An educational vendor whose technology is integrated into numerous public schools in the state of Massachusetts has suffered a data breach that affected 18,476 Massachusetts residents, with some students, families, and staff having their social security numbers and medical records exposed.

The number of ransomware incidents reported by healthcare organizations from 2024 compared to 2023 spiked 32%, according to the “Healthcare Under Ransomware Attack 2025” report by Black Kite Security. This now puts Healthcare as the third most-targeted industry, behind manufacturing and scientific research.

The Securities and Exchange Commission (SEC) has announced the creation of the Cyber and Emerging Technologies Unit (CETU) to “focus on combating cyber-related misconduct and to protect retail investors from bad actors in the emerging technologies space,” according to a Feb 20 press release on their website.

At this year’s Consumer Electronics Show (CES), which took place in early January in Las Vegas, NVIDIA showed off “Cosmos” -- what they are calling the first “World Foundation Model,” an AI model that has the potential to be implemented everywhere.

You or someone you know probably received a letter in the past year breaking the news to you: your confidential information *may* have been exposed in a breach.

Massachusetts saw a roughly 6% decrease in data breaches from 2023 to 2024, according to the Attorney General’s website.

The U.N.’s International Civil Aviation Organization (ICAO) has stated that they are actively investigating reports of a potential information security breach allegedly linked to a threat actor known as Natohub.

According to the website CyberDaily, the threat actor Natohub also claimed to be behind the hack that affected the United States Marine Corps (USMC) and the United States Department of Defense (US DOD) in 2024, compromising the data of almost 13,000 personnel.

On November 8, 2024, Ahold Delhaize USA, the parent company of Stop and Shop, detected a cybersecurity issue within its U.S. network. The company immediately launched an investigation with the help of external cybersecurity experts and notified law enforcement.

A man in Idaho going by the aliases of "Lifelock," "Studmaster," and "Studmaster1” has been sentenced to 10 years in prison after pleading guilty to targeting multiple healthcare providers in a series of cyberattacks.  

The data breaches happened after the perpetrator obtained medical office credentials from the dark web in Summer 2017.  

The initial target was a medical clinic in Georgia, where he successfully obtained the personal identifying information of over 43,000 individuals.

In January 2024, an accounting firm in north-central Massachusetts learned that data had been exfiltrated from its server network, and the perpetrator was demanding ransom for its deletion. 

According to a letter sent to the Attorney General of New Hampshire, the firm worked with the FBI to determine that the perpetrator was a legitimate threat actor, and negotiated paying their ransom.

By focusing on their employees, organizations can better protect themselves against ever-evolving cyber threats, according to the Kaseya Cybersecurity Survey Report 2024: Navigating the New Frontier of Cyber Challenges.

“The human element continues to be the weakest link in cybersecurity,” the report states.