VerSprite Weekly Threat Intelligence

Date Range: 1 February 2025 – 14 February 2025

Issue: 1st Edition

Introduction

The first two weeks of February 2025 have been a mixed bag for the healthcare industry in terms of cybersecurity. While there have been positive strides in regulatory frameworks and proactive security measures, ransomware attacks and data breaches continue to plague organizations, exposing sensitive patient data and disrupting critical services. Additionally, new threats like fake CAPTCHA campaigns and vulnerabilities in medical devices are emerging, highlighting the need for constant vigilance. This newsletter dives into the key developments under three categories: Security Triumphs, Security Setbacks, and New & Emerging Threats.

1. The Security Triumphs:

• New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits
  The U.S. Department of Health and Human Services (HHS) has proposed significant updates to HIPAA, including mandatory 72-hour data restoration, annual compliance audits, encryption mandates, and enhanced security protocols. These measures aim to combat rising cyber threats and protect sensitive patient data from breaches.
  Read full article

• FDA and CISA Warn About Vulnerabilities in Patient Health Monitors
  The FDA and CISA have issued warnings about vulnerabilities in Contec CMS8000 and Epsimed MN-120 patient monitors, urging healthcare facilities to disconnect devices from the internet and use local monitoring features only. This proactive advisory aims to mitigate risks before they lead to patient harm.
  Read full article

• Interlock Ransomware Group Targets Healthcare Organizations
  The Interlock ransomware group has been targeting healthcare organizations with double-extortion tactics, stealing sensitive data and encrypting systems. Recent victims include Brockton Neighborhood Health Center and Legacy Treatment Services.
  Read full article

• Data Breach at Community Health Center Impacts 1 Million Patients
  Community Health Center (CHC) in Connecticut notified over 1 million patients that their personal and health information was stolen in an October breach. The attackers accessed files containing sensitive data but did not encrypt systems or disrupt operations.
  Read full article

• Top Ransomware Threats Active in 2025
  LockBit, Lynx, and Virlock are identified as the top ransomware threats in 2025, employing tactics like double extortion, data breaches, and self-replicating malware. These groups are targeting businesses across industries, including healthcare.
  Read full article

2. The Bad: Security Setbacks

• Massive Data Breach at UnitedHealth Affects 190 million Americans
  UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, nearly doubling the previously disclosed total. This breach underscores the scale and impact of cyberattacks on healthcare systems.
  Read full article

• Ransomware Attack Disrupts New York Blood Center
  The New York Blood Center faced a ransomware attack that forced the rescheduling of appointments and disrupted operations. This incident highlights the critical nature of these services and the cascading effects of cyberattacks on healthcare infrastructure.
  Read full article

• Interlock Ransomware Group Targets Healthcare Organizations
  The Interlock ransomware group has been targeting healthcare organizations with double-extortion tactics, stealing sensitive data and encrypting systems. Recent victims include Brockton Neighborhood Health Center and Legacy Treatment Services.
  Read full article

• Data Breach at Community Health Center Impacts 1 Million Patients
  Community Health Center (CHC) in Connecticut notified over 1 million patients that their personal and health information was stolen in an October breach. The attackers accessed files containing sensitive data but did not encrypt systems or disrupt operations.
  Read full article

• Top Ransomware Threats Active in 2025
  LockBit, Lynx, and Virlock are identified as the top ransomware threats in 2025, employing tactics like double extortion, data breaches, and self-replicating malware. These groups are targeting businesses across industries, including healthcare.
  Read full article

3. The New: Emerging Threats

• Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks
  A global malware campaign using fake CAPTCHA verification checks to deliver the Lumma information stealer is targeting multiple industries, including healthcare. The campaign spans countries like the U.S., Argentina, and the Philippines, exploiting user interactions to bypass browser-based defenses.
  Read full article

• AI Security Risks Highlighted by DeepSeek Exposure
  Wiz Research discovered a publicly accessible database linked to DeepSeek, exposing sensitive information. This highlights growing security risks associated with AI adoption, particularly in cloud environments.
  Read full article

• Abandoned AWS S3 Buckets Pose Supply Chain Risks
  Researchers found that abandoned Amazon S3 buckets can be repurposed for supply chain attacks. These buckets, once re-registered, could respond to requests with malicious updates, posing significant risks to organizations relying on cloud infrastructure.
  Read full article

• Microsoft Warns of Attacks Exploiting ASP.NET Machine Keys
  Threat actors are exploiting publicly disclosed ASP.NET machine keys to inject malicious code, launching the Godzilla post-exploitation framework. Over 3,000 keys have been identified as vulnerable, posing a significant risk to web applications.
  Read full article

Subscription & Additional Resources

VeSprite Social: LinkedIn, Twitter

View More Articles: VerSprite Blog

Feedback/Contact Us: VerSprite’s Contact