Try it
See a demo
5 2

SecureFact – Cyber Security News – Week of February 03, 2025

US healthcare provider data breach impacts 1 million patients

  • Community Health Center (CHC), a prominent healthcare provider in Connecticut, has reported a significant data breach affecting over 1 million patients.
  • The breach, which occurred in mid-October 2024 but was only discovered on January 2, 2025, involved unauthorized access to CHC’s network by skilled hackers. Approximately 1,060,936 individuals had their personal and health information compromised, including names, Social Security numbers, medical diagnoses, and treatment details.
  • Fortunately, the attackers did not encrypt any systems or disrupt daily operations, and CHC claims to have contained the breach quickly.
  • This incident highlights the increasing prevalence of data theft in the healthcare sector and has prompted discussions about enhancing security measures, including proposed updates to HIPAA regulations by the U.S. Department of Health and Human Services.

*Source

DeepSeek exposes database with over 1 million chat records

  • DeepSeek, a Chinese AI startup known for its DeepSeek-R1 language model, has inadvertently exposed two unsecured databases containing over 1 million chat records and sensitive operational information.
  • Discovered by Wiz Research during a security assessment, the databases were accessible without authentication and included plaintext user chat histories, API keys, and internal logs dating back to January 6, 2025.
  • This exposure posed significant security risks, as attackers could potentially access sensitive data and execute arbitrary SQL queries. Although Wiz reported the issue to DeepSeek, which promptly secured the databases, concerns remain about the company’s overall security posture and its ability to protect user data from both external threats and compliance pressures from the Chinese government.
  • The incident raises alarms for organizations utilizing DeepSeek’s AI in sensitive operations, highlighting the need for robust data protection measures.

*Source

State of emergency declared in Dover due to potential cybersecurity threat

  • Dover Mayor Robin Christiansen declared a state of emergency on January 29, 2025, due to a potential cybersecurity breach affecting the city’s IT systems.
  • The declaration, effective from 8 a.m., was prompted by credible information suggesting that protected data may have been compromised.
  • While a confirmed data breach has not been established, the mayor expressed concerns about possible impacts on emergency services and personal data security.
  • The state of emergency allows the city to take necessary actions to safeguard residents, including hiring external experts for investigation and response.
  • This situation follows a previous data loss incident reported earlier in January.

*Source

Globe Life data breach may impact an additional 850,000 clients

  • Globe Life announced that a data breach discovered in June 2024 may have affected an additional 850,000 clients, significantly increasing the scope of the incident initially thought to involve only 5,000 individuals.
  • The breach occurred when hackers accessed a web portal and specific databases linked to independent agency owners, exposing sensitive personal information such as names, email addresses, phone numbers, Social Security numbers, and health-related data.
  • Following the breach, Globe Life opted to notify all potentially affected customers and offered credit monitoring services.
  • Although the company faced an extortion attempt from the hacker, it refused to pay the ransom and reported that the breach did not disrupt its IT operations.

*Source

Ransomware attack disrupts New York blood donation giant

  • New York Blood Center (NYBC) reported a ransomware attack that disrupted its operations and forced the rescheduling of blood donation appointments.
  • The attack was detected on January 26 after suspicious activity was observed in its IT systems.
  • Although NYBC continues to accept donations, it has had to cancel some blood drives due to operational challenges.
  • The organization is collaborating with cybersecurity experts to contain the threat and restore services.
  • This incident follows a recent blood emergency caused by a significant drop in donations and raises concerns about potential data breaches involving donor information.

*Source