Coverage
Hand-authored analysis of breaches, enforcement actions, and regulatory developments — what happened, what controls would have prevented it, what an independent practice should check on its own systems.
- Industry analysis
FortiBleed campaign extracts admin credentials from up to 75,000 Fortinet firewalls worldwide
A large-scale credential harvesting operation targeting Fortinet FortiGate devices has yielded verified administrator access across 194 countries, raising immediate concerns for healthcare networks that rely on the hardware.
- Industry analysis
FortiBleed campaign extracts working admin credentials from tens of thousands of Fortinet firewalls globally
A large-scale credential-extraction campaign targeting Fortinet FortiGate firewalls has yielded verified administrator access to between 30,000 and 75,000 devices across 194 countries, raising acute exposure risk for healthcare networks.
- Industry analysis
FortiBleed campaign extracts working admin credentials from tens of thousands of Fortinet firewalls worldwide
A mid-June 2026 campaign dubbed FortiBleed has yielded verified administrator credentials for up to 75,000 FortiGate devices across 194 countries, raising immediate concerns for healthcare networks that rely on the hardware.
- Industry analysis
FortiBleed campaign extracts credentials from tens of thousands of Fortinet firewalls worldwide
A large-scale credential-harvest operation targeting Fortinet FortiGate devices has yielded verified administrator passwords for up to 75,000 firewalls across 194 countries, with healthcare networks among the exposed.
- Industry analysis
FortiBleed campaign extracts admin credentials from up to 75,000 Fortinet firewalls globally
A large-scale credential-harvesting campaign targeting Fortinet FortiGate firewalls has yielded verified administrator access to tens of thousands of devices worldwide, raising immediate exposure concerns for healthcare networks.
- Industry analysis
INC ransomware group grows by targeting sectors where disruption forces fast payment
Analysis of the INC ransomware group shows the operation deliberately targets healthcare because service disruption creates immediate financial pressure to pay, with no novel exploits required.
- Industry analysis
INC ransomware group thrives against healthcare by exploiting fundamental gaps
A Dark Reading analysis of the INC ransomware group finds the threat actor targets pressure-sensitive sectors like healthcare by executing well-understood attack techniques that basic controls would stop.
- Industry analysis
INC ransomware group thrives by targeting sectors where disruption forces payment
Analysis of the INC ransomware group shows the operation deliberately targets healthcare and other high-pressure sectors where operational disruption creates immediate incentive to pay ransom.
- Industry analysis
INC ransomware group targets healthcare by exploiting operational pressure points
Analysis of the INC ransomware group shows it has sustained its campaign by focusing on sectors where service disruption creates immediate payment pressure, with healthcare a consistent target.
- Industry analysis
INC ransomware group thrives by targeting pressure-sensitive sectors like healthcare
The INC ransomware group has built a durable criminal operation by focusing on sectors where operational disruption creates immediate financial pressure to pay, with healthcare among its primary targets.
- Industry analysis
INC ransomware group targets healthcare by mastering basic attack techniques
Analysis of the INC ransomware group shows it deliberately targets sectors where operational disruption creates immediate payment pressure, with healthcare near the top of that list.
- Industry analysis
FulcrumSec publishes Novo Nordisk data after $25M ransom goes unpaid
Ransomware group FulcrumSec leaked data stolen from pharmaceutical manufacturer Novo Nordisk after a $25 million extortion demand was not met, exposing supply-chain risk for US healthcare partners.
- Industry analysis
FulcrumSec publishes Novo Nordisk data after $25M extortion demand goes unmet
Ransomware group FulcrumSec leaked data stolen from insulin and semaglutide manufacturer Novo Nordisk after a $25 million demand went unpaid, raising supply-chain exposure questions for US healthcare organizations.
- Industry analysis
FulcrumSec publishes Novo Nordisk data after $25M ransom goes unpaid
Ransomware group FulcrumSec leaked data belonging to insulin and semaglutide manufacturer Novo Nordisk after a $25 million extortion demand went unanswered, raising supply-chain risk questions for US healthcare.
- Industry analysis
Ransomware group leaks Novo Nordisk data after $25M demand goes unpaid
A threat actor calling itself FulcrumSec published stolen Novo Nordisk data after the Danish pharmaceutical company declined to pay a $25 million ransom, raising supply-chain risk questions for US healthcare partners.
- Industry analysis
FulcrumSec publishes Novo Nordisk data after $25M ransom goes unpaid
A ransomware group leaked data from Novo Nordisk, maker of Ozempic and Wegovy, after a $25 million extortion demand went unmet, raising supply-chain exposure questions for US healthcare organizations.
