CareCloud Informs SEC of Potential Patient Data Leak

Healthcare software firm CareCloud informs SEC of potential patient data leak

The electronic health records of patients may have been leaked after hackers gained access to the systems of healthcare software firm CareCloud.

The company notified regulators at the Securities and Exchange Commission late Friday that a network disruption on March 16 impacted one of CareCloud’s electronic health record environments for eight hours.

An investigation revealed that a hacker “temporarily had access to the system.” The incident was initially only reported to law enforcement but by March 24 company officials “determined that the incident is material in light of the sensitivity of the potentially affected information and the potential consequences of the incident.”

The consequences include “remediation and response costs, legal, regulatory and notification-related matters, and possible effects on patients, customers, counterparties, reputation and operations.”

Data Breach Exposes Corewell Health, Rocky Mountain

Corewell Health and Rocky Mountain Care have disclosed separate data breach incidents, highlighting ongoing cybersecurity challenges across the healthcare sector. The breaches, involving sensitive patient information and potential ransomware activity, underscore the growing risks associated with third-party vendors and healthcare network vulnerabilities.

Corewell Health, a Michigan-based non-profit health system, confirmed that more than 19,000 patients were impacted following a data breach at its business associate, Pinnacle Holdings, LTD. The Colorado-based consulting firm experienced a network disruption on November 25, 2024, which affected systems containing protected health information belonging to multiple healthcare clients.

Although Pinnacle Holdings acted quickly to secure its systems, the complexity of the affected data extended the investigation timeline. The company has now confirmed that compromised information includes patient names, phone numbers, dates of birth, Social Security numbers, driver’s license details, health insurance information, prescription data, and dates of service.

Italian regulator fines financial giant $36 million for data protection failures

Italian regulators on Monday fined one of the country’s largest financial institutions €31.8 million ($36 million) for improperly accessing the banking information of more than 3,500 customers for more than two years.

The Italian Data Protection Authority fined Intesa Sanpaolo SpA for what it called “serious shortcomings in personal data security, due to the inadequacy of the technical and organizational measures adopted.”

The regulator launched a probe following a data breach announced by the bank in July 2024. The ensuing investigation revealed that an employee accessed the banking information of 3,573 customers between February 2022 and April 2024 without having a proper reason to do so.

“These unauthorized accesses were not detected by internal control systems, highlighting significant weaknesses in the monitoring and prevention mechanisms,” the regulator said in a press release.

European Commission downplays ShinyHunters cyberattack impact

The European Commission on Monday sought to play down the impact of a cyberattack on parts of its public web infrastructure, saying there was no evidence its internal systems had been compromised.

In a statement issued Friday, the Commission said it had detected an incident affecting the Europa.eu web portal, the European Union’s central online platform hosting websites and services for its institutions.

The hacking group known as ShinyHunters has claimed responsibility, alleging it stole more than 350 gigabytes of data, including databases, emails and internal documents, and has published samples on its dark web leak site.

Speaking to reporters on Monday, Commission spokesperson Thomas Regnier confirmed some elements of the claims, including that parts of the Europa platform are hosted on cloud infrastructure provided by Amazon, but sought to minimize the significance of the breach.

DeepLoad Malware Pairs ClickFix Delivery with AI-Generated Evasion

ReliaQuest has observed the new “DeepLoad” malware being exploited in enterprise environments. What sets this campaign apart isn’t any single stand-out technique, but how the entire attack chain was engineered to defeat the controls most organizations rely on, turning one user action into persistent, credential-stealing access.

…

Delivered through “ClickFix” (a technique that tricks users into running malicious commands on their own machines), DeepLoad features evasion at every stage. The loader buries functional code under thousands of meaningless variable assignments, leaving file-based scanning tools with nothing to flag; and the payload runs inside a Windows lock screen process, likely chosen because it’s overlooked by security tools.

The business risk is immediate. DeepLoad captures credentials as users type them (not just from stored files) and can continue operating even if the initial loader is detected and blocked. In the incidents we investigated, the loader spread to connected USB drives, which means the initial host is unlikely to be the only impacted system.

Ransomware Attack Disrupts Major Spanish Fishing Port

Spain’s Port of Vigo has been hit by a ransomware attack that disrupted key digital systems, forcing authorities to disconnect parts of its network and shift to manual cargo operations. The incident, detected early Tuesday, impacted computer servers responsible for managing cargo traffic and other port services, highlighting growing cybersecurity risks within critical maritime infrastructure.

According to port officials, the attack locked certain systems and included a ransom demand, prompting an immediate response from the port authority’s technology team. To contain the threat, affected systems were isolated from external networks, preventing further spread while security teams assessed the extent of the breach.

Port president Carlos Botana confirmed that operations will not return to normal until systems are fully secured. He emphasized that reconnection will only occur once there is complete confidence that no residual threat remains, noting that there is currently no clear timeline for restoring digital services.