As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 32, 2025
Information security updates and events from the past week
Ransomware Attack on UnitedHealth (Change Healthcare) – USA
- Background and Sequence of Events:
The breach occurred on February 12, 2024, through stolen credentials for a Citrix gateway, which did not have two-factor authentication enabled. This critical mistake allowed internal access to Change Healthcare’s network, a subsidiary of UnitedHealth. The attack resulted in the encryption of many systems and a complete shutdown of critical healthcare platforms for many days. - Scope and Damage:
It is estimated that the breach affected around 190 million Americans, with their medical and personal data exposed. UnitedHealth paid a $22 million ransom to the BlackCat (ALPHV) gang, but the information was not deleted and was later leaked to additional cybercriminals, including the RansomHub group. The data leak and system shutdowns led to treatment delays and major chaos in the U.S. healthcare system. - Response:
UnitedHealth is cooperating with authorities and aims to bolster regulatory and information security measures. The incident drew unprecedented criticism from regulators and senators due to fundamental failings, such as the lack of two-factor authentication.
Ransomware Attack on the National Health Service in Portugal (SNS)
- Background and Technical Details:
In early August, Portugal’s national health services (SNS) were attacked by the Medusa ransomware group, which demanded a ransom of $1 million. The group used double extortion tactics—stealing data before full encryption and releasing samples as proof to pressure for payment. Sensitive medical information was stolen. - Implications:
The incident disrupted hospital systems, leaked medical documents, and limited hospital operations. There is significant concern that the stolen data could be misused for extortion, phishing, and fraud. - Response:
The Portuguese Ministry of Health responded quickly by declaring a state of emergency, strengthening cybersecurity infrastructure, and launching an immediate government investigation.
Attack on the German Financial Supervisory Authority (BaFin)
- Background and Nature of Attack:
The website of BaFin, Germany’s financial market regulator, was down for several hours due to a large-scale DDoS attack, reportedly by pro-Russian groups or those with similar ideological motives. - Implications:
The attack led to public loss of access to financial services and information for several hours, but according to the authority, there was no internal breach or data leak. - Response:
BaFin announced an investigation, strengthened its defenses, and the German government is considering a tougher response and new policies for similar incidents.
Ransomware Attack on the TriHealth Hospital Network, Ohio, USA
- Background:
The LockBit group, considered one of the world’s most active ransomware gangs, recently claimed responsibility for an attack against the TriHealth hospital network, stating that a large volume of medical and financial information had been stolen. - Implications:
Reports point to a risk of exposure of sensitive personal information of thousands of patients and staff, as well as harm to public confidence and the network’s reputation. - Response:
TriHealth immediately launched an internal investigation and is cooperating with law enforcement. It is still unclear whether the data was leaked.
Customer Data Leak at Walmart Mexico
- Background:
It was discovered that a Walmart support system in Mexico was breached, exposing thousands of customers’ details—including addresses, phone numbers, and purchase histories. Alongside previous leaks reported in recent years; this case highlights the ongoing cyber risks faced by global retail networks. - Implications:
There is a real risk of the information being used for phishing, financial fraud, or identity theft. - Response:
Walmart notified the affected customers, launched an internal investigation, and increased its security measures and monitoring for security incidents.
Attack on Oxford University Servers and Data
- Background:
The hacktivist group Storm-1679 published a database stolen from Oxford University servers, including internal emails and sensitive academic materials. - Implications:
There is significant potential to harm the privacy of researchers and students and for the information to be used for ideological, political, or extortion purposes. - Response:
The university has launched an investigation, increased its monitoring and detection of anomalies, and is advising staff and students to exercise extra caution with their personal information.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
