Archive for June 23, 2025

McLaren Health Care Pwned…. 743,000 Patients Impacted 

Posted in Commentary with tags on June 23, 2025 by itnerd

McLaren Health Care is warning 743,000 patients that the health system suffered a data breach caused by a July 2024 attack by the INC ransomware gang:

Although the attack was discovered on August 5, 2024, forensic investigations determining who was impacted were only completed on May 5, 2025, with the notice circulation starting last Friday.

And:

In early August 2024, the healthcare organization suffered an IT and phone systems outage that prompted investigations. Patient databases were reported impacted, and people were asked to bring information about appointments and medication when visiting McLaren hospitals.

Even though the organization did not specify who the attackers were, an employee at one of McLaren’s hospitals in Bay City, Michigan, posted INC ransom notes online that were automatically printed on the hospital’s printers.

In the notice sent to impacted individuals, McLaren Health Care admits that the incident concerned a ransomware attack, though INC is still not mentioned.

Chris Hauk, Consumer Privacy Champion at Pixel Privacy had this to say:

“Patients of the McLaren Health Care system need to stay alert for both accounts being opened in their names and for phishing texts or emails that may use the harvested data to obtain additional information. If McLaren offers free credit monitoring services (and there is no reason not to do so), affected patients should definitely take advantage of it.”

Paul Bischoff, Consumer Privacy Advocate at Comparitech provided this comment: 

“McLaren has not publicly disclosed what types of data were compromised in the attack, but patients and staff should take steps to protect their finances and identities. Check your credit reports, account statements, and medical bills for signs of fraud. If McLaren offers you free credit monitoring or identity theft monitoring, then take it.”

“McLaren is the latest in a long list of targets hacked by Inc Ransomware, many of which are hospitals and clinics. Inc has also launched successful attacks against Access Sports Medicine and Orthopaedics, OnePoint Patient Care, Taylor Regional Hospital, and Tri-City Medical Center, plus many more in the last year alone.”

“Hospitals and clinics are attractive targets for ransomware gangs. Hospitals cannot go long without access to medical records and other data, and they hold a lot of sensitive information. That makes them more likely to pay a ransom.  They also have a lot of non-IT staff and internet-facing services, which give hackers more opportunities to break in through phishing and software vulnerabilities.”

Erich Kron, Security Awareness Advocate at KnowBe4 adds this: 

“Healthcare is one of the top industries to be targeted by bad actors for not only ransomware, but also data theft. The data that these organizations collect and the information they have related to individuals is significant and very sensitive, so when we hear about a data breach like this, we should certainly be taking notice, especially if you are a customer or patient.”

“What is very concerning is that the attack was discovered in August of 2024, but it seems the real victims, those whose data was stolen and potentially put up for sale, have not been informed until now. A delay in informing patients about their potential risk and exposure could end up costing those victims more than just frustration. Bad actors in possession of this information can easily develop social engineering attacks that use this data to make them seem very legitimate, and potential victims should be warned of this possibility as soon as possible.”

“For those whose data has been stolen, it’s important that they monitor their credit and be aware of the potential for increased numbers of scams and other social engineering attacks.”

“Organizations that handle sensitive information such as this should have a plan in place to quickly deal with the issue and to warn anyone potentially impacted as soon as possible. It’s not just how quickly you recover from something like this, but how quickly you help your customers and patients protect themselves.”

On top of the fact that this is yet another health care organization that has been pwned, it took an insane amount of time to notify those who are affected. That gives the bad guys a huge head start in terms of doing all sorts of bad things with the data that they stole. That means that the victims are not going to have a happy ending on with this one.

Leave a comment »

Cyberattack on Iran’s Largest Cryptocurrency Exchange Nobitex Analyzed By Outpost24

Posted in Commentary with tags on June 23, 2025 by itnerd

Earlier today I posted a story warning about Iran launching cyberattacks on the US. But it seems that Iran has to worry about coming under a cyberattack as well.

The cyberattack by Gonjeshke Darande on Nobitex (Iran’s largest cryptocurrency exchange) made global headlines, not only for its scale, but for its political intent. This bold act of digital sabotage occurred within a rapidly deteriorating geopolitical context.

On June 13, 2025, Israeli airstrikes targeted key Iranian military and nuclear facilities. Iran responded with swift retaliation, escalating tensions across the region. In this environment, the Nobitex hack stands out not just as a significant cyber incident, but as a symbolic strike, designed to undermine Iran’s financial stability, expose alleged regime corruption, and deliver a political message in the language of cyberwarfare.

Today, Outpost24 Strategic Research Lead Lidia López Sanz published an analysis of the attack in her post Analyzing the Gonjeshke Darande attack on Iranian crypto exchange Nobitex walking through how the attack happened and the lessons that can be learned.