- Industry analysis
FulcrumSec publishes Novo Nordisk data after $25M ransom demand goes unmet
Ransomware group FulcrumSec has begun leaking data stolen from Novo Nordisk following an unmet $25 million demand, exposing supply-chain risk for US healthcare organizations that source insulin and GLP-1 therapies.
- Industry analysis
Ransomware group publishes Novo Nordisk data after $25M demand goes unmet
Extortion group FulcrumSec published stolen data from Novo Nordisk after a $25 million ransom went unpaid, exposing supply-chain and patient-data risks across the pharmaceutical sector.
- Industry analysis
FulcrumSec publishes Novo Nordisk data after $25M ransom goes unpaid
Ransomware group FulcrumSec has released data stolen from Novo Nordisk following a $25 million demand the Danish pharmaceutical company declined to pay, raising supply-chain risk questions for US healthcare partners.
- Industry analysis
FulcrumSec publishes Novo Nordisk data after $25M ransom goes unpaid
Ransomware group FulcrumSec leaked data from Novo Nordisk after the Danish pharmaceutical manufacturer declined to pay a reported $25 million demand, exposing supply-chain and vendor-risk questions for US healthcare partners.
- Industry analysis
Ransomware group publishes Novo Nordisk data after $25M demand goes unpaid
FulcrumSec published internal data belonging to Novo Nordisk after the pharmaceutical company declined to meet a $25 million extortion demand, raising supply-chain exposure questions for US healthcare partners.
- Industry analysis
Two separate threat actors targeted Novo Nordisk with $75 million in combined ransom demands
Danish pharmaceutical giant Novo Nordisk faced extortion demands from two unconnected threat actors — FulcrumSec and an unnamed group — totaling $75 million, with neither claim resulting in payment.
- Industry analysis
Two separate threat actors demanded $75 million total from Novo Nordisk — and were refused
Novo Nordisk faced ransom demands of $50 million and $25 million from two unconnected threat actors in the same period, with neither payment made, according to reporting by DataBreaches.net.
- Industry analysis
Two separate threat actors demanded $75 million combined from Novo Nordisk — neither was paid
Novo Nordisk faced simultaneous extortion demands totaling $75 million from two unrelated threat actors, a scenario that illustrates the compounding exposure large pharmaceutical organizations face when attackers operate independently.
- Industry analysis
Two separate threat actors demanded $75 million combined from Novo Nordisk — neither collected
Novo Nordisk faced simultaneous extortion demands of $50 million and $25 million from two unrelated threat actors, a rare double-exposure event with broad implications for pharmaceutical and healthcare supply chain security.
- Industry analysis
Two separate threat actors demanded $75 million total from Novo Nordisk — neither collected
Pharmaceutical giant Novo Nordisk faced simultaneous extortion demands from two unrelated threat actors totaling $75 million, a case that illustrates the compounding exposure large healthcare-adjacent organizations carry.
- Industry analysis
Two separate threat actors demanded $75 million from Novo Nordisk — and both walked away empty-handed
Novo Nordisk faced simultaneous extortion demands from two unconnected threat actors totaling $75 million, a case that illustrates the compounding exposure facing large pharmaceutical targets.
- Industry analysis
Two separate threat actors demanded $75 million total from Novo Nordisk — neither collected
Novo Nordisk faced back-to-back extortion attempts from unrelated threat actors, with demands totaling $75 million, in a case illustrating the compounding exposure large pharmaceutical targets now face.
- Industry analysis
Two separate threat actors demanded $75 million combined from Novo Nordisk — neither collected
Danish pharmaceutical giant Novo Nordisk faced simultaneous extortion demands totaling $75 million from two distinct threat actors, a rare double-extortion scenario with implications for pharma and healthcare supply chains.
- Industry analysis
Two threat actors hit Novo Nordisk with separate extortion demands totaling $75 million
Danish pharmaceutical giant Novo Nordisk faced back-to-back extortion attempts from unrelated threat actors, with demands of $50 million and $25 million respectively — neither of which was paid.
- Industry analysis
Two separate threat actors demanded $75 million total from Novo Nordisk — and were refused
Danish pharmaceutical giant Novo Nordisk faced extortion demands totaling $75 million from two distinct threat actors in overlapping incidents, with neither ransom paid, according to reporting by DataBreaches.net.
