Health network Lehigh Valley Health Network (LVHN) agreed to pay a $65 million settlement related to a ransomware attack that breached the personal data of 134,000 patients and staff, marking the highest payout for a single cyberattack. LVHN was blamed for not taking adequate measures to secure its patients’ health records. The claim also alleges the group took photographs of unclothed cancer patients without their knowledge, some of which were subsequently posted online. The incident underscores the importance for healthcare providers to secure sensitive patient data.

Large enterprises scramble after supply-chain attack spills their secrets
Open-source software used by over 23,000 organisations was compromised by attackers who accessed a maintainer account, injecting credential-stealing code. The corrupted package, part of tj-actions,