Here are some interesting updates about cybersecurity threats and new trends.
Hackers Target UK Healthcare: Visa Database Breach Exposes Workers' Data
A hacker has claimed to have breached a Home Office visas and immigration database, allegedly stealing personal details of hundreds of UK healthcare workers. The hacker reportedly posted on a forum, offering to sell passport details, work permits, UK visas, and bank statements belonging to healthcare workers.
The Home Office has confirmed that police are investigating the claims, describing it as "an incident affecting data held on a sponsor organisations system." The breach is understood to have affected approximately 200 people, significantly fewer than the initially reported 171,000.
The NHS and social care providers heavily rely on migrant workers and sponsor them for visas, making this breach particularly concerning for the healthcare sector. Caroline Waterfield, director of development and employment at NHS Employers, expressed worry about the alleged breach and called for a prompt investigation.
The hacker claimed potential ongoing access to the periodically updated database, suggesting a financially motivated attack. This incident comes amid growing concerns about cybersecurity in the public sector, with Security Minister Dan Jarvis revealing that millions of pounds of taxpayers' money have been paid to cyber criminals in recent years.
The government has launched a consultation on cracking down on ransomware, considering a ban on public sector bodies paying hackers. Recent cyberattacks have targeted key suppliers to London hospitals and Royal Mail, highlighting the increasing threat to critical infrastructure and services.
Source: Independent
New York Blood Center Faces Ransomware
The New York Blood Center (NYBC) experienced a ransomware attack on January 26, 2025, disrupting operations and forcing the rescheduling of some activities. As one of the largest independent blood collection and distribution organizations, NYBC serves over 75 million people at more than 200 hospitals in the Northeast and 500 nationwide.
The attack occurred during an already critical blood shortage, exacerbating the situation. NYBC immediately engaged third-party cybersecurity experts to investigate and contain the threat, taking certain systems offline in the process. While the blood center remains operational and continues to accept donations, processing times have increased, and some blood campaigns may be rescheduled.
Prior to the attack, NYBC was already facing a 30% drop in donations, leading to a blood emergency in the region. No ransomware group has claimed responsibility for the attack, and it remains unclear if personal or protected health information was accessed.
This incident is part of a worrying trend of cybercriminals targeting blood donation centers, with similar attacks occurring at OneBlood, Octapharma, and Synnovis in recent years. These attacks have prompted the Health Information Sharing and Analysis Center (Health-ISAC) and the American Hospital Association (AHA) to issue a joint threat bulletin warning of potential supply chain disruptions.
Source: CPO Magazine
No-Phish Phishing: The Latest Threat to PayPal Users
A new advanced phishing attack targeting PayPal users has been identified, using legitimate PayPal features and email addresses to deceive victims. The attack, discovered by Fortiguard's chief information security officer Dr. Carl Windsor, exploits PayPal's money request feature and uses a free Microsoft 365 test domain to create a distribution list for targeting victims.
Unlike traditional phishing methods, this attack uses valid emails, URLs, and PayPal functionality, making it difficult for email platforms to detect and block. The scam involves sending a payment request for $2,185.96, which is large enough to be profitable at scale but small enough to avoid raising suspicion for many corporate targets.
Security experts warn that this type of attack is particularly dangerous because it exploits a vendor feature and sends from a verified source, making it challenging for mailbox providers to distinguish from genuine communications. PayPal has acknowledged the issue and encourages customers to remain vigilant, especially when asked to participate in unexpected transactions.
To mitigate such attacks, experts recommend implementing comprehensive email security solutions, including spam filtering, malware scanning, and link protection. PayPal advises customers to be cautious of unsolicited emails, not pay unexpected invoices, enable two-factor authentication, and report suspicious emails to their security team.
Source: Forbes
The Upper Canada District School Board Data Breach
The Upper Canada District School Board (UCDSB) reported a cyberattack on January 6, 2025, which resulted in the theft of personal information from current and former employees, students, family members, and some donors to its charitable foundation. The school board has notified the majority of those affected and is providing credit monitoring services for eligible groups, including past employees.
The stolen data includes sensitive information such as social insurance numbers, bank account details, dates of birth, and personal contact information for current and former employees dating back to 1999. For current and former students since 2010, the compromised data includes academic records, Ontario Education Numbers, and parent/guardian information.
Students with identified exceptionalities had additional sensitive information exposed, including medical diagnoses and accommodation details. The breach also affected parents and guardians of students, as well as donors and payors to the UCDSB board office or the Champions for Kids Foundation between September 1, 2022, and December 13, 2024.
The UCDSB has reported the incident to the Brockville Police Service and the Information and Privacy Commissioner of Ontario. While the school board believes the risk of publication and misuse of the exposed information is low, they are committed to strengthening their cybersecurity program to prevent future incidents.
Source: CTV News
.jpeg)