- Industry analysis
Two separate threat actors demanded $75 million total from Novo Nordisk — neither collected
Novo Nordisk faced simultaneous extortion demands of $50 million and $25 million from unrelated threat actors, a rare double-extortion event that illustrates escalating pressure on pharmaceutical targets.
- Industry analysis
Chinese espionage group UNC6508 targets medical and AI research across North America
Google's Threat Intelligence Group has been tracking UNC6508 since early 2025 as the cyberespionage unit pursues medical, military, and AI research organizations across North America.
- Industry analysis
Chinese espionage group UNC6508 targeting medical and AI research in North America
Google's Threat Intelligence Group has been tracking cyberespionage actor UNC6508 since early 2025, with medical research institutions among its confirmed targets in North America.
- Industry analysis
Chinese espionage group UNC6508 shifts focus to medical and AI research targets in North America
Google's Threat Intelligence Group has been tracking UNC6508 since early 2025, linking the group to cyberespionage campaigns against medical, military, and AI research organizations across North America.
- Industry analysis
Chinese espionage group UNC6508 is actively targeting medical and AI research organizations in North America
Google's Threat Intelligence Group has been tracking cyberespionage group UNC6508 since early 2025, with medical research institutions among its confirmed targets across North America.
- Industry analysis
Chinese espionage group UNC6508 targets medical and AI research in North America
Google's Threat Intelligence Group has been tracking UNC6508 since early 2025, with the cyberespionage campaign reaching medical research institutions across North America.
- Industry analysis
Chinese espionage group UNC6508 shifts focus to medical and AI research targets in North America
Google's Threat Intelligence Group has been tracking UNC6508 since early 2025, and the group's targeting of medical research organizations raises direct concerns for academic medical centers and research-affiliated practices.
- Industry analysis
Chinese espionage group UNC6508 targets medical and AI research in North America
Google's Threat Intelligence Group has been tracking cyberespionage group UNC6508 since early 2025, with medical research institutions among its confirmed targets in North America.
- Industry analysis
Chinese espionage group UNC6508 shifts targeting to medical and AI research in North America
Google's Threat Intelligence Group has been tracking UNC6508 since early 2025 as the group pursues cyberespionage campaigns against medical, military, and AI research targets across North America.
- Industry analysis
Chinese cyberespionage group UNC6508 targets medical and AI research across North America
Google's Threat Intelligence Group has been tracking UNC6508 since early 2025 as the group pursues espionage campaigns against medical, military, and AI research organizations in North America.
- Industry analysis
Chinese cyberespionage group UNC6508 seen targeting medical research organizations in North America
Google's Threat Intelligence Group has been tracking UNC6508 since early 2025 as the group conducts cyberespionage campaigns against medical, military, and AI research targets across North America.
- Industry analysis
Chinese espionage group UNC6508 targets medical and AI research across North America
Google's Threat Intelligence Group has been tracking cyberespionage cluster UNC6508 since early 2025, with medical research institutions among the confirmed targets in North America.
- Industry analysis
HTTP/2 protocol features exploited in amplification attacks targeting healthcare networks
Researchers have identified a denial-of-service technique that turns two bandwidth-saving features of HTTP/2 against healthcare and telecom infrastructure, raising availability concerns for patient-facing systems.
- Industry analysis
HTTP/2 protocol features weaponized in amplification attacks targeting healthcare
Researchers have detailed a denial-of-service exploit that turns two bandwidth-saving HTTP/2 features into attack amplifiers, placing hospitals and health systems among the exposed targets.
- Industry analysis
HTTP/2 protocol features weaponized in amplification attacks targeting healthcare networks
A denial-of-service exploit abusing two bandwidth-conservation features in HTTP/2 has put healthcare organizations and telecommunications providers on alert for high-impact service disruption.
- Industry analysis
HTTP/2 protocol features weaponized in amplification attacks against healthcare networks
A denial-of-service technique exploiting two bandwidth-saving features in HTTP/2 is exposing healthcare organizations and telecoms to outsized traffic amplification attacks.
- Industry analysis
HTTP/2 protocol features weaponized in amplification attacks targeting healthcare
Researchers have identified a denial-of-service exploit that turns two bandwidth-saving features of HTTP/2 against healthcare organizations and telcos, raising availability concerns for patient-facing systems.
- Industry analysis
HTTP/2 protocol features turned into amplification attack vector targeting healthcare
Researchers have identified a denial-of-service exploit that turns two bandwidth-saving features of HTTP/2 into amplification weapons, with healthcare organizations named among the high-risk targets.
