The Change Healthcare data breach affecting more than 190 million patients, stands as the largest single breach ever affecting patients. Threat actors known as BlackCat (aka AlphV) had reportedly used a set of stolen credentials to remotely access the company’s systems that weren’t protected by multifactor authentication. Confronted with a massive breach, UnitedHealth decided to…
Qilin Ransomware Affiliate Panel Login Credentials Exposed Online
Kaaviya reports: A significant security breach within the Qilin ransomware operation has provided unprecedented insight into the group’s affiliate network structure and operational methods. On July 31, 2025, internal conflicts between the ransomware group and one of its affiliates led to the public exposure of sensitive operational details, marking a rare glimpse into the inner…
HCA Healthcare settled two lawsuits this week; one was over its 2023 data breach
Steve Alder reports: HCA Healthcare Inc. has agreed to settle class action litigation stemming from a July 2023 data breach that was reported to the HHS’ Office for Civil Rights as affecting 11,270,000 patients. The affected individuals had received healthcare services at HCA hospitals and doctors’ offices in 20 U.S. states. HCA Healthcare was targeted by hackers…
Highlands Oncology Group notifies 113,575 people after ransomware attack by Medusa
On August 1, Highlands Oncology Group in Arkansas notified the Maine Attorney General’s Office of a ransomware attack it discovered on June 2, when certain files and systems were inaccessible. Investigation into the incident revealed that there had been unauthorized access at times between January 21, 2025, and June 2, 2025. On June 19, the…
Oklahoma Substantially Amends Its Data Breach Notification Statute
Ashden Fein, Caleb Skeath, Micaela McMurrough, Emily Pehrsson, and Sierra Stubbs of Covington and Burling write: Oklahoma recently enacted Senate Bill 626, which substantially amends the state’s data breach notification law to broaden the scope of notification obligations and add a new regulator notification requirement along with a new “safe harbor”-style provision that provides liability protections if certain…
Hackers leak purported Aeroflot data as Russia denies breach
“Information… has not been confirmed.” — Victim “Hold my beer.” — Hacker Daryna Antoniuk reports: Hackers have leaked flight records allegedly belonging to the CEO of the Russian airline Aeroflot following a major cyberattack that grounded flights, as Moscow denies any data breach occurred. Russia’s internet watchdog Roskomnadzor said there was no confirmation that data had been leaked from…