Latest news with #BleepingComputer
Fox News
8 hours ago
- Health
- Fox News
5.4 million patient records exposed in healthcare data breach
Over the past decade, software companies have built solutions for nearly every industry, including healthcare. One term you might be familiar with is software as a service (SaaS), a model by which software is accessed online through a subscription rather than installed on individual machines. In healthcare, SaaS providers are now a common part of the ecosystem. But, recently, many of them have made headlines for the wrong reasons. Several data breaches have been traced back to vulnerabilities at these third-party service providers. The latest incident comes from one such firm, which has now confirmed that hackers stole the health information of over 5 million people in the United States during a cyberattack in January. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide — free when you join. Episource, a big name in healthcare data analytics and coding services, has confirmed a major cybersecurity incident (via Bleeping Computer). The breach involved sensitive health information belonging to over 5 million people in the United States. The company first noticed suspicious system activity Feb. 6, 2025, but the actual compromise began ten days earlier. An internal investigation revealed that hackers accessed and copied private data between Jan. 27 and Feb. 6. The company insists that no financial information was taken, but the stolen records do include names, contact details, Social Security numbers, Medicaid IDs and full medical histories. Episource claims there's no evidence the information has been misused, but because they haven't seen the fallout yet doesn't mean it isn't happening. Once data like this is out, it spreads fast, and the consequences don't wait for official confirmation. The healthcare industry has embraced cloud-based services to improve efficiency, scale operations and reduce overhead. Companies like Episource enable healthcare payers to manage coding and risk adjustment at a much larger scale. But this shift has also introduced new risks. When third-party vendors handle patient data, the security of that data becomes dependent on their infrastructure. Healthcare data is among the most valuable types of personal information for hackers. Unlike payment card data, which can be changed quickly, medical and identity records are long-term assets on the dark web. These breaches can lead to insurance fraud, identity theft and even blackmail. Episource is not alone in facing this kind of attack. In the past few years, several healthcare SaaS providers have faced breaches, including Accellion and Blackbaud. These incidents have affected millions of patients and have led to class-action lawsuits and stricter government scrutiny. If your information was part of the healthcare breach or any similar one, it's worth taking a few steps to protect yourself. 1. Consider identity theft protection services: Since the healthcare data breach exposed personal and financial information, it's crucial to stay proactive against identity theft. Identity theft protection services offer continuous monitoring of your credit reports, Social Security number and even the dark web to detect if your information is being misused. These services send you real-time alerts about suspicious activity, such as new credit inquiries or attempts to open accounts in your name, helping you act quickly before serious damage occurs. Beyond monitoring, many identity theft protection companies provide dedicated recovery specialists who assist you in resolving fraud issues, disputing unauthorized charges and restoring your identity if it's compromised. See my tips and best picks on how to protect yourself from identity theft. 2. Use personal data removal services: The healthcare data breach leaks loads of information about you, and all this could end up in the public domain, which essentially gives anyone an opportunity to scam you. One proactive step is to consider personal data removal services, which specialize in continuously monitoring and removing your information from various online databases and websites. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. Get a free scan to find out if your personal information is already out on the web. 3. Have strong antivirus software: Hackers have people's email addresses and full names, which makes it easy for them to send you a phishing link that installs malware and steals all your data. These messages are socially engineered to catch them, and catching them is nearly impossible if you're not careful. However, you're not without defenses. The best way to safeguard yourself from malicious links is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 4. Enable two-factor authentication: While passwords weren't part of the data breach, you still need to enable two-factor authentication (2FA). It gives you an extra layer of security on all your important accounts, including email, banking and social media. 2FA requires you to provide a second piece of information, such as a code sent to your phone, in addition to your password when logging in. This makes it significantly harder for hackers to access your accounts, even if they have your password. Enabling 2FA can greatly reduce the risk of unauthorized access and protect your sensitive data. 5. Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts. What makes this breach especially alarming is that many of the affected patients may have never even heard of Episource. As a business-to-business vendor, Episource operates in the background, working with insurers and healthcare providers, not with patients directly. The people affected were customers of those companies, yet it's their most sensitive data now at risk because of a third party they never chose or trusted. This kind of indirect relationship muddies the waters when it comes to responsibility and makes it even harder to demand transparency or hold anyone accountable. Do you think healthcare companies are investing enough in their cybersecurity infrastructure? Let us know by writing us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Follow Kurt on his social channels Answers to the most asked CyberGuy questions: New from Kurt: Copyright 2025 All rights reserved.
