All CosmicBytez Labs articles tagged #Healthcare, across news, security advisories, how-to guides, and projects.
A SQL injection vulnerability in SourceCodester Hospitals Patient Records Management System 1.0 allows remote attackers to extract database contents by manipulating the ID parameter in the user delete endpoint.
A SQL injection vulnerability in SourceCodester Hospitals Patient Records Management System 1.0 enables remote attackers to extract database contents by manipulating the ID parameter in the user save endpoint.
California Attorney General Rob Bonta filed a lawsuit against 23andMe — now Chrome Holding Co. — over its failure to protect millions of customers'...
Radiology Associates of Richmond has disclosed a cyberattack in which threat actors stole files containing names and protected health information belonging to.
An unnamed oncology institute has disclosed a data breach originating from a third-party vendor compromise, with TriZetto cited as one possible candidate.
The 2026 Verizon Data Breach Investigations Report highlights how evolving social engineering tactics are making the healthcare sector more vulnerable,...
Multiple healthcare data breaches impacting hundreds of thousands to millions of individuals have been added to the HHS breach tracker, continuing a...
A high-severity SQL injection vulnerability (CVE-2026-8785, CVSS 7.3) has been disclosed in projectworlds Hospital Management System in PHP 1.0, allowing...
A critical unsandboxed Apache Velocity template injection vulnerability in OpenMRS Core allows authenticated attackers to execute arbitrary code on the...
Telehealth platform OpenLoop Health has disclosed that a January 2026 cyberattack resulted in the exfiltration of personal information belonging to...
West Pharmaceutical Services, a global manufacturer of drug delivery systems and packaging, has taken systems offline worldwide after hackers exfiltrated...
West Pharmaceutical Services filed an SEC disclosure warning that hackers breached the company on May 4, stole data, and encrypted systems — forcing a...
Security researchers using AI-assisted analysis discovered 38 vulnerabilities in OpenEMR, an open-source electronic health record platform used by more...
Moldova's national health insurance agency CNAM has disclosed a cyberattack that occurred several weeks ago, with technical assessments indicating a...
Healthcare organization took nearly one year to publicly disclose a data breach after being targeted by Inc Ransom ransomware, with approximately 170,000...
Medical device giant Medtronic has confirmed a data breach after the ShinyHunters cybercrime group claimed to have stolen records belonging to 9 million...
ShinyHunters hits Medtronic and ADT in the same week, exposing millions of records; a critical one-push RCE lands in GitHub; LiteLLM's pre-auth SQL...
Medical device giant Medtronic has disclosed a data breach after hackers claimed to have stolen data from 9 million individuals across the company's...
More than 18 months after a ransomware attack crippled hospitals in South East London, at least one NHS trust is still operating without fully restored...
Multiple vulnerabilities in the widely-used Orthanc open-source DICOM server expose medical imaging systems to denial-of-service, information disclosure,...
A ransomware attack on Dutch healthcare software vendor ChipSoft has forced hospitals and patients across the Netherlands offline, disrupting the HiX...
ShinyHunters exploited compromised Okta SSO credentials to breach the Hims & Hers Zendesk customer support platform, exposing treatment category data for...
Dutch healthcare software vendor ChipSoft has been struck by a ransomware attack, forcing the company to take its website and digital patient services...
SecurityWeek reports that the Medusa ransomware group has developed a dangerous capability: rapidly weaponizing newly disclosed vulnerabilities —...
Microsoft has raised the alarm over Medusa ransomware's unprecedented operational speed, with the group now exploiting zero-day vulnerabilities before...
Microsoft warns that Medusa ransomware operators are exploiting zero-day vulnerabilities approximately one week before public disclosure, enabling the...
Telehealth giant Hims & Hers Health is warning customers of a data breach after support tickets were stolen from a third-party customer service platform,...
Nacogdoches Memorial Hospital in Texas has disclosed a January 2026 data breach in which a threat actor accessed its internal network and stole personal...
The Axios npm library was weaponized to deliver a cross-platform RAT; Anthropic accidentally leaked Claude Code's CLI source in an npm package; Google...
CareCloud has notified the U.S. Securities and Exchange Commission of a cyberattack that may have resulted in the unauthorized access and potential...
Healthcare IT company CareCloud has disclosed a cyberattack that resulted in the theft of sensitive patient data and caused an eight-hour network outage,...
QualDerm Partners, a national dermatology network operating 158 practices across 17 states, disclosed a December 2025 data breach that exposed the medical...
A cyberattack on French healthcare software vendor Cegedim Santé exposed 15.8 million patient records from 3,800 doctors, with leaked data including...
Former incident responder Ryan Goldberg and ransomware negotiator Kevin Martin admitted to running ALPHV/BlackCat ransomware operations against five US...
Navia Benefit Solutions has confirmed a data breach that exposed personal and health plan information belonging to approximately 2.7 million individuals,...
Navia Benefit Solutions has notified nearly 2.7 million individuals of a data breach that exposed sensitive personal and health-related information to...
OpenEMR versions prior to 8.0.0.2 contain a CVSS 9.1 command injection vulnerability in the backup functionality. Authenticated attackers with high...
TriZetto Provider Solutions, a Cognizant subsidiary serving 875,000 US healthcare providers, has confirmed a 2024 cyberattack went undetected for nearly a...
An incident response manager and a ransomware negotiator face up to 20 years after admitting to conducting BlackCat (ALPHV) ransomware attacks against...
A ransomware attack detected February 19 has taken down UMMC's EPIC EMR system and forced all 35 health clinics across Mississippi to close, canceling...
The January 2025 ransomware attack on government technology giant Conduent continues to expand in scope, now confirmed to affect 15.4 million in Texas and...
With 91 publicly disclosed ransomware attacks in January 2026 alone, the ransomware landscape is shifting toward data-only extortion while healthcare...
Government technology provider Conduent's January 2025 ransomware breach now confirmed to affect at least 15.4 million people in Texas alone, with 8TB of...
Ransomware attacks against healthcare organizations have increased 67% in the first month of 2026, with multiple hospital systems reporting service disruptions.
Qilin ransomware group claims responsibility for massive healthcare breach, stealing 850GB of sensitive patient data across multiple states. Initial...