According to Lidia:

“It is very unusual to see millions of dollars’ worth of cryptocurrency burned with the sole purpose of causing disruption and making a political statement. There have been other major attacks on cryptocurrency exchanges, for example the North Korean state-sponsored group Lazarus is well known for such attacks, but those had mainly a financial gain motivation. In this case, Gonjeshke Darande, appears to have chosen to not steal the funds for profit, in order to deliver a stronger message.”

This analysis is completely worth reading. Thus I would set aside some time to do so.

Leave a comment »

Play ransomware gang takes credit for attack on Dairy Farmer’s of America

Posted in Commentary with tags on June 23, 2025 by itnerd

Ransomware group Play yesterday took credit for last week’s cyber attack on Dairy Farmers of America which disrupted multiple dairy manufacturing plants in the USA’s largest dairy cooperative.

Play said it stole confidential data including budget, payroll, accounting, taxes, and financial info from the DFA. Play gave the DFA three days to pay an undisclosed amount in ransom.

In a blog post reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote:

“Play is a ransomware group that has targeted organizations in healthcare finance, manufacturing, real estate, education, and more since June 2022. Its double-extortion model forces targets to pay a ransom both for a decryption key to restore infected systems and to not sell or publicly release stolen data. Play has taken credit for 152 confirmed ransomware attacks since it began, compromising nearly 1.4 million records.”

“15 of its attacks hit businesses in the food and beverage industry. Those include recent attacks on Krispy Kreme, which notified 161,676 people of a November 2024 breach, and Ganong Bros, which reported a breach in February 2025. Krispy Kreme says it lost $11 million in revenue and spent $3 million on remediation due to Play’s attack. Play has claimed 11 confirmed attacks and made 193 unconfirmed claims since the start of 2025.”

“Ransomware attacks on food and beverage companies can both steal data and lock down computer systems. Businesses are forced to pay a ransom or face extended downtime, data loss, and putting customers at increased risk of fraud. Ransomware attacks can delay and disrupt supply chains, logistics, payments, orders, and other day-to-day tasks that rely on computer software.”

These guys sound like they are going to be the next ransomware group that we will have to really worry about as they sound like they are really going to town on victims. Thus consider this a warning to shore up your defences to make sure that you are not their next victim.

Leave a comment »

DHS Drops Warning About Iran Launching Cyberattacks Against The US

Posted in Commentary with tags , on June 23, 2025 by itnerd

DHS NTAS Bulletin is out that everyone should read given the escalated situation between the US and Iran:

The ongoing Iran conflict is causing a heightened threat environment in the United States. Low-level cyber attacks against US networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against US networks. Iran also has a long-standing commitment to target US Government officials it views as responsible for the death of an Iranian military commander killed in January 2020. The likelihood of violent extremists in the Homeland independently mobilizing to violence in response to the conflict would likely increase if Iranian leadership issued a religious ruling calling for retaliatory violence against targets in the Homeland. Multiple recent Homeland terrorist attacks have been motivated by anti-Semitic or anti-Israel sentiment, and the ongoing Israel-Iran conflict could contribute to US-based individuals plotting additional attacks.

Tom Pace, former Head of Cyber for the Department of Energy (DoE) and current CEO of NetRise, provides his thoughts on what CISOs in the US are doing to prepare for potential retaliatory cyberattacks by Iran:

CISOs are moving quickly to prepare for potential Iranian retaliation in cyberspace by tightening access controls, validating backups, and watching for TTPs tied to groups like APT33 and APT34, which are tied to Iran. Coordination with ISACs and federal partners is essential to stay current on threat intelligence and emerging attack patterns.

This moment reinforces the urgency of visibility to know what code is running where, what it’s connected to, and whether it’s vulnerable or end-of-life. Software supply chain security is no longer an abstract concept. It’s a frontline defense against adversaries who exploit opaque systems. CISOs are asking: if Iranian actors drop a custom wiper tomorrow, would we know which systems could execute it?

Iran is going to be targeting low-hanging fruit vulnerabilities that they know they can exploit, or target outdated SOHO routers and infrastructure for the purposes of creating low to moderate scale botnets.

China tends to have very explicit goals and outcomes that they are pursuing, which tend to center around intelligence gathering and positioning. Iran may be looking to cause more destruction, given the attacks on their country. These targets may be small and incapable of defending themselves and hold little to no strategic value, but Iran needs to have a response that provides the illusion that they are a competent actor on the world stage.

This threat while being directed at the US may spill over to countries that are aligned with the US. Thus if you’re responsible for defending your organization from cyberattacks, consider this a heads up to redouble your efforts regardless of where you are.

1 Comment »

KnowBe4 Research Uncovers Disconnect Between AI Adoption and Policy Awareness in the Workplace

Posted in Commentary with tags on June 23, 2025 by itnerd

KnowBe4 has shared new survey findings highlighting a severe AI governance gap. A new KnowBe4 survey of employees across Germany, South Africa, the Netherlands, France, the UK, and the US reveals that while a large majority of employees already engage with Artificial Intelligence (AI) tools at work, a strikingly low percentage are aware of their company’s official policies governing its use.

