SecureFact – Cyber Security News – Week of May 27, 2025

Kettering Health, a nonprofit healthcare network in Ohio, experienced a system-wide outage on May 20, 2025, due to a ransomware attack.
The incident disrupted IT systems, led to the cancellation of elective procedures, and impacted communication systems like the call center.
Despite the disruption, emergency services remained operational.
The attack is linked to the Interlock ransomware group, also known as Nefarious Mantis, which has previously targeted healthcare and biotech sectors.
The group reportedly uses a remote access trojan (Interlock RAT) to gain control of internal systems.
While Kettering Health has not confirmed whether patient data was stolen, some patients have received scam calls from individuals impersonating hospital staff and demanding credit card payments, raising concerns of a potential data breach.
The organization is investigating the incident with the help of third-party cybersecurity experts and has warned the public about these phishing attempts.

A significant data breach has impacted 437,329 Americans, compromising sensitive personal and medical information.
The breach occurred at Ascension, a Missouri-based healthcare provider, due to a software vulnerability that allowed unauthorized access to data shared with a former third-party business partner.
Exposed Information Includes: Full names, addresses, phone numbers, and email addresses, Dates of birth, race, and gender, Social Security numbers, Medical details such as inpatient visit records, diagnosis and billing codes, admission and discharge dates, physician names, medical record numbers, and insurance information.
Ascension has not confirmed whether the compromised data has been misused. However, the company is offering affected individuals two years of complimentary identity monitoring services.

Adidas has confirmed a data breach involving customer information accessed through a third-party customer service provider.
The breach, which affected consumers who had previously contacted Adidas’ customer service, exposed personal contact details such as names, email addresses, and phone numbers. Importantly, the company clarified that sensitive data like passwords and payment card information were not compromised.
Upon discovering the breach, Adidas took immediate steps to contain the incident and initiated a comprehensive investigation in collaboration with leading information security experts.
The company is currently in the process of notifying individuals whose data may have been exposed and has reiterated its commitment to safeguarding consumer privacy and enhancing data security measures.

In July 2024, Nationwide Recovery Services (NRS), a third-party debt collection agency working with Harbin Clinic, suffered a cyberattack that exposed the personal data of approximately 210,140 patients.
The breach, which occurred between July 5 and July 11, involved unauthorized access to NRS systems and the illegal copying of sensitive information, including names, addresses, dates of birth, Social Security numbers, financial account details, guarantor data, and medical records.
Although Harbin Clinic’s own systems were not directly affected, it took swift action upon notification in February 2025 by cutting off NRS’s system access and launching an internal investigation.
By March 2025, NRS provided a list of potentially affected individuals. To mitigate potential harm, Harbin Clinic is offering 24 months of free identity monitoring services through Kroll, including credit monitoring, fraud consultation, and identity restoration. While there is currently no evidence of misuse, affected patients are urged to stay alert for suspicious financial or credit activity.

In November 2024, Serviceaide, a California-based enterprise management solutions provider, disclosed a data leak involving an Elasticsearch database it managed for Catholic Health, a nonprofit healthcare system in Buffalo, New York.
The database was inadvertently left publicly accessible between September 19 and November 5, 2024.
Although there is no direct evidence of unauthorized access or data exfiltration, Serviceaide could not rule it out entirely.
The exposed data, which varied by individual, included names, Social Security numbers, dates of birth, medical and account information, treatment and prescription details, insurance information, email addresses, usernames, and passwords.
Over 483,000 individuals were impacted by the breach, according to a report filed with the U.S. Department of Health and Human Services.
Affected patients are being notified and offered 12 months of free credit monitoring and identity theft protection.