Critical GoAnywhere Vulnerability Exploited in Medusa Ransomware Attacks
A critical vulnerability in Fortra’s GoAnywhere MFT secure web-based file transfer tool is being actively exploited in Medusa ransomware attacks. According to Microsoft’s Threat Intelligence Team, the vulnerability is being exploited by a threat group it tracks as Storm-1175, which is known for deploying Medusa ransomware after exploiting vulnerabilities in public-facing applications. The zero-day deserialization vulnerability is tracked as CVE-2025-10035 and has a maximum CVSS base score of 10. According to Fortra, a threat actor with a validly forged license response signature could deserialize an arbitrary actor-controlled object. Successful exploitation of the flaw can result in command injection without authorization, which can potentially lead to remote code execution. Fortra issued a security advisory about the flaw on September 18, 2025, and explained that the vulnerability affects the GoAnywhere MFT’s License Servlet Admin Console version 7.8.3 and prior versions. The vulnerability has been fixed in version 7.8.4 and the Sustain release 7.6.3. Microsoft detected attacks...
Basic HIPAA Training
Basic HIPAA training is the baseline course that every workforce member completes to learn how to recognize Protected Health Information, follow core privacy and security regulations, and report concerns quickly, with optional advanced modules added on top for higher risk roles and specialized workflows in both HIPAA Covered Entities and HIPAA Business Associates. What Basic HIPAA Training Means Basic HIPAA Training is the foundation layer of a complete HIPAA training program. It is designed to create consistent minimum standards across the workforce, so staff do not rely on assumptions or prior experience. Basic training should be written in clear, employee friendly language and focus on everyday decisions, not legal theory. It should also verify understanding through knowledge checks rather than relying only on attestations. A strong program separates training into two layers. The first layer is mandatory basic modules for everyone. The second layer is optional advanced modules assigned based on role, access, and risk. This structure helps organizations train the whole workforce...
Reid Health Settles Meta Pixel Class Action Data Breach Lawsuit
Reid Hospital & Health Care Services, Inc., doing business as Reid Health, in Richmond, Indiana, has agreed to a settlement to resolve class action litigation over the alleged use of Meta Pixel and other tracking tools on its website. According to the lawsuit, Jane Doe v. Reid Health, filed in Wayne County Superior Court, State of Indiana, Reid Health impermissibly disclosed patients’ protected health information to third-party technologies without patients’ knowledge or consent. Metal Pixel and other tracking tools can collect information about website users based on their interactions on a website where the tracking code is installed. That information can be linked to individuals via their IP address, and if they are logged into certain accounts at the time of the visit. The tracking tools can collect information about the web pages visited, searches performed on the site, and information selected in drop-down boxes. That information can reveal sensitive information about individuals and may be used by third parties to serve them with targeted advertisements. According to the...
HIPAA Training for Emergency Room Staff
HIPAA training for emergency room staff is mandatory because emergency departments handle high volumes of sensitive patient information in fast paced, high risk environments where privacy and security mistakes can easily occur without proper education. Every member of the emergency room workforce, including clinicians, nurses, technicians, registration staff, and support personnel, must receive standard HIPAA training that explains their responsibilities and prepares them to protect patient information, and must also receive additional HIPAA training about the HIPAA rules while delivering urgent care. Why HIPAA Training is Required in the Emergency Room Emergency rooms routinely collect, use, and disclose protected health information during triage, diagnosis, treatment, and coordination with other providers. HIPAA training ensures staff understand how the Privacy Rule, Security Rule, and Breach Notification Rule apply to everyday emergency department activities. Training reinforces that HIPAA applies even during stressful situations and that compliance supports patient trust,...
EyeMed Vision Care Agrees to Pay $5 Million to Settle Class Action Data Breach Lawsuit
EyeMed Vision Care has agreed to pay $5 million to settle a class action lawsuit stemming from a June 2020 data breach. The data breach was identified by EyeMed Vision Care on July 1, 2020, when suspicious activity was observed in an employee’s email account. An employee had responded to a phishing email, allowing their email account to be accessed on June 24, 2020. Between June 24, 2020, and July 1, 2020, the threat actor used the account to send around 2,000 phishing emails. The investigation revealed the account contained emails dating back 6 years. Those emails included the personal and protected health information of 2.1 million individuals. Data compromised in the incident included names, contact information, dates of birth, Social Security numbers, vision insurance account/identification numbers, medical diagnoses and conditions, and treatment information. The first class action lawsuit in response to the data breach was filed in January 2021 by plaintiff Chandra Tate, which was followed by a second class action lawsuit around a week later. The two lawsuits were...



