Healthcare/OT: Iran/Handala + Stryker + NYC HHC + pharma
Key Questions
What data was stolen in the NYC Health + Hospitals breach?
The breach exposed 1.8 million individuals' biometric data including fingerprints, remaining undetected for three months. It is one of the largest healthcare incidents of 2026.
What Iranian actor activity targets US sectors?
Iran-linked hackers are conducting sophisticated spear-phishing and remote access Trojan campaigns against US and allied critical sectors. Fuel systems and other infrastructure are impacted.
Which ransomware groups are hitting healthcare facilities?
Qilin and Ransomhouse have targeted hospitals such as ROTO Immobilien and Hospital Clinic de Barcelona. Microsoft also blocked a healthcare-focused ransomware campaign.
What breaches affected Connecticut Medicaid and ALMERYS?
Connecticut Medicaid exposed 22,500 patient records via stolen credentials, while ALMERYS suffered a domain exposure leak involving SSNs and contracts. Beacon Mutual reported a 131K record breach.
How successful are ransomware attacks on healthcare?
Microsoft data shows 389 US healthcare institutions hit by ransomware in one fiscal year. Factors include legacy systems and high-value data making the sector attractive.
What vulnerabilities affect industrial robots?
Universal Robots PolyScope 5 is impacted by CVE-2026-8153, enabling remote hacking of robot fleets. This poses risks to OT environments in manufacturing and healthcare.
What was exposed in the German hospital third-party breach?
Unknown hackers stole patient and billing data from German university hospitals via a third-party provider. The incident affects multiple facilities.
How many victims were impacted by the NYC HHC breach?
The NYC Health + Hospitals breach impacted 1.8 million victims with sensitive biometric and personal information. It ranks among the largest 2026 healthcare disclosures.
Iran actors claim Stryker ~50TB; NYC HHC 1.8M biometrics stolen 3mo undetected; MS blocks healthcare ransomware campaign. New: ALMERYS leak (SSNs/contracts); Beacon Mutual 131K breach; Connecticut Medicaid 22.5K breach via creds (Gainwell). Ransomhouse hits Barcelona Clinic. Qilin pressure persists.