BankInfoSecurity.com

Agency Warns Vertikal Systems Vulnerabilities Could Help Hackers Access Data
U.S. federal authorities are warning about vulnerabilities in hospital information management systems from Romanian firm Vertikal Systems that could allow hackers to obtain and disclose patient data. The affected systems are used mostly by smaller hospitals and clinics outside the United States.

Staff Allegedly Took Photos, Posted Pics on Social Media Without Patient Consent
A Florida hospital is facing several lawsuits filed by patients who alleged staff members used their personal phones to take and post humiliating photos on social medial of the patients without their consent while they were asleep or medicated, and semi-undressed.

Thousands of Windows Server Update Services Observed Online
Warnings over hackers exploiting a Windows Server Update have compounded since Microsoft rushed out a patch Friday against a flaw allowing unauthenticated attackers to execute arbitrary code.

Nonprofit Foundation Holds Equity, Oversight Around $130B For-Profit Corporation
The nonprofit OpenAI Foundation now controls a $130 billion for-profit arm after a recapitalization process approved by attorneys general in California and Delaware. The nonprofit retains governance authority and will fund global health and AI risk mitigation programs, backed by regulatory approval.

CISA Says Hackers Actively Exploit Manufacturing Operations Management Platform
Software made by a French multinational that's used to manage manufacturing across the globe is under active attack, warned the Cybersecurity Infrastructure and Security Agency in the second such warning in two months. Hackers are exploiting two vulnerabilities in the Delmia Apriso platform.

CEO Nikesh Arora: Next-Generation Security Play Ties Automation to Identity, Cloud
With new products set to launch, Palo Alto Networks is expanding its AI cybersecurity footprint. Chairman and CEO Nikesh Arora introduced the AgentiX platform, a retooled cloud approach, identity enhancements and a deal making Palo Alto the core security provider for Oracle Cloud.

Atlantic Council's Ray on How Geopolitics, Technology, Power Collide in the AI Era
Trisha Ray, associate director and resident fellow at the Atlantic Council's GeoTech Center, shares the risks countries face when relying heavily on a handful of global tech companies for AI infrastructure, chips and cloud services.

Digital Extortionists Try Recruiting Insiders, Email Barrages
Collective efforts to bolster cybersecurity defenses have been taking a big bite out of ransomware groups' earnings, leading groups to reach for new strategies, including social engineering, supply chain attacks, extortion services and bribing insiders, warn incident response experts.

Humana, BCBS Montana Are Among Clients of Conduent Hack
Conduent Business Solutions LLC has told state regulators that a hacking incident discovered in January has affected more than 10.5 million patients. Clients affected include Blue Cross Blue Shield of Montana and Humana, as well as an undisclosed number of other organizations.

Ravin Academy Records Reveal Identities of More Than 1,000 Participants
A public database of internal records from Iran's Ravin Academy - a cyber school linked to the Ministry of Intelligence - has been published online, exposing potentially sensitive data on over 1,000 trainees, including individuals reportedly tied to Western institutions.

Everest Extortion Group Lists Dublin Airport
A Russian data extortion group threatened Sunday to release passenger data putatively stolen from the Dublin Airport days after its operator said it investigated a breach stemming from a September cybersecurity incident that affected airports across Europe.

New Texas health information legislation that began to go into effect on Sept. 1 includes several noteworthy provisions including requirements related to health record data storage and artificial intelligence, said regulatory attorney Rachel Rose. Rose explains the significance of the new state law.

A new AI-powered clinical decision support system developed by Google and NASA aims to help astronauts diagnose and treat medical issues during space missions - even when real-time communication with Earth is unavailable, said Chris Hein, field CTO of Google Public Sector.

State cybersecurity regulations that apply to some hospitals in New York state go well compliance under the federal HIPAA security rule, posing expanded data governance challenges for providers, said Matthew Bernstein of consulting firm Bernstein Data.

Among pressing issues facing healthcare providers and health IT vendors is how artificial intelligence enabled tools such as AI assistants might further facilitate patients' access to records as well as the transmission of records themselves, said attorney Alisa Chestler of law firm Baker Donelson.

Compendium Features Dozens of In-Depth Interviews With CEOs, CISOs and Researchers
Welcome to Information Security Media Group's Infosecurity Europe 2025 Compendium featuring cybersecurity insights from industry's top researchers, CEOs, CISOs, government leaders and more. Inside this guide, you'll find links to video interviews created by ISMG.Studio.

Airport Baggage Carousels Are Weapons, in the Right Hands
Consider the airport baggage carousel. It's big, clunky and tedious to wait by. But look at it like a war planner does, and it's suddenly very different: An almost certainly poorly secured technology system that foreign adversaries could exploit to disrupt military mobilization across the United States.

March Breach Affected Nearly 5.6 Million; NextGen Proposed Settlement Also Reached
Connecticut's largest healthcare network - Yale New Haven Health System - has agreed to pay $18 million to settle class action litigation filed in the aftermath of a March hack affecting nearly 5.6 million people. The incident ranks as the biggest health data breach reported so far in 2025.

Pension Funds Say Fortinet Leaders Misled Market With Overly Rosy Refresh Outlook
Public pension funds filed securities fraud lawsuits claiming Fortinet misled investors by overstating the value and timing of a major firewall refresh cycle. The lawsuits allege the refresh involved outdated products and had limited business impact, contradicting Fortinet's upbeat public messaging.

Forrester's Brent Ellis and Dario Maisto on Lessons Learned for Large Enterprises
The cascading outage across the U.S. East Coast triggered this week by a domain name system failure in an AWS DynamoDB service demonstrates the risks of deep architectural dependencies and the challenges of building true multi-region cloud resilience, said Forrester's Brent Ellis and Dario Maisto.