Anarcho-syndicalist hacktivists (particularly those of Anonymous) apparently struggle with limiting (or even thinking about, let alone anticipating) the collateral damage they do. Boston Children's Hospital suffered a denial-of-service attack over Easter weekend. (It didn't happen in this case, but hacktivists who pivot between systems are particularly likely to affect medical devices.)
Vulnerabilities are found in both NetSupport (a remote management app) and Viber (mobile messaging) that place information at risk of compromise.
Kaspersky finds the Android banking Trojan "FakeInst" in the US. FakeInst's vector poses as an app for downloading free pornographic videos (this shouts "risky" about as clearly as can be imagined).
Heartbleed continues to preoccupy administrators (and so can serve as misdirection for unrelated exploits). It also prompts widespread rethinking of open source development practices.
Apache's recent Struts zero-day patch is faulty, and a new one is expected by Monday.
To return to healthcare cyber security issues, Wired runs a good overview of what the risks are and why they persist: essentially, medical devices are networked to improve healthcare productivity. Why not, for example, enable care from a nursing station? Some vendors and users are reluctant to patch because they fear having to vet patched devices through the FDA. (But the FDA has had a cyber security exception in place since 2005.) The FBI warns healthcare providers that they need to up their cyber game, and the US Department of Health and Human Services puts financial teeth into medical privacy, extracting million dollar settlements for lost unencrypted laptops.