The U.S. Department of Health and Human Services’ Office for Civil Rights is urging healthcare providers to develop contingency plans in case of cyberattacks. Organizations should have backup plans to protect resources, minimize patient inconvenience, and ensure they can return to daily operations as soon as possible. These plans should include staff assignments, data recovery strategies, and regular backups segmented from the network. It is also important for providers to refrain from paying ransoms in case of a ransomware attack.

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)
A suspected Chinese advanced persistent threat (APT) group exploited CVE-2025-22457, a previously unexploitable buffer overflow bug, to compromise devices running Ivanti Connect Secure (ICS) and