SecureFact - Cyber Security News - Week of February 03, 2025

Data Breaches

1. US healthcare provider data breach impacts 1 million patients

Community Health Center (CHC), a prominent healthcare provider in Connecticut, has reported a significant data breach affecting over 1 million patients. The breach, which occurred in mid-October 2024 but was only discovered on January 2, 2025, involved unauthorized access to CHC's network by skilled hackers. Approximately 1,060,936 individuals had their personal and health information compromised, including names, Social Security numbers, medical diagnoses, and treatment details. Fortunately, the attackers did not encrypt any systems or disrupt daily operations, and CHC claims to have contained the breach quickly. This incident highlights the increasing prevalence of data theft in the healthcare sector and has prompted discussions about enhancing security measures, including proposed updates to HIPAA regulations by the U.S. Department of Health and Human Services.

2. DeepSeek exposes database with over 1 million chat records

DeepSeek, a Chinese AI startup known for its DeepSeek-R1 language model, has inadvertently exposed two unsecured databases containing over 1 million chat records and sensitive operational information. Discovered by Wiz Research during a security assessment, the databases were accessible without authentication and included plaintext user chat histories, API keys, and internal logs dating back to January 6, 2025. This exposure posed significant security risks, as attackers could potentially access sensitive data and execute arbitrary SQL queries. Although Wiz reported the issue to DeepSeek, which promptly secured the databases, concerns remain about the company's overall security posture and its ability to protect user data from both external threats and compliance pressures from the Chinese government. The incident raises alarms for organizations utilizing DeepSeek's AI in sensitive operations, highlighting the need for robust data protection measures.

3. State of emergency declared in Dover due to potential cybersecurity threat

Dover Mayor Robin Christiansen declared a state of emergency on January 29, 2025, due to a potential cybersecurity breach affecting the city's IT systems. The declaration, effective from 8 a.m., was prompted by credible information suggesting that protected data may have been compromised. While a confirmed data breach has not been established, the mayor expressed concerns about possible impacts on emergency services and personal data security. The state of emergency allows the city to take necessary actions to safeguard residents, including hiring external experts for investigation and response. This situation follows a previous data loss incident reported earlier in January.

4. Globe Life data breach may impact an additional 850,000 clients

Globe Life announced that a data breach discovered in June 2024 may have affected an additional 850,000 clients, significantly increasing the scope of the incident initially thought to involve only 5,000 individuals. The breach occurred when hackers accessed a web portal and specific databases linked to independent agency owners, exposing sensitive personal information such as names, email addresses, phone numbers, Social Security numbers, and health-related data. Following the breach, Globe Life opted to notify all potentially affected customers and offered credit monitoring services. Although the company faced an extortion attempt from the hacker, it refused to pay the ransom and reported that the breach did not disrupt its IT operations.

5. Ransomware attack disrupts New York blood donation giant

New York Blood Center (NYBC) reported a ransomware attack that disrupted its operations and forced the rescheduling of blood donation appointments. The attack was detected on January 26 after suspicious activity was observed in its IT systems. Although NYBC continues to accept donations, it has had to cancel some blood drives due to operational challenges. The organization is collaborating with cybersecurity experts to contain the threat and restore services. This incident follows a recent blood emergency caused by a significant drop in donations and raises concerns about potential data breaches involving donor information.

?Malware and Vulnerabilities

1. PyPI adds project archiving system to stop malicious updates

The Python Package Index (PyPI) has launched a new feature called "Project Archival" to enhance security and transparency in open-source projects. This system allows project maintainers to archive their projects, signaling that no further updates or maintenance will occur. While archived projects remain available for download, users will receive warnings about their status, encouraging them to seek actively maintained alternatives. This initiative aims to mitigate risks associated with account hijacking and malicious updates in abandoned projects, which are common vulnerabilities in the open-source ecosystem. Future enhancements may include additional statuses like "deprecated" and "unmaintained" for better clarity.

2. Major GitHub outage affects pull requests and other services

GitHub experienced a significant outage affecting various services, including pull requests, issue creation, and repository access. Users reported issues such as timeouts and errors indicating that requests could not be processed in time. The company identified a problem with its caching infrastructure and is actively working to resolve it. While GitHub has not disclosed the number of users impacted or the specific regions affected, the incident has been classified as a "major outage." This follows a history of similar disruptions, including notable outages in early 2022 and May 2023.