Vendor Healthcare Management Solutions (HMS) has potentially breached its obligations to CMS, the agency that notified CMS on October 9 about a ransomware attack on HMS. The breach has the potential to impact up to 254,000 Medicare beneficiaries. The compromised data includes personally identifiable information (PII) and protected health information. CMS is notifying affected beneficiaries and providing them with new Medicare cards and free credit monitoring services. The breach highlights the vulnerability of the healthcare sector to supply chain attacks. Third-party risks in the healthcare industry cost nearly $24 billion per year.

Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts
Cybercriminals are using malicious Microsoft OAuth apps, which appear to be Adobe and DocuSign apps, to deliver malware and steal Microsoft 365 accounts credentials. The