The findings reveal that, on average, 60.2% of employees are using AI tools in the workplace. In contrast, only 18.5% are aware of their company’s policy on AI usage. This significant gap suggests that the vast majority of AI activity within organizations is taking place without guidance or oversight. One in 10 employees (10%) have admitted to putting client data into an AI tool to complete a work task. 

Other Takeaways Across Regions

  • Varying AI Adoption Rates: While the average percentage of employees using AI in the workplace is 60.2% globally, adoption rates varied by region. France shows the lowest adoption rate, with only 54.2% of employees  saying they use AI tools at work, indicating a slower adoption rate. Conversely, South Africa records the highest at 70.1%, suggesting a more widespread use of AI. 
  • Persistent Policy Awareness Gaps: An average of 14.4% of employees reported being unaware of their company’s AI policy. This lack of awareness is particularly notable in the Netherlands (16.1%) and the UK (15.8%), indicating a need for enhanced communication and training strategies.
  • Sanctioned AI Use is Lagging: Only an average of 17% of employees use AI at work with their IT/security team’s knowledge. This figure, though highest in South Africa (23.6%), remains low overall, indicating a need for organizations to proactively provide and promote approved AI solutions.

The research emphasizes the critical need for organizations to bridge this awareness-usage gap. This requires not just establishing policies, but actively communicating them, providing comprehensive training on ethical and secure AI use, and offering approved, user-friendly AI tools to mitigate the significant risks posed by uncontrolled AI adoption.

For more insights and best security practices, visit https://www.knowbe4.com/

Leave a comment »

Today Is International Women in Engineering Day

Posted in Commentary on June 23, 2025 by itnerd

With International Women in Engineering Day on June 23, here’s some commentary from some leading figures in the field:

 Devin Haynes, Product Owner, SIOS Technology on Challenging the Status Quo:

“Women bring a unique perspective to tech. When women are part of tech teams, innovation improves. We challenge assumptions, encourage broader thinking and reduce groupthink. Women often approach technology with a focus on usability, empathy, and real-world application. These qualities are essential in designing systems that meet our world today. Women bring this diversity of thought to any room and the solutions that are developed are better all around because of it. I often see that girls are hesitant to move into the tech field — that’s why representation matters. When girls and young women see me and others thriving in tech roles, it inspires them to do the same. It challenges the stereotype and opens their minds to a greater possibility. This is critical in a field where women, particularly women of color, remain underrepresented. Bringing more women into tech is a strategic advantage for any company. It leads to stronger teams, smarter products, and an industry that reflects the diversity of the world it serves.”

Yifan Lin, Software Engineer at Parallel Works:

“Growing up in a culture where engineering wasn’t seen as a path for women, I didn’t have role models who looked like me in this field,” said Yifan Lin, Software Engineer at Parallel Works. “People told us to aim for support roles—to be assistants, not builders. But I knew I wanted more. Entering this profession has taught me that you don’t need external validation to belong. If you’re drawn to solving problems and building things, trust that instinct and follow it—regardless of what others say. You don’t need permission to be here.” 

“We need more women to see that it’s not only possible to succeed in engineering, but also to lead. You’re allowed to take up space in this field. You don’t have to shrink yourself to meet others’ expectations—your future is yours to define. Every line of code we write, every system we build, helps normalize our presence and opens doors for the next generation.” 

Leave a comment »

Deepgram CEO Scott Stephenson Launches “The Scott Stephenson AI Show” — A No-Hype, Deep-Dive Podcast on the AI Revolution

Posted in Commentary with tags on June 23, 2025 by itnerd

Deepgramtoday announced the launch of The Scott Stephenson AI Show, a new podcast hosted by Scott Stephenson, CEO and Co-Founder of Deepgram. In each episode, Stephenson explores the fast-changing world of artificial intelligence (AI), cutting through the hype and digging into what’s actually happening under the hood of today’s most powerful AI technologies. Stephenson brings his signature candor, industry insight, and curiosity to every topic, offering unfiltered perspectives on what’s working, what’s hype, and what’s next.

Episode 1

In the first episode, Scott unpacks the concept of vibe coding, the rising trend where developers interact with AI in a product manager-like mindset, using natural language and feedback instead of conventional code. He also explores the emerging era of AI agents, A2A (agent-to-agent) communication, MCP (Model Context Protocol), and how these breakthroughs will reshape engineering and business workflows.

Episodes will be released bi-weekly. Future episodes will feature conversations around evaluating GenAI models, what and who to trust, and constraints and accelerators for the pace of innovation.  

Where to Watch and Subscribe:

Leave a comment »