Yale New Haven Health System (YNHHS), which operates several hospitals in Connecticut, recently disclosed a data breach impacting the personal information of millions of patients:
On March 8, 2025, YNHHS identified unusual activity affecting our IT systems. We immediately took steps to contain the incident and began an investigation with support from external cybersecurity experts, and we also reported the incident to law enforcement. At no point did the incident impact our ability to provide patient care.
Our investigation has now determined that an unauthorized third-party gained access to our network and, on March 8, 2025, obtained copies of certain data. The information involved varies by patient, but may include demographic information (such as name, date of birth, address, telephone number, email address, race or ethnicity), Social Security number, patient type, and/or medical record number. YNHHS’ electronic medical record system was not involved nor accessed in this incident, and no financial accounts, payment information or employee HR information was included.
We have begun the process of mailing letters to patients whose information was involved in this incident and providing appropriate resources, including offering complimentary credit monitoring and identity protection services to individuals whose Social Security number was involved. Patients are also encouraged to review statements they receive from their healthcare providers and immediately report any inaccuracies to the provider.
Commenting on this news is James McQuiggan, Security Awareness Advocate at KnowBe4:
“With this attack, not having any group come forward is unusual, as these groups thrive on recognition. They post leaks, demand ransoms, or even taunt organizations publicly. So, when silence follows a breach, it could be for a longer-term operation.”
“Data being exfiltrated could be used for a long-term scenario of identity theft, medical fraud, or perhaps resale on private dark markets. The attackers may also want to stay under the radar.”
“If a person’s sensitive data becomes exposed, they should quickly protect their identity and credit. Consider freezing credit to block identity fraud and monitor medical records for suspicious activity.”
“Change passwords for healthcare portals and stay alert for phishing attempts using their details. Don’t wait for official alerts. Just assume their data is exposed and protect their data and accounts adequately.”
“Like so many others, this breach isn’t just about stolen data. It’s about the lost trust between people, and the systems meant to protect their most personal information. Until security is treated as a shared responsibility by leadership, vendors, and every employee in the chain, these incidents and conversations will continue, and victims will keep paying the price.”
It’s only Thursday, but it truly feels like this week is full of ransomware attacks. That’s incredibly bad. And it illustrates that we all need to do better to stop the madness.
KnowBe4 Releases Their Q1 2025 Phishing Report
Posted in Commentary with tags KnowBe4 on April 28, 2025 by itnerdKnowBe4 today released its Q1 2025 Phishing Report. This quarter’s findings reveal the most deceptive email subjects users click in phishing simulations, indicating HR and IT-related emails account for over 60% of top-clicked phishing emails. All data for this report was taken from the KnowBe4 HRM+ platform between January 1, 2025, and March 31, 2025.
KnowBe4’s Q1 2025 Phishing Report reveals that impersonating internal communications, such as from HR or IT, received the most failures. An overwhelming 60.7% of the simulations clicked mentioned an internal team and 49.7% mentioned HR specifically. Despite evolving techniques by bad actors, phishing emails remain among the most prevalent tools for executing cyberattacks. Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into clicking malicious links or opening harmful attachments. Top reported subjects included “Zoom Clips” from managers, HR training reports, and mail server warnings.
The report highlights the ongoing threat posed by email-embedded phishing links, which continue to be a primary attack tactic. Analysis shows people were more likely to click on links related to internal topics or impersonating known brands (61.6%), with 68.6% involving domain spoofing. Organizations are highly susceptible to branded landing pages from Microsoft, LinkedIn and Google, which ranked as the top three most effective phishing destinations for harvesting credentials.
The report also reveals people’s continued susceptibility to phishing emails leveraging QR codes. The top three QR codes people scanned in simulations related to: a new drug and alcohol policy from HR (14.7%), a DocuSign for review and signing (13.7%) and a Workday happy birthday message (12.7%). In attachment-based campaigns, people were most likely to open PDFs (53%), HTML files (28.5%) and Word files (18.5%).
To download a copy of the Q1 2025 KnowBe4 Phishing Report infographic, visit here.
Leave a comment »