Medusind Breach Exposes Sensitive Patient Data
The US medical billing firm is notifying over 360,000 customers that their personal, financial and medical data may have been exposed
Stay informed on the latest exposure risks in information security. Expert analysis, breach updates, and data leak prevention tips. Stay secure!
Search across headline titles and summaries.
Background for this topic.
Exposure is the condition in which a system, service, credential, vulnerability, or sensitive information is accessible or discoverable by people or systems that should not reach it. In threat modeling, it describes an attack surface or loss of control—not proof that an attacker has succeeded. Examples include an internet-facing administration interface, cloud storage with unintended permissions, a secret committed to source code, or personal data sent to an unintended recipient. Its significance depends on what is exposed, who can reach it, and which protections remain.
The primary defense is exposure reduction: maintain an accurate asset inventory, remove unnecessary public access, enforce least-privilege permissions and strong authentication, patch externally reachable software, and revoke leaked credentials or secrets. Encryption can limit the value of exposed data, but does not correct an exposed access path. Continuous scanning and log review help identify changes and support rapid containment when exposure is discovered.
The US medical billing firm is notifying over 360,000 customers that their personal, financial and medical data may have been exposed
Also, Alleged Gravy Analytics Breach Exposes Location DataThis week, a Russian tanker linked to cable sabotage detained in Finland, a claimed Gravy Analytics breach exposed location data, a Mirai-based botnet exploited zero-day flaws, Dell updated framework flaws and a court sentenced a Florida woman for laundering millions in romance scams.
Cync Acquisition Bolsters Exposure Validation Through Advanced Offensive ExpertiseCymulate’s acquisition of Cync Secure enhances its ability to bridge vulnerability identification and resolution. The deal integrates Cync offensive capabilities, creating a next-gen exposure prioritization platform to tackle vulnerabilities effectively and address unmet market demands.
Medusind, a leading billing provider for healthcare organizations, is notifying hundreds of thousands of individuals of a data breach that exposed their personal and health information more than a year ago, in December 2023. [...]
Japanese electronics manufacturer Casio says that the October 2024 ransomware incident exposed the personal data of approximately 8,500 people. [...]
Attorney General Accuses Telecom of Failing to Correctly Notify Millions of VictimsWashington state's attorney general filed a consumer protection lawsuit against T-Mobile over a massive 2021 data breach that exposed personally identifiable information for more than 79 million consumers, alleging in part the telecom failed to correctly notify victims.
PLUS: DoJ bans data sale to enemy nations; Do Kwon extradited to US; Tenable CEO passes away; and more Infosec in Brief Welcome to 2025: hopefully you enjoyed a pleasant holiday season and returned to the security operations center without incident - unlike Volkswagen, which last week admitted it exposed data describing journeys made by some of its electric vehicles, plus info about the vehicle’s owners.…