DataBreachToday.com

Smaller and rural hospitals and clinics, as well as federally qualified health centers, are constantly battling cybersecurity resource constraints, and especially serious workforce shortages, said Jennifer Stoll of OCHIN, a nonprofit provider of health IT services and products.

Attackers Can Trick Gemini Into Displaying Deceptive Messages, Researchers Warn
Attackers can hide malicious instructions inside emails to trick Google's Gemini into delivering falsified summaries with deceptive messages to end users, researchers warn. Google said it's continuing to put multiple defenses in place to combat these types of prompt injection attacks.

Rural hospitals and small medical practices must be creative and open-minded in when it comes locking down their digital footprint, said Jim Roeder, vice president of IT at Lakewood Health System. There's help from the private- and public-sectors and open source tools.

Cohesity CEO Sanjay Poonen Says Unified Platform Offers Faster, Smarter Recovery
Cohesity’s Sanjay Poonen says customers increasingly demand AI-powered data security and sovereign cloud options. The acquisition of Veritas' data protection business has expanded product reach, accelerated engineering output and enhanced security for on-prem and multi-cloud workloads.

Virtru Targets AI-Driven Control of Unstructured Data With Iconiq-Led Funding Round
Virtru raised $50 million, doubling its valuation to $500 million. The funding will expand the company’s capabilities in AI governance and multi-party analytics through continued investment in its trusted data format as a foundation for managing sensitive data across enterprises and governments.

Also: SolarWinds Case Nears Quiet Settlement; Securing Agentic AI Requires Layers
In this week's edition, Information Security Media Group editors discussed Russia’s cyber treason arrests, the A U.S. Securities and Exchange Commission legal settlement with SolarWinds - and its impact on security leaders - and how organizations are working to secure agentic AI.

Britain's Tax Collector HMRC Lost $63 Million to Fraudsters Wielding Taxpayer Data
Police on Thursday arrested 13 individuals in Romania and one in England on suspicion of engaging in a massive tax fraud scheme against Britain. The arrests appear to be tied to a gang that used phishing attacks against British taxpayers to steal $63 million via fraudulent tax claims.

As healthcare providers and their vendors develop and implement agentic artificial intelligence and other AI tools, they need to throughly understand data privacy risks under HIPAA and other laws, said attorney Jordan Cohen of law firm Akerman LLP.

AI Models Mostly Fail in Full Track of Vulnerability Research to Exploit
The rise of code-illiterate but AI-enabled script kiddies able to wreak havoc by weaponizing software vulnerabilities into automated exploits, thanks to expert-level assistance from large language models, remains but a future possibility, based on exploit-writing tests of 50 LLMs.

Also, US Sanctions North Korean IT Worker Scammers and More Paraguay Hacks
This week, McDonald's password mishap, North Korean IT worker sanctions, a wormable Microsoft flaw, Qantas update. Monzo fined, Flutter data breach and CyberTeam again targeted Paraguay. Anatsa Trojan reappeared, DoNot targeted a European ministry. Academics sneaked prompt injections into papers.

Abnormal AI CEO Evan Reiser on Behavioral Anomalies, Personalized Phishing Training
Abnormal AI is rolling out behavior-driven AI tools that automate phishing awareness and data reporting. Co-founder and CEO Evan Reiser says the platform reflects a shift away from generic campaigns and manual dashboards toward contextual, real-time defense.

Also: Winkle Abduction Sentencing and Crypto Theft Rising
This week, uncovering 40 malicious crypto Firefox extensions, three sentenced in a Belgium court for crypto kidnapping, the rise of crypto theft. The U.S. Secret Service is a huge crypto custodian, and prosecutors claw back funds pilfered by a fake presidential inaugural committee.

Suspects Tied to April Ransomware Attacks Against Retailers M&S, Co-Op, Harrods
The U.K.'s National Crime Agency on Thursday arrested in England four suspected members of the Scattered Spider cybercrime collective, as part of an ongoing investigation into major, disruptive hack attacks in April against major retailers Marks & Spencer, the Co-Op and Harrods.

Impersonation Hoax Leverages Top Officials' Known Use of Commercial Messaging App
Security analysts tell Information Security Media Group more impersonation scams fueled by artificial intelligence - like the recent one involving Secretary of State Marco Rubio - may increasingly target top U.S. officials if the government continues failing to enforce strict security protocols.

AI Is Fueling Innovation and Blind Spots. Deep Observability Helps Close the Gap.
AI is transforming business, but it's also creating new security challenges. With network traffic surging and shadow AI on the rise, visibility is more critical than ever. Learn how deep observability helps close the gaps and defend against AI-fueled threats.

Cybercrime gang Scattered Spider is the top suspect in several recent cyberattacks in the U.S. insurance sector, and it's likely that threat actors could still be lurking in other insurers' IT environments, said Peter McMurtrie of consulting firm West Monroe.