- Industry analysis
HTTP/2 protocol features weaponized in amplification attacks targeting healthcare
Researchers have identified a denial-of-service exploit that turns two bandwidth-saving features of HTTP/2 into amplification vectors, putting healthcare organizations and telcos at elevated risk.
- Industry analysis
HTTP/2 protocol flaws enable amplified denial-of-service attacks on healthcare targets
Researchers have identified denial-of-service exploits that weaponize two bandwidth-saving features in HTTP/2, putting hospital networks and health system web infrastructure at elevated risk.
- Industry analysis
HTTP/2 protocol flaws fuel amplified denial-of-service risk for healthcare
Researchers have identified denial-of-service exploits that weaponize two bandwidth-conservation features in HTTP/2, placing telecom carriers and healthcare organizations among the most exposed targets.
- Industry analysis
HTTP/2 protocol features weaponized in amplification attacks against healthcare networks
A denial-of-service technique exploiting two bandwidth-saving features of the HTTP/2 protocol is putting healthcare organizations and telecommunications providers at elevated risk of service disruption.
- Industry analysis
HTTP/2 protocol flaws enable amplified denial-of-service attacks against healthcare networks
Researchers have identified a denial-of-service exploit that turns two HTTP/2 bandwidth-saving features against healthcare organizations and telecoms, enabling outsized disruption with minimal attacker effort.
- Industry analysis
Novo Nordisk reports breach affecting clinical trial patient data
Novo Nordisk disclosed a security incident exposing data tied to clinical trial participants, adding the biopharma giant to a growing list of drug companies hit by targeted intrusions.
- Industry analysis
Novo Nordisk discloses breach affecting clinical trial patient data
Novo Nordisk confirmed a security incident exposing data tied to clinical trial participants, adding to a pattern of biopharma breaches that put sensitive research and patient records at risk.
- Industry analysis
Novo Nordisk reports breach affecting clinical trial patient data
Novo Nordisk disclosed a security incident exposing data tied to clinical trial participants, adding to a pattern of biopharma breaches that put sensitive patient and research records at risk.
- Industry analysis
Novo Nordisk discloses breach affecting clinical trial patient data
Novo Nordisk notified clinical trial participants of a security incident that exposed sensitive patient data, adding the biopharma giant to a growing list of drug-industry breach disclosures.
- Industry analysis
Ukrainian national pleads guilty to conspiracy charges in Conti ransomware operation
A 44-year-old Ukrainian national extradited from Ireland admitted to conspiracy charges tied to Conti ransomware attacks, a group responsible for dozens of strikes on US healthcare targets.
- Industry analysis
Chelan County malware incident stretches past three weeks with no restoration date
A Memorial Day weekend malware discovery left Chelan County, Washington in system-wide disruption for more than three weeks, with officials unable to provide a recovery timeline as of June 8.
- Industry analysis
Chelan County enters third week of system disruptions after Memorial Day malware incident
A malware incident discovered over Memorial Day weekend has left Chelan County, Washington, without a recovery timeline as system-wide disruptions stretch into a third consecutive week.
- Industry analysis
Chelan County malware incident stretches past three weeks with no restoration date in sight
A Memorial Day weekend malware discovery left Chelan County, Washington with system-wide disruptions still unresolved after three weeks, illustrating how long operational recovery can take after a network-level incident.
- Industry analysis
Chelan County malware incident stretches past three weeks with no restoration date
A malware incident discovered over Memorial Day weekend has left Chelan County, Washington in system-wide disruption through at least June 8, with officials unable to provide a recovery timeline.
- Industry analysis
Chelan County malware incident stretches past three weeks with no restoration date
A malware incident discovered over Memorial Day weekend has left Chelan County, Washington with system-wide disruptions entering a third week and no announced timeline for recovery.
- Industry analysis
Ambient AI documentation tools reshape the clinical exam room dynamic
Beth Israel Lahey Health's adoption of ambient AI to reduce documentation burden illustrates a broader shift in how health systems are rethinking the physician-patient encounter.
- Industry analysis
Ambient AI reshapes clinical documentation at Beth Israel Lahey Health
Beth Israel Lahey Health's adoption of ambient AI in exam rooms illustrates how health systems are offloading real-time documentation burden from physicians, with implications for workflow, consent, and data governance.
- Industry analysis
Ambient AI tools reshape clinical documentation at Beth Israel Lahey Health
Beth Israel Lahey Health's adoption of ambient AI for in-room documentation illustrates how health systems are restructuring the physician-patient encounter to reduce EHR workload.