Tom's Guide
4 days ago
- Tom's Guide
New FileFix attack brings ClickFix social engineering to Windows File Explorer — how to stay safe
Developed by cybersecurity researcher, mr. d0x, a FileFix attack is a new version of the ever popular ClickFix social engineering tool. For those unfamiliar with ClickFix, it tricks users into executing malicious commands by convincing them that they need to 'fix' something in order to complete a task on their machines. As reported by BleepingComputer, this new FileFix method uses the Windows File Explorer address bar instead. Mr.d0x not only discovered the new method but has demonstrated that it can be used in attacks to target company employees via the same social engineering techniques that have proven highly successful with ClickFix. ClickFix attacks, which have surged in popularity recently, are browser-based and use a variety of tactics to get victims to click on a button in their browser that will copy a command to their Windows clipboard. The victim is then told to paste the command into PowerShell or prompted to perform an additional command in order to 'fix' the issue. This is frequently seen as a reCAPTCHA or an error that needs to be corrected via the Win+R Run Dialog. It has proven to be an extremely effective malware tool, used to spread dangerous infostealers and launch ransomware attacks. The FileFix update created by mr.d0x is similar to a typical ClickFix attack but pastes the command into Windows File Explorer, which many users are more comfortable using. File Explorer can also execute operating system commands which means it has a functional upload feature; the 'trick' portion of the attack is that it no longer requires an error or an issue as a lure and may simply appear as a notification for a shared file that the user needs to locate through File Explorer. FileFix is a phishing page that includes an 'Open Fixe Explorer' button that will launch File Explorer through the file upload functionality and copy the PowerShell command to the clipboard. The fake path is initially seen in the Fixe Explorer address bar, which hides the malicious command and then executes it. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. The ClickFix tactic that's currently being used in more and more in attacks is working due to the fact that it's able to bypass the best antivirus software and many other security tools. The reason for this is that victims end up doing most of the heavy lifting themselves as the hackers behind this and similar campaigns use social engineering to coerce them into taking action. The hackers behind this and similar campaigns use your preexisting knowledge and online habits to get you to do something you otherwise normally wouldn't. They might also use a sense of urgency to get you to visit one of the malicious sites used in this campaign. If you do see a verification pop-up with instructions, close the website immediately and whatever you do, don't interact with it or follow its instructions. Being asked to open a Terminal or Command Prompt window on your computer is a major red flag. However, not everyone is as tech savvy which is why you should share what you've learned with both older and younger family members, friends and colleagues to help keep them safe, too.
Tom's Guide
5 days ago
- Tom's Guide
SparkKitty spyware caught stealing photos on iPhone and Android — and the reason might surprise you
Whether you use an iPhone or an Android phone, chances are, there's plenty of sensitive personal and financial information on your smartphone. While hackers have been known to go after your passwords, there's a new malware strain making the rounds online that also has your photo library in its sights. As reported by BleepingComputer, both the best iPhones and the best Android phones are currently being targeted in a new campaign that uses SparkKitty to steal all of the images of an infected device. According to the cybersecurity firm Kaspersky, this campaign has been active since February of last year. However, what sets it apart is the fact that the malware in question found its way onto both Apple's App Store and the Google Play Store. If you thought the hackers behind this campaign were after your selfies, think again. Instead, they're looking for screenshots of crypto wallet seed phrases. For those unfamiliar, these very important phrases are the only way you can regain access to a crypto wallet if you forget your password. With them in hand though, hackers can easily drain all of your digital currency and good luck trying to get it back. Here's everything you need to know about this new campaign along with some tips and tricks on how you can avoid having your Android phone or even your iPhone come down with a nasty malware infection. Just like with many other malware campaigns, this one uses malicious apps to establish a foothold on targeted devices before infecting them with SparkKitty. In its report on the matter, Kaspersky explains that the hackers behind this campaign used the SOEX messaging app which also has cryptocurrency exchange features to target Android users directly on the Google Play Store. Meanwhile, on iPhone, they used the 币coin app on Apple's App Store to achieve the same thing. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. While Google has already removed the SOEX app from the Play Store, at the time of writing, the 币coin app is still up on the App Store and has yet to be removed by Apple. Either way, if you downloaded either of these apps, you should manually delete them right now. At the same time, Kaspersky also found modded TikTok clones with fake online cryptocurrency stores as well as gambling apps, adult-themed games and casino apps distributing the SparkKitty malware. However, instead of being available on an official app store, these apps had to be sideloaded. SparkKitty is embedded as fake frameworks or delivered via enterprise provisioning profiles on iOS whereas on Android, the malware is embedded in both Java and Kotlin apps. On an iPhone, the malware is automatically executed when an app starts but on Android, it's triggered when an app launches or when a specific action like opening a certain screen type takes place. To gain access to a victim's photo library, SparkKitty requests access to an iPhone's photo gallery but on Android, the malicious app used to install the malware prompts the user to grant storage permissions so that it can access any images stored on their device. Either way, once installed, the malware begins exfiltrating both existing pictures and any new ones taken on an infected phone. From there, the malware goes through all of these stolen images, specifically looking for screenshots of crypto wallet seed phrases. When you sign up for a new crypto wallet or exchange, you're given a seed phrase and told to write it down to store it for safekeeping. Although taking a screenshot seems like a fast and practical way to do this, this campaign and others like it show just how dangerous doing this can be. This is why old-fashioned paper and pen is the best way to store your seed phrases. However, you should also