Community Health Center (CHC), a leading Connecticut healthcare provider, is notifying over 1 million patients of a data breach that impacted their personal and health data. The non-profit organization provides primary medical, dental, and mental health services to more than 145,000 active patients. CHC said in a Thursday filing with Maine's attorney general that unknown attackers gained access to its network in mid-October 2024, a breach discovered more than two months later, on January 2, 2025. READ MORE...
Non-profit healthcare system NorthBay Healthcare Corporation (NorthBay Health) is notifying over 569,000 individuals that their personal information was stolen in a data breach following a ransomware attack a year ago. According to the organization, the unauthorized access to its network was identified on February 23, 2024, but the attackers had access to its systems between January 11 and April 1. READ MORE...
?The New York Blood Center (NYBC), one of the world's largest independent blood collection and distribution organizations, says a Sunday ransomware attack forced it to reschedule some appointments. NYBC collects almost 4,000 units of blood products every day and serves more than 75 million people in more than a dozen states. It also provides transfusion-related medical services to over 500 hospitals nationwide. READ MORE...
In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit - a sprawling network tied to Chinese organized crime gangs and aptly named "Funnull" - highlights a persistent whac-a-mole problem facing cloud services. READ MORE...
Broadcom has fixed five flaws, collectively deemed "high severity," in VMware's IT operations and log management tools within Cloud Foundation, including two information disclosure bugs that could lead to credential leakage under certain conditions. All five have patches available. Broadcom's security advisory doesn't note any in-the-wild exploits, yet. READ MORE...
A security issue at Chinese artificial intelligence firm DeepSeek exposed over a million lines of sensitive internal data, including user chat histories, API secrets, and backend operational details, according to research published Wednesday by cloud security firm Wiz. The exposure, discovered earlier this month, stemmed from a publicly accessible ClickHouse database linked to DeepSeek's systems. READ MORE...
Several research teams this week demonstrated jailbreaks targeting several popular AI models, including OpenAI's ChatGPT, DeepSeek, and Alibaba's Qwen. Shortly after its launch, the open source R1 model made by Chinese company DeepSeek attracted the attention of the cybersecurity industry, and researchers started finding high-impact vulnerabilities. Experts also noticed that jailbreak methods that have long been patched in other AI models still work against DeepSeek. READ MORE...
Attackers may have leveraged vulnerabilities in the SimpleHelp remote monitoring and management solution to gain initial access to healthcare organizations. On January 13, 2025, Horizon3.ai researchers revealed their discovery of three vulnerabilities affecting SimpleHelp's server component, which would allow attackers to download files from the SimpleHelp server (e.g., log and configuration files), and use access credentials extracted from config files to authenticate to the server. READ MORE...
The US Copyright Office issued AI guidance this week that declared no laws need to be clarified when it comes to protecting authorship rights of humans producing AI-assisted works. "Questions of copyrightability and AI can be resolved pursuant to existing law, without the need for legislative change," the Copyright Office said. More than 10,000 commenters weighed in on the guidance, with some hoping to convince the Copyright Office to guarantee more protections for artists. READ MORE...