- Industry analysis
Ambient AI tools reshape exam-room documentation at Beth Israel Lahey Health
Beth Israel Lahey Health is deploying ambient AI to reduce clinician documentation burden, a shift that carries data governance and consent implications for independent practices watching the technology spread.
- Industry analysis
Ambient AI tools reshape clinical documentation at Beth Israel Lahey Health
Beth Israel Lahey Health's adoption of ambient AI in exam rooms illustrates how health systems are trading screen-focused workflows for tools that transcribe and structure clinical notes in real time.
- Industry analysis
Ambient AI begins reshaping exam-room documentation at Beth Israel Lahey Health
Beth Israel Lahey Health's adoption of ambient AI scribing tools illustrates how health systems are restructuring clinical documentation workflows to reduce physician screen time during patient visits.
- Industry analysis
Ambient AI tools reshape documentation workflows inside the exam room
Beth Israel Lahey Health's adoption of ambient AI for clinical documentation illustrates how health systems are rethinking the physician-screen relationship as EHR burden grows.
- Industry analysis
Ambient AI reshapes exam room documentation at Beth Israel Lahey Health
Beth Israel Lahey Health is deploying ambient AI to reduce clinician documentation burden, shifting physician attention back to patients during encounters and raising new workflow and compliance questions.
- Industry analysis
Ambient AI reshapes clinical documentation as health systems seek relief from EHR load
Beth Israel Lahey Health's deployment of ambient AI documentation tools illustrates a broader industry shift away from screen-centric care toward real-time, voice-driven clinical notes.
- Industry analysis
Ambient AI begins displacing screen-focused documentation in exam rooms
Beth Israel Lahey Health's adoption of ambient AI scribing illustrates a wider shift in how health systems are rethinking clinical documentation workflows and the patient-physician dynamic.
- Industry analysis
Ambient AI reshapes clinical documentation as health systems seek relief from EHR burden
Beth Israel Lahey Health's adoption of ambient AI scribing illustrates a wider health system push to reduce physician documentation load and restore face-to-face care time.
- Industry analysis
Ambient AI reshapes exam-room documentation at Beth Israel Lahey Health
Beth Israel Lahey Health's deployment of ambient AI tools to reduce physician documentation burden signals a broader shift in how health systems are rethinking clinical workflow and EHR interaction.
- Industry analysis
Ambient AI reshapes clinical documentation at Beth Israel Lahey Health
Beth Israel Lahey Health's adoption of ambient AI tools to reduce physician documentation burden illustrates how health systems are trading screen-time for direct patient interaction.
- Industry analysis
Ambient AI tools reshape clinical documentation inside the exam room
Beth Israel Lahey Health's deployment of ambient AI scribing illustrates how health systems are trading screen-focused workflows for real-time transcription that follows the clinical encounter.
- Industry analysis
Ambient AI is reshaping exam-room documentation at Beth Israel Lahey Health
Beth Israel Lahey Health's deployment of ambient AI scribing tools is reducing documentation burden on physicians and shifting clinical attention back toward patients during appointments.
- Industry analysis
Ambient AI tools reshape exam-room documentation at Beth Israel Lahey Health
Beth Israel Lahey Health is deploying ambient AI to reduce physician documentation load during patient visits, a shift that carries both clinical workflow and data-privacy implications for health systems.
- Industry analysis
Ambient AI trims documentation burden in the exam room, Beth Israel Lahey finds
Beth Israel Lahey Health's deployment of ambient AI scribing technology is cutting clinician documentation time and shifting physician attention back toward patients during appointments.
- Industry analysis
Ambient AI tools shift documentation burden away from exam-room clinicians
Beth Israel Lahey Health's adoption of ambient AI scribing illustrates how health systems are restructuring clinical documentation workflows to reduce physician burnout and restore patient-facing time.
- Industry analysis
Ambient AI begins displacing screen-focused documentation in clinical visits
Beth Israel Lahey Health's adoption of ambient AI scribing illustrates a broader shift in how health systems are attempting to reduce documentation load without sacrificing clinical accuracy.
- Industry analysis
Ambient AI tools reshape clinical documentation at Beth Israel Lahey Health
Beth Israel Lahey Health's adoption of ambient AI to reduce physician documentation load signals a broader industry shift in how exam-room technology balances clinical efficiency with patient engagement.
- Industry analysis
Ambient AI reshapes exam-room documentation at Beth Israel Lahey Health
Beth Israel Lahey Health is deploying ambient AI to reduce physician documentation burden during patient visits, a shift that carries workflow, consent, and data-governance implications for practices of all sizes.