store them under lock and key to protect them further. Although you can end up with a malware infection from clicking on malicious links, downloading email attachments from unknown senders and through piracy, one of the most common ways is via malicious apps either on official or unofficial app stores. For this reason, you need to be extremely careful when putting any new app on your iPhone or Android phone. You want to make sure that you read an app's reviews and check its rating but since these can be faked, you also want to look for external reviews on other sites. If you can find one, video reviews are an even better option since you get to see an app in action before installing it. It's also worth noting that even good apps can go bad when injected with malicious code which is why I always recommend limiting the number of apps you have installed on your devices. With fewer apps installed, there's less of a risk that you downloaded a malicious one or that a legitimate app has been hijacked by hackers. Before downloading any new app, you first want to ask yourself if you really need it. It's likely one of your existing apps or even your phone's operating system is able to accomplish the same thing. I always recommend limiting the number of apps you have installed on your devices. With fewer apps installed, there's less of a risk that you downloaded a malicious one. Additionally, you also want to stick to trusted and well-known apps when possible and for most people, you should never sideload any app onto your phone. The reason being is that the apps on Apple's App Store and the Google Play Store go through rigorous security checks that both sideloaded apps and those from unofficial app stores don't. Bad apps do manage to slip through the cracks from time to time. However, if you aren't carelessly downloading new ones, you'll be far less likely to accidentally install a malicious app. As for staying safe from mobile malware, if you have an Android phone, you want to make sure that Google Play Protect is enabled on your devices. This free and built-in security app scans all of your existing apps and any new ones you download for malware or other malicious activity to keep you safe. For extra protection though, you might also want to consider running one of the best Android antivirus apps alongside it. While there's no equivalent to these Android antivirus apps due to Apple's own malware scanning restrictions, the best Mac antivirus software from Intego is able to scan both your iPhone or iPad for malware but they have to be plugged into a Mac via USB cable to do so. Malicious apps aren't going anywhere anytime soon given how successful they've been for hackers in malware campaigns like the one described above. However, if you think before you tap and limit the number of apps on your phone overall, your chances of ending up with a malware infection after downloading a malicious app will be a lot lower. Likewise, you also want to make sure that you talk to both your younger and older family members and friends about the risks posed by malicious apps in order to keep everyone you know safe from hackers.
The Verge
6 days ago
- The Verge
About that '16 billion passwords' data breach.
Passkeys: all the news and updates around passwordless sign-ins See all Stories Posted Jun 22, 2025 at 5:08 PM UTC About that '16 billion passwords' data breach. The original source of the report, Cybernews , says that since the start of the year, its researchers have 'discovered 30 exposed datasets containing from tens of millions to over 3.5 billion records each. In total, the researchers uncovered an unimaginable 16 billion records.' This isn't a breach of one company or another's systems, but compiled records, with some believed to be from 'infostealer' malware, as well as previous leaks. As Bleeping Computer points out, what you should be doing hasn't changed -- using unique passwords with a password manager, enabling two-factor authentication, and adding other forms of security like passkeys and security keys that can replace passwords altogether.
Scottish Sun
7 days ago
- Scottish Sun
Urgent warning over new mobile attack that allows hackers to see INSIDE your banking app and hijack your accounts
A new malware allows criminals to hack into your device HACK ATTACK Urgent warning over new mobile attack that allows hackers to see INSIDE your banking app and hijack your accounts Click to share on X/Twitter (Opens in new window) Click to share on Facebook (Opens in new window) AN URGENT warning has been issued over a new mobile attack that allows hackers to hijack your bank accounts. A dangerous new version of malware, or malicious software, allows criminals to see inside your banking apps and steal your money. Sign up for Scottish Sun newsletter Sign up 1 A new version malware allows criminals to hack into your banking apps Credit: Getty The new Android "Godfather" malware creates an isolated virtual environment on mobile devices, according to BleepingComputer. Hackers can then steal your account data and transactions from legitimate banking apps. Malicious apps are executed inside the controlled virtual environment enabling real-time spying, credential theft and transaction manipulation. This can all happen when you're none the wiser as it maintains perfect visual deception. The tactic is similar to the FjordPhantom malware seen in 2023 but experts warn that the Godfather is much broader in scope. It targets over 500 banking, cryptocurrency and e-commerce apps worldwide. Zimperium, a world leader in mobile security, say that the level of deception is very high. The user is able to see the real app but the Android protections don't pick up the malicious operation underway. Once active on the device, the malware checks for installed target apps and places them inside its virtual environment. The malware tricks Android into thinking that a legitimate app is being run while actually intercepting and controlling it. A victim will launch their banking app and see the real app interface but all of their sensitive data can easily be hijacked. The Godfather malware can then record account credentials, passwords, PINS and capture responses from your bank. This is because the malware tricks the victim by displaying a fake lock screen to trick them into entering their passwords and PIN numbers. Once criminals have harvested that data, they can then trigger payments inside the real banking app. Huge Global Data Breach: 16 Billion Accounts at Risk The victim might see a fake "update" screen or a black screen to evade suspicion. The Godfather malware was first discovered in March 2021 and has seen a significant evolution. In December 2022, analysts found that it could target over 400 apps over 16 countries. Although the campaign analysts spotted only targets a dozen Turkish banking apps, Godfather operators could opt to target over 500 apps worldwide. To protect yourself it's advised that you only download apps from Google Play or from app publishers you trust. Android users should also ensure that Play Protect is active and pay attention to the requested permissions.
