The Healthcare Cyber Brief

The ransomware group 'incransom' has targeted Open Door Health Center in Illinois, a healthcare provider offering comprehensive medical services including HIV programs and behavioral health support to LGBTQI individuals and those living with HIV/AIDS.

The Oncology Institute disclosed a data breach tied to unauthorized access by a third party to its systems through a third-party software provider, potentially exposing patient information. The incident may also involve other healthcare providers, and the vendor has set up a patient portal for inquiries.

The ransomware group 'play' has posted Round Hill Country Club as a victim in their latest campaign. The organization is US-based and operates within the healthcare sector.

Ransomware group 'safepay' has posted 'cyuou.com', a Japanese healthcare company specializing in website development and digital advertising, as a victim on their leak site. This incident highlights the threat to healthcare organizations from ransomware attacks.

Ransomware group 'cmdorganization' has posted North Dallas Shared Ministries as a victim on their leak site. This non-profit organization provides essential services to low-income families in Dallas and is not directly classified under the healthcare sector.

TeamPCP has expanded its supply chain attacks to include GitHub's internal codebase and trojanized a Microsoft-published Python SDK, posing significant risks due to the potential for widespread infiltration through trusted software channels.

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty versions 8.5 and 9.0 are vulnerable to remote code execution through a specially crafted request (CVE-2026-8633). This vulnerability allows attackers to execute arbitrary commands on affected systems, posing significant risks due to its high CVSS score of 9.8.

Microsoft has patched a critical remote code execution vulnerability (CVE-2026-45659) in SharePoint that allows attackers to execute arbitrary code without needing any special conditions. This flaw affects all versions of SharePoint and poses an immediate risk due to its high CVSS score.

A critical vulnerability (CVE-2026-45659) in Microsoft SharePoint allows remote code execution through deserialization of untrusted data. The flaw affects SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016.

EXPOSURE 2026 highlighted that frontier AI models are accelerating vulnerability discovery and exploitation while reducing attack complexity and cost, posing a critical inflection point for cybersecurity practices. The event emphasized the need to integrate exposure management into workflows to address these challenges.

The ransomware group 'incransom' has targeted Open Door Health Center in Illinois, a healthcare provider offering comprehensive medical services including HIV programs and behavioral health support to LGBTQI individuals and those living with HIV/AIDS.

The Oncology Institute disclosed a data breach tied to unauthorized access by a third party to its systems through a third-party software provider, potentially exposing patient information. The incident may also involve other healthcare providers, and the vendor has set up a patient portal for inquiries.

The ransomware group 'play' has posted Round Hill Country Club as a victim in their latest campaign. The organization is US-based and operates within the healthcare sector.

Ransomware group 'safepay' has posted 'cyuou.com', a Japanese healthcare company specializing in website development and digital advertising, as a victim on their leak site. This incident highlights the threat to healthcare organizations from ransomware attacks.

Ransomware group 'dragonforce' has posted 'sphvalue.com', a healthcare sector organization, as a victim on their leak site. This indicates that the group is actively targeting and compromising healthcare entities.