- Industry analysis
Microsoft and Mayo Clinic announce joint effort to build frontier healthcare AI
Microsoft and Mayo Clinic have disclosed a partnership to develop a large-scale AI model trained on clinical data, raising questions about data governance and deployment standards for independent practices.
- Industry analysis
Microsoft and Mayo Clinic move to build a frontier AI model for clinical use
Microsoft and Mayo Clinic announced a partnership to develop a healthcare-specific frontier AI model, a collaboration that signals accelerating institutional investment in purpose-built clinical AI.
- Industry analysis
Microsoft and Mayo Clinic join forces on frontier AI model for clinical use
Microsoft and Mayo Clinic announced a partnership to develop a frontier AI model purpose-built for healthcare, a collaboration that signals deepening big-tech investment in clinical AI infrastructure.
- Industry analysis
Microsoft and Mayo Clinic team up to build a frontier AI model for clinical use
Microsoft and Mayo Clinic announced a partnership to develop a frontier AI model trained on clinical data, a deal that signals how health systems are moving from general-purpose AI tools toward purpose-built clinical models.
- Industry analysis
Microsoft and Mayo Clinic announce joint development of a frontier AI model for clinical use
Microsoft and Mayo Clinic have agreed to co-develop a frontier AI model aimed at clinical applications, a pairing that signals how large health systems are shaping the next generation of medical AI.
- Industry analysis
Microsoft and Mayo Clinic team up to build a frontier AI model for clinical use
Microsoft and Mayo Clinic announced a partnership to develop a frontier AI model designed specifically for healthcare, a move that signals growing investment in purpose-built clinical AI at scale.
- Industry analysis
AI forecasting tools reshape how community oncology clinics manage drug costs and inventory
Community oncology practices are applying AI-driven demand forecasting to specialty drug purchasing, aiming to close visibility gaps that have widened as reimbursement margins narrow and drug costs rise.
- Industry analysis
Eight in ten organizations that miss 24-hour patch window report breaches, CSA finds
A Cloud Security Alliance study released June 2 found that 80% of organizations missing a 24-hour patch window experienced incidents tied to known vulnerabilities, with AI runtime visibility gaps compounding the risk.
- Industry analysis
Most organizations missing 24-hour patch window report breaches, CSA study finds
A Cloud Security Alliance study released June 2 found 80% of organizations that miss a 24-hour patch window report security incidents tied to known vulnerabilities, with an AI visibility gap compounding the risk.
- Industry analysis
Most organizations missing 24-hour patch window report security incidents, CSA finds
A Cloud Security Alliance study released June 2 found 80% of organizations that exceed a 24-hour patch window experience incidents tied to known vulnerabilities, with AI runtime blind spots compounding the risk.
- Industry analysis
CSA study ties missed 24-hour patch windows to breach rates in majority of organizations
A Cloud Security Alliance study published June 2 found 80% of organizations that fail to patch within 24 hours report security incidents tied to known vulnerabilities, with AI runtime visibility gaps compounding the risk.
- Industry analysis
Most organizations missing 24-hour patch window report breaches, CSA finds
A Cloud Security Alliance study released June 2 found 80% of organizations that miss a 24-hour patching window experience security incidents tied to known vulnerabilities, with AI runtime blind spots compounding the risk.
- Industry analysis
Eight in ten organizations missing 24-hour patch window report a breach, CSA finds
A Cloud Security Alliance study released June 2 found that 80% of organizations that miss a 24-hour patch window experience security incidents tied to known vulnerabilities, with AI runtime blind spots compounding the risk.
- Industry analysis
Most organizations missing 24-hour patch window go on to report a breach, CSA study finds
A Cloud Security Alliance study released June 2 found 80% of organizations that miss a 24-hour patch window report security incidents tied to known vulnerabilities, with AI runtime visibility gaps compounding the problem.
- Industry analysis
Most organizations missing 24-hour patch window report breaches, CSA study finds
A Cloud Security Alliance study released June 2 found that 80% of organizations that miss a 24-hour patch window report incidents tied to known vulnerabilities, with AI runtime visibility gaps compounding the risk.
- Industry analysis
Most organizations missing 24-hour patch window report security incidents, CSA finds
A Cloud Security Alliance study published June 2 found 80% of organizations that miss a 24-hour patching window experience breaches tied to known vulnerabilities, with AI runtime visibility gaps compounding the risk.
