All CosmicBytez Labs articles tagged #Healthcare, across news, security advisories, how-to guides, and projects.
Abbott Laboratories is investigating two separate cybersecurity incidents: confirmed unauthorized access to legacy Exact Sciences systems in its Cancer Diagnostics unit, and a separate claim of a breach of its LabCentral portal with extortion threats.
The WorldLeaks extortion group claims to have stolen 720 GB of data from Centers Laboratory, a healthcare testing and laboratory services provider, exposing sensitive records of over 540,000 individuals.
A major medical device manufacturer has begun notifying approximately 4 million individuals after a breach exposed sensitive data including Social...
Medtronic, the world's largest medical device maker, has notified nearly 3.8 million people after a breach linked to ShinyHunters exposed Social Security...
Healthcare device giant Medtronic is sending breach notification letters to customers after ShinyHunters gained unauthorized access to personal data held...
The INC ransomware group has risen to prominence not through exotic exploits but by relentlessly targeting sectors — particularly healthcare — where...
DragonForce hides C2 inside Microsoft Teams relay traffic; a SearchLeak attack weaponizes M365 Copilot for one-click data exfiltration; iRhythm confirms...
Digital health company iRhythm has confirmed that attackers stole data in a cyber intrusion discovered on June 8, 2026, with the threat actors demanding a...
Digital cardiac monitoring company iRhythm Holdings has disclosed a data breach in which hackers stole patients' personal and health information from...
A China-linked espionage campaign targeted exposed REDCap servers, deploying the InfiniteRed malware to steal sensitive medical research data from a North...
A bankruptcy administrator has approved a $47 million settlement fund for roughly 7 million 23andMe customers whose genetic and health data was stolen by...
Danish pharmaceutical giant Novo Nordisk, the world's largest producer of insulin, has disclosed a data breach affecting patient information from some of...
The ShinyHunters extortion group has leaked approximately 234 GB of data allegedly stolen from DentaQuest, a major dental benefits administrator serving…
Dental benefits administrator DentaQuest has disclosed a significant data breach that exposed the sensitive personal and health information of approximately…
A SQL injection vulnerability in SourceCodester Hospitals Patient Records Management System 1.0 allows remote attackers to extract database contents by…
A SQL injection vulnerability in SourceCodester Hospitals Patient Records Management System 1.0 enables remote attackers to extract database contents by…
California Attorney General Rob Bonta filed a lawsuit against 23andMe — now Chrome Holding Co. — over its failure to protect millions of customers'...
Radiology Associates of Richmond has disclosed a cyberattack in which threat actors stole files containing names and protected health information belonging to.
An unnamed oncology institute has disclosed a data breach originating from a third-party vendor compromise, with TriZetto cited as one possible candidate.
The 2026 Verizon Data Breach Investigations Report highlights how evolving social engineering tactics are making the healthcare sector more vulnerable,...
Multiple healthcare data breaches impacting hundreds of thousands to millions of individuals have been added to the HHS breach tracker, continuing a...
A high-severity SQL injection vulnerability (CVE-2026-8785, CVSS 7.3) has been disclosed in projectworlds Hospital Management System in PHP 1.0, allowing...
A critical unsandboxed Apache Velocity template injection vulnerability in OpenMRS Core allows authenticated attackers to execute arbitrary code on the...
Telehealth platform OpenLoop Health has disclosed that a January 2026 cyberattack resulted in the exfiltration of personal information belonging to...
West Pharmaceutical Services, a global manufacturer of drug delivery systems and packaging, has taken systems offline worldwide after hackers exfiltrated...
West Pharmaceutical Services filed an SEC disclosure warning that hackers breached the company on May 4, stole data, and encrypted systems — forcing a...
Security researchers using AI-assisted analysis discovered 38 vulnerabilities in OpenEMR, an open-source electronic health record platform used by more...
Moldova's national health insurance agency CNAM has disclosed a cyberattack that occurred several weeks ago, with technical assessments indicating a...
Healthcare organization took nearly one year to publicly disclose a data breach after being targeted by Inc Ransom ransomware, with approximately 170,000...
