly notes, ‚ÄúToday‚Äôs fix is tomorrow‚Äôs exploit. This war has no end[^1].‚Äù

loading..   25-Apr-2025
loading..   4 min read