- Industry analysis
Most organizations missing 24-hour patch window report security incidents, CSA study finds
A Cloud Security Alliance study published June 2 found that 80% of organizations that miss a 24-hour patch window report incidents tied to known vulnerabilities, with AI runtime visibility gaps compounding the risk.
- Industry analysis
Most organizations missing 24-hour patch window report breaches, CSA study finds
A Cloud Security Alliance study released June 2 found that 80% of organizations failing to patch within 24 hours reported security incidents tied to known vulnerabilities, with AI runtime blind spots compounding the risk.
- Industry analysis
Most organizations missing 24-hour patch window report breaches, CSA study finds
A Cloud Security Alliance study published June 2 found that 80% of organizations failing to patch within 24 hours experienced security incidents tied to known vulnerabilities, with AI runtime blind spots compounding the risk.
- Industry analysis
Study links missed 24-hour patch windows to breach rates across industries
A Cloud Security Alliance report published June 2 found that 80% of organizations failing to patch within 24 hours reported security incidents tied to known vulnerabilities.
- Industry analysis
Most organizations missing 24-hour patch window report breaches, CSA finds
A Cloud Security Alliance study released June 2 found that 80% of organizations that fail to patch within 24 hours report security incidents tied to known vulnerabilities, with AI runtime visibility gaps compounding the risk.
- Industry analysis
Eighty percent of organizations missing 24-hour patch window report breaches, CSA finds
A Cloud Security Alliance study released June 2 found that delayed patching of known vulnerabilities drives the majority of security incidents, with AI runtime blind spots compounding the exposure.
- Industry analysis
CSA study links missed patch windows to breach rates in known-vulnerability incidents
A Cloud Security Alliance report published June 2 found that 80% of organizations failing to patch within 24 hours reported security incidents tied to known vulnerabilities, raising direct questions for healthcare compliance programs.
- Industry analysis
CSA study links missed 24-hour patch windows to breach rates in most organizations
A Cloud Security Alliance report published June 2 found that 80% of organizations failing to patch within 24 hours reported security incidents tied to known vulnerabilities, with AI runtime gaps compounding the problem.
- Industry analysis
CSA study links missed 24-hour patch windows to breach rates across sectors
A Cloud Security Alliance report published June 2 found 80% of organizations that miss a 24-hour patch window report security incidents tied to known vulnerabilities, a finding with direct weight for healthcare IT teams.
- Industry analysis
Most organizations missing the 24-hour patch window are reporting breaches, CSA finds
A Cloud Security Alliance study released June 2 found that 80% of organizations that fail to patch within 24 hours of disclosure subsequently report security incidents tied to known vulnerabilities.
- Industry analysis
CSA study ties missed 24-hour patch windows to breach rates at most organizations
A Cloud Security Alliance study published June 2 found 80% of organizations that miss a 24-hour patch window report security incidents tied to known vulnerabilities, with AI runtime visibility gaps compounding the risk.
- Industry analysis
CSA study ties missed 24-hour patch windows to breach rates at most organizations
A Cloud Security Alliance study published June 2 found that 80% of organizations missing a 24-hour patch window reported security incidents tied to known vulnerabilities, a figure with direct implications for healthcare compliance programs.
- Industry analysis
CSA study ties missed 24-hour patch windows to breach rates across sectors
A Cloud Security Alliance report finds 80% of organizations that miss a 24-hour patching threshold report security incidents tied to known vulnerabilities, a pattern with direct implications for healthcare compliance.
- Industry analysis
CSA study finds 80% of organizations missing 24-hour patch window report breaches
A Cloud Security Alliance study released June 2 found that four in five organizations that fail to patch known vulnerabilities within 24 hours subsequently report security incidents tied to those same flaws.
- Industry analysis
CSA study links missed 24-hour patch windows to breach rates in 80% of organizations
A Cloud Security Alliance study published June 2 found that four in five organizations failing to patch within 24 hours reported security incidents tied to known vulnerabilities, with AI runtime blind spots compounding the risk.
- Industry analysis
CSA study links missed 24-hour patch windows to breach rates
A Cloud Security Alliance study published June 2 found 80% of organizations that miss a 24-hour patch window report security incidents tied to known vulnerabilities, a pattern with direct implications for healthcare compliance teams.
- Industry analysis
Most organizations that skip 24-hour patch window end up breached, CSA finds
A Cloud Security Alliance study published June 2 found 80% of organizations that miss a 24-hour patching window report security incidents tied to known vulnerabilities, a finding with direct implications for healthcare IT teams.
