DataBreachToday.com

Experts Call for Whole-Business Planning to Protect Patients and Operations
When a hospital, healthcare system or one of their critical third-party vendors is hit with a ransomware attack, all hell can break loose quickly. That can mean diverted ambulances, cancelled patient appointments, business processes put on hold and other critical operations stopped.

Surge in AI and Non-Human Identities Drives Demand for More Powerful Access Control
Amid rising complexity from AI agents and non-human identities, ConductorOne has raised $79 million in Series B funding. CEO Alex Bovee said the company aims to expand its identity platform, simplify access control and help security teams address evolving threats in hybrid environments.

Attorney Jonathan Armstrong on Vetting Job Applicants, Red Flags and Compliance
North Korean operatives are using fake identities and remote job listings to bypass sanctions and infiltrate companies. But employers can avoid becoming unwitting accomplices, said legal expert Jonathan Armstrong, who advises firms to adopt stronger vetting practices and structured investigations.

Intigriti's Ed Parsons on How Regs Are Pushing Firms Toward Proactive Security
The NIS2 Directive has driven significant improvements in vulnerability management across Europe. Organizations are accelerating vulnerability discovery by engaging with crowdsourced security communities and ethical hackers, said Ed Parsons, chief operations officer at Intigriti.

Midsize Businesses Need Skilled Professionals as Threat Actors Shift Their Tactics
As large enterprises continue to strengthen their defenses and reduce ransom payouts, ransomware operators are redirecting their attention toward midsize organizations. This shift has increased the urgency for adaptable, well-trained cyber professionals who can tailor enterprise-grade protections.

US Cites Risk of Treaty Being Weaponized by Authoritarian Regimes, Privacy Concerns
The U.S. declined to sign the new U.N. cybercrime convention despite support from 72 nations and its backing by Russia and China over fears it could be exploited by authoritarian states to legitimize surveillance, censor dissent and pressure cross-border data cooperation.

2nd Round of Layoffs Since 2022 Comes 2 Months After $150M Email Security Purchase
Varonis cut 5% of its workforce and saw its stock price nosedive after disclosing a sharp drop in renewal rates for its on-premise subscription business. The underperformance of the federal vertical caused a notable headwind for Varonis despite it accounting for just 5% of annual recurring revenue.

Azure Outage Comes a Week After a Cloud DNS Error Disrupted AWS Users
Microsoft's Azure cloud and 365 systems suffered an outage at noon on Wednesday because of a configuration error - hours before its quarterly earnings call and about a week after rival AWS underwent a widespread outage that shut down applications and services for most of the day.

Treasury Yet to Release Sector-Specific Controls and Reimbursement Mechanisms
Australia introduced the world to the first-ever Scam Prevention Framework law that promised to make the country the hardest place on earth for fraudsters. Eight months later, it's trapped in bureaucratic limbo - passed, praised and still waiting to work.

Add-On EMV Features Put Merchants at Risk to High-Charging 'Free Lunch' Crooks
Variations in how EMV ecosystem players implement the standard, as well as a bevy of features they've bolted on - transit modes, offline payment restrictions - have been "overloading" the specification and introducing exploitable vulnerabilities, warn a team of researchers.

Agency Warns Vertikal Systems Vulnerabilities Could Help Hackers Access Data
U.S. federal authorities are warning about vulnerabilities in hospital information management systems from Romanian firm Vertikal Systems that could allow hackers to obtain and disclose patient data. The affected systems are used mostly by smaller hospitals and clinics outside the United States.

Staff Allegedly Took Photos, Posted Pics on Social Media Without Patient Consent
A Florida hospital is facing several lawsuits filed by patients who alleged staff members used their personal phones to take and post humiliating photos on social medial of the patients without their consent while they were asleep or medicated, and semi-undressed.

Thousands of Windows Server Update Services Observed Online
Warnings over hackers exploiting a Windows Server Update have compounded since Microsoft rushed out a patch Friday against a flaw allowing unauthenticated attackers to execute arbitrary code.

Nonprofit Foundation Holds Equity, Oversight Around $130B For-Profit Corporation
The nonprofit OpenAI Foundation now controls a $130 billion for-profit arm after a recapitalization process approved by attorneys general in California and Delaware. The nonprofit retains governance authority and will fund global health and AI risk mitigation programs, backed by regulatory approval.

CISA Says Hackers Actively Exploit Manufacturing Operations Management Platform
Software made by a French multinational that's used to manage manufacturing across the globe is under active attack, warned the Cybersecurity Infrastructure and Security Agency in the second such warning in two months. Hackers are exploiting two vulnerabilities in the Delmia Apriso platform.

CEO Nikesh Arora: Next-Generation Security Play Ties Automation to Identity, Cloud
With new products set to launch, Palo Alto Networks is expanding its AI cybersecurity footprint. Chairman and CEO Nikesh Arora introduced the AgentiX platform, a retooled cloud approach, identity enhancements and a deal making Palo Alto the core security provider for Oracle Cloud.

Humana, BCBS Montana Are Among Clients of Conduent Hack
Conduent Business Solutions LLC has told state regulators that a hacking incident discovered in January has affected more than 10.5 million patients. Clients affected include Blue Cross Blue Shield of Montana and Humana, as well as an undisclosed number of other organizations.