Medical device giant Medtronic has confirmed a data breach after the ShinyHunters cybercrime group claimed to have stolen records belonging to 9 million...
ShinyHunters hits Medtronic and ADT in the same week, exposing millions of records; a critical one-push RCE lands in GitHub; LiteLLM's pre-auth SQL...
Medical device giant Medtronic has disclosed a data breach after hackers claimed to have stolen data from 9 million individuals across the company's...
More than 18 months after a ransomware attack crippled hospitals in South East London, at least one NHS trust is still operating without fully restored...
Multiple vulnerabilities in the widely-used Orthanc open-source DICOM server expose medical imaging systems to denial-of-service, information disclosure,...
A ransomware attack on Dutch healthcare software vendor ChipSoft has forced hospitals and patients across the Netherlands offline, disrupting the HiX...
ShinyHunters exploited compromised Okta SSO credentials to breach the Hims & Hers Zendesk customer support platform, exposing treatment category data for...
Dutch healthcare software vendor ChipSoft has been struck by a ransomware attack, forcing the company to take its website and digital patient services...
SecurityWeek reports that the Medusa ransomware group has developed a dangerous capability: rapidly weaponizing newly disclosed vulnerabilities —...
Microsoft has raised the alarm over Medusa ransomware's unprecedented operational speed, with the group now exploiting zero-day vulnerabilities before...
Microsoft warns that Medusa ransomware operators are exploiting zero-day vulnerabilities approximately one week before public disclosure, enabling the...
Telehealth giant Hims & Hers Health is warning customers of a data breach after support tickets were stolen from a third-party customer service platform,...
Nacogdoches Memorial Hospital in Texas has disclosed a January 2026 data breach in which a threat actor accessed its internal network and stole personal...
The Axios npm library was weaponized to deliver a cross-platform RAT; Anthropic accidentally leaked Claude Code's CLI source in an npm package; Google...
CareCloud has notified the U.S. Securities and Exchange Commission of a cyberattack that may have resulted in the unauthorized access and potential...
Healthcare IT company CareCloud has disclosed a cyberattack that resulted in the theft of sensitive patient data and caused an eight-hour network outage,...
QualDerm Partners, a national dermatology network operating 158 practices across 17 states, disclosed a December 2025 data breach that exposed the medical...
A cyberattack on French healthcare software vendor Cegedim Santé exposed 15.8 million patient records from 3,800 doctors, with leaked data including...
Former incident responder Ryan Goldberg and ransomware negotiator Kevin Martin admitted to running ALPHV/BlackCat ransomware operations against five US...
Navia Benefit Solutions has confirmed a data breach that exposed personal and health plan information belonging to approximately 2.7 million individuals,...
Navia Benefit Solutions has notified nearly 2.7 million individuals of a data breach that exposed sensitive personal and health-related information to...
OpenEMR versions prior to 8.0.0.2 contain a CVSS 9.1 command injection vulnerability in the backup functionality. Authenticated attackers with high...
TriZetto Provider Solutions, a Cognizant subsidiary serving 875,000 US healthcare providers, has confirmed a 2024 cyberattack went undetected for nearly a...
An incident response manager and a ransomware negotiator face up to 20 years after admitting to conducting BlackCat (ALPHV) ransomware attacks against...
A ransomware attack detected February 19 has taken down UMMC's EPIC EMR system and forced all 35 health clinics across Mississippi to close, canceling...
The January 2025 ransomware attack on government technology giant Conduent continues to expand in scope, now confirmed to affect 15.4 million in Texas and...
With 91 publicly disclosed ransomware attacks in January 2026 alone, the ransomware landscape is shifting toward data-only extortion while healthcare...
Government technology provider Conduent's January 2025 ransomware breach now confirmed to affect at least 15.4 million people in Texas alone, with 8TB of...
Ransomware attacks against healthcare organizations have increased 67% in the first month of 2026, with multiple hospital systems reporting service disruptions.
Qilin ransomware group claims responsibility for massive healthcare breach, stealing 850GB of sensitive patient data across multiple states. Initial...