- Industry analysis
CSA study ties missed 24-hour patch windows to breach rates at most organizations
A Cloud Security Alliance report published June 2 found that 80% of organizations failing to patch within 24 hours report security incidents tied to known vulnerabilities, with AI-era gaps adding new exposure.
- Industry analysis
CSA study ties missed 24-hour patch windows to breach rates at eight in ten organizations
A Cloud Security Alliance study published June 2 found that 80% of organizations failing to patch within 24 hours reported security incidents tied to known vulnerabilities, with AI runtime visibility gaps compounding the risk.
- Industry analysis
CSA study ties missed 24-hour patch windows to breach rates topping 80 percent
A Cloud Security Alliance report published June 2 found that four in five organizations failing to patch within 24 hours reported security incidents tied to known vulnerabilities, with AI runtime blind spots compounding the risk.
- Industry analysis
CSA study ties missed 24-hour patch windows to breach rates above 80 percent
A Cloud Security Alliance study published June 2 found that 80 percent of organizations that miss a 24-hour patching threshold report security incidents tied to known, exploitable vulnerabilities.
- Industry analysis
CSA study ties missed 24-hour patch windows to breach rates at most organizations
A Cloud Security Alliance study published June 2 found that 80% of organizations failing to patch known vulnerabilities within 24 hours reported security incidents, with AI-environment visibility gaps compounding the risk.
- Industry analysis
CSA study ties missed 24-hour patch windows to breach rates across sectors
A Cloud Security Alliance report published June 2 found 80% of organizations that miss a 24-hour patching window experience security incidents tied to known vulnerabilities, a finding with direct implications for healthcare IT teams.
- Industry analysis
Most organizations that miss 24-hour patch window go on to report a breach, CSA finds
A Cloud Security Alliance study published June 2 found 80% of organizations that fail to patch within 24 hours of disclosure report incidents tied to known vulnerabilities, with AI-era gaps compounding the risk.
- Industry analysis
Most organizations missing 24-hour patch windows report security incidents, CSA finds
A Cloud Security Alliance study released June 2 found that 80% of organizations failing to patch within 24 hours experienced incidents tied to known vulnerabilities, with AI runtime visibility gaps compounding the risk.
- Industry analysis
Epic embeds Northwell's firearm injury risk screening tool in its EHR
Epic has integrated a firearm injury risk screening tool developed by Northwell Health, bringing structured clinical decision support for gun violence prevention into its widely used EHR platform.
- Industry analysis
Joint Commission launches voluntary AI responsibility certification for health systems
The Joint Commission's new Responsible Use of AI in Healthcare certification targets organizational deployment practices rather than individual AI tools, marking a formal accountability framework for the sector.
- Industry analysis
Eight in ten organizations that miss the 24-hour patch window report breaches, CSA finds
A Cloud Security Alliance study published June 2 found that 80% of organizations failing to patch known vulnerabilities within 24 hours experienced security incidents, with AI runtime blind spots compounding the risk.
- Industry analysis
EHR migration windows are the most underestimated security event in a practice's decade
South Central Regional Medical Center is consolidating five clinical sites onto a single Epic instance. The case is unremarkable individually and instructive collectively — EHR transitions are a security event the compliance program rarely treats as one.
- Cybersecurity
Phishing-as-a-service now includes an AI assistant, and healthcare email defenses have not caught up
A newly identified phishing kit called Bluekit ships with 40 templates, automated domain registration, and an AI campaign drafter. The economics of credential-theft attacks against small healthcare practices just shifted again.
- Litigation
Private equity liability for portfolio-company breaches just changed, and healthcare is the largest exposed sector
A California federal court allowed claims against Bain Capital to proceed for a breach at its subsidiary PowerSchool — including conduct that predated the acquisition. The ruling reshapes the risk calculus for the most heavily PE-backed sector in American healthcare.
- Enforcement
State financial regulators are becoming the second front of healthcare breach enforcement
NYSDFS extracted $2.25 million from Delta Dental over the 2023 MOVEit breach — the latest sign that state insurance and financial regulators are operating in parallel with HHS OCR, with their own rules and faster timelines.
- Cybersecurity
Why CFAA prosecutions of credentialed clinical staff are rising, and what it means for insider risk
A federal indictment of a Maryland pharmacist on Computer Fraud and Abuse Act charges follows a pattern — prosecutors are increasingly using the CFAA to reach insider misuse cases that HIPAA alone wouldn't.