HIPAA Pulse
Healthcare is the most-targeted industry for cyberattacks. Ransomware groups, nation-state actors, and opportunistic hackers specifically target the healthcare sector because of the value of patient data and the pressure to pay ransoms. Independent practices face the same threat landscape as hospital systems — but with a fraction of the security infrastructure. These alerts cover the threats that matter most to small and mid-size providers.
Yesterday
While cyberattacks against hospitals and clinics grew modestly in the first half of 2026, attacks on service providers and other healthcare businesses more than doubled.
The attackers call victims to direct them to phishing websites mirroring Microsoft Entra ID login pages. The post Okta Warns of Vishing Attacks Targeting Microsoft 365 Customers appeared first on SecurityWeek.
This Week
A new data-extortion group called Helix is using identity-focused tactics such as voice phishing (vishing), device code phishing, and multi-factor authentication (MFA) abuse to steal data from SharePoint environments. [...]
A new phishing-as-a-service (PhaaS) operation called Forg365 focuses on stealing Microsoft 365 accounts by combining adversary-in-the-middle (AiTM) and device code methods with AI-assisted lure generation. [...]
The Japan Times reports: An 18-year-old man has been arrested for his suspected involvement in a cyberattack on the operator of the Kaikatsu Club internet cafe chain, according to investigative sources. On Wednesday, the Metropolitan Police Department’s cybercrime countermeasure division arrested the company employee from Tokyo’s Katsushika Ward, who was in the second year of... Source
Meem Arafat Manab reports: On August 19, 2025, hackers broke into Shwapno’s customer database. They took 410 gigabytes of data: the names, phone numbers, and purchase histories of forty lakh registered customers. They demanded $1.5 million. Shwapno refused, secured its systems, and said nothing to its customers for seven months. When the hackers published the... Source
Join the webinar as we break down why email-layer defenses alone can’t keep pace with the modern phishing ecosystem. The post Webinar Today: Why Email Security Keeps Failing appeared first on SecurityWeek.
The phishing campaign uses several tactics, including nested redirects, to evade detection and steal credentials from unsuspecting targets.
DysruptionHub reports: Jacksonville, Texas, took some city systems offline after detecting suspicious network activity Friday, leaving some online services unavailable Monday as officials investigated a cybersecurity incident. The city said it detected the activity July 3 and later determined it was related to a cybersecurity incident. Officials took affected systems offline, disabled some systems as... Source
Tomorrow's webinar explores how behavioral AI can help organizations detect sophisticated phishing, business email compromise, and account takeover attacks while reducing alert fatigue through automated investigation and response workflows. [...]
A phishing campaign is impersonating more than 30 well-known brands, including Adobe, Netflix, Coca-Cola, and OpenAI, in fake job interviews to steal Google account credentials from marketing professionals. [...]
12 of 51 articles
Want to take action? See how Patient Protect defends against this→
Curated breach alerts and compliance intelligence — before the workday starts.
No spam. Unsubscribe anytime.