DataBreachToday.com

345 Major HIPAA Breaches Reported to Feds So Far This Year, Affecting 29.9 Million
Midway through 2025, the federal website listing major health data breaches in the U.S. shows a familiar scene: Many hacking incidents including ransomware, dozens of third-party vendor incidents, and millions of individuals affected by compromised personal data.

German Consultancy's Latest LLM Aims to Reduce Costs, Preserve Reasoning Skills
Say hello to DeepSeek-TNG R1T2 Chimera, a large language model built by German firm TNG Consulting, using three different DeepSeek LLMs. The goal of R1T2 is to provide a faster LLM with more predictable performance that maintains full reasoning accuracy.

Also: Medicare Data Breach; Gartner Security & Risk Management Summit Takeaways
In this week's update, ISMG editors discussed Iran-linked hackers claiming to steal emails from Trump's inner circle, how to refine application development in the age of AI, and a U.S. Medicare data breach amplifying concerns over the safety, security and privacy of federal health systems.

Rejects Business and AI Leaders' Call for Two-Year Enforcement Moratorium
Expect to see no pause in the EU's enforcement of new rules governing artificial intelligence, a spokesperson for the European Commission said amid intensifying calls for officials to "stop the clock" over implementing the bloc's AI Act, in the name of innovation and competition.

While many of the proposed updates to the HIPAA Security Rule are reasonable expectations, others will be extremely onerous to implement if federal regulators finalize the rule's overhaul as it's written today, said Stephen Goudreault of Gigamon and Samantha Jacques of McLaren Health.

Experts Warn Funding Gaps Elevate Cyber Risk
A breach of Columbia University’s IT systems after repeated attacks by U.S. President Donald Trump is highlighting how universities are unprepared for today’s threat landscape. Schools often leave campuses without enough resources for strong cyber defenses.

Also, Spain Arrests Hacker Behind Leaks Targeting Politicians and Journalists
This week, Chinese sites mimicked brands, Spain arrested data leak hackers, Swiss health nonprofit ransomware attack, ICC probed a cyberattack, UNFI restored systems, a flaw in smart tractors, RomCom RAT. A U.K. man sentenced for locking employer out of network. A WordPress hack installs a Trojan.

Flaw Exposes Remote Privilege Escalation Risk
Cisco released urgent security updates to fix a critical vulnerability in Unified Communications Manager that could allow unauthenticated attackers gain root access to affected systems. The maximum-severity vulnerability allows unauthenticated remote attackers to log in using static credentials.

Telephone-Oriented Attack Delivery Social Engineering Tactic Thrives
The phishing industry is a never ending source of innovation. Cyber fraudsters are determined to sneak their way into your inbox. Recent attacks involve callback phishing, a social engineering tactic designed to break down victims' defenses by spurring them into calling the scammers themselves.

Also: Dismantling a 460 Million Euro Crypto Fraud Network
This week, a peek into Iran's largest crypto exchange blending privacy, scale and sanctions evasion, Europol and Spanish police dismantled a crypto fraud network, $9.5M Resupply hack, sentencing in a $40M ponzi scheme and a North Korean crypto theft and employment fraud ring.

Cybercrime Experts Greet Announcement With Skepticism
Hunters International said Thursday it closed shop, provoking skepticism among cybercrime experts who said it's more likely the Russian-speaking hackers behind the ransomware group will start up again under a new brand name. "Ransomware groups often rebrand themselves."

Latest Medical Device Vendor to Disclose a Recent Cyber Incident
A Minnesota maker of catheters notified federal regulators it is recovering from a cyberattack discovered in early June that rendered a portion of its IT systems and data inaccessible. Threat actors gained unauthorized access to some IT systems making certain systems and data unavailable.

How IT Leaders Can Navigate Regulatory Complexity, Use Tech for Digital Sovereignty
From Schrems II to TikTok fines, data sovereignty is redefining the rules of digital engagement. It is no longer an option for enterprises. CIOs must navigate a maze of data laws and tech strategies to stay compliant and competitive in a world without digital borders.

Cybersecurity Awareness Programs Need Focus on Human Risk and Changing Behaviors
Thanks to Cybersecurity Awareness Month, everyone knows security is a priority, but what are we doing differently to change the culture? If our goal is to reduce risk - and not just to meet regulatory expectations - then we need to focus on behavior, not just boxes on a checklist.