The Record reports: A Chinese state-backed hacking group is targeting Dell customers with a zero-day vulnerability impacting a popular line of operational and disaster recovery tools. Dell and Google released notices on Tuesday about CVE-2026-22769, warning that a sophisticated Chinese actor has been targeting the bug since at least mid-2024. Dell’s advisory said the vulnerability carries a […]
A press release from the Texas State Attorney General: Attorney General Ken Paxton issued Civil Investigative Demands (“CIDs”) to Blue Cross Blue Shield of Texas (“BCBS”) and Conduent Business Services LLC (“Conduent”), demanding documents and information pertinent to the investigation of the Conduent data breach that exposed the sensitive personal data of approximately four million […]
Down, down, down go Conduent’s stock prices. Breaches by third-party vendors or business associates account for the majority of patient records breached in incidents. The 2025 Breach Barometer report, which includes more than HIPAA-covered entities, found that 77% of breached patient records resulted from business associate breaches. Some business associate breaches affect millions of patients […]
Updates to two business associate breaches reveal that millions of patients have been impacted by third-part breaches, with Healthcare Interactive’s breach affecting 3 million patients and TriZetto Provider Solutions’s breach reportedly affecting another 700,000 patients. Healthcare Interactive Healthcare Interactive (“HCIactive”) is a Maryland-based provider of AI-powered software solutions for insurance enrollment and benefits administration. In […]
Cybersecurity Dive reports: Conduent said it may face additional financial risks related to a January 2025 attack that impacted a number of state governments and other organizations. The attack at the New Jersey-based payments contractor led to data breaches across a number of organizations, including state government agencies and insurance providers. In the state of Wisconsin, […]
BleepingComputer reports: The ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google, enabling threat actors to breach corporate SaaS platforms and steal company data for extortion. In these attacks, threat actors impersonate IT support and call employees, tricking them into […]
Apple Insider reports: Apple supply chain member Luxshare suffered a major data breach in December, and hackers that pilfered the files are now offering it for sale on the dark web. It looks legit. The Apple supply chain is typically a very secure system, and core to the existence of Apple itself. This leads it […]
The Minnesota Star Tribune reports: A breach in a Minnesota Department of Human Services system allowed inappropriate access to the private data of nearly 304,000 people. There is not evidence the data was misused, the department said in a Jan. 16 letter notifying impacted individuals. The letter was sent about four months after the breach […]
The HIPAA Journal reports: TriZetto Provider Solutions, a Cognizant-owned provider of revenue management services to physicians, hospitals, and health systems, has started notifying certain healthcare clients about a recently identified cybersecurity incident. On October 2, 2025, suspicious activity was identified within a web portal used by some of its healthcare provider customers to access TriZetto […]
Sarah Hemmersbach or Mitratech Holdings writes: A third-party data breach occurs when malicious actors compromise a vendor, supplier, contractor, or other organization to gain access to sensitive information or systems of the victim’s customers, clients, or business partners. Third-party data breaches are becoming increasingly common as technology makes it easier for businesses to connect and […]
