The Carilion Clinic in Roanoke, Virginia, has taken strong action against 14 employees who were found to have accessed a high-profile patient’s medical records without a legitimate need. Carilion Clinic cannot provide specific details of the HIPAA violation, but their IT system keeps a data trail of employee access to medical records. This incident is not uncommon, as other healthcare organizations have experienced similar breaches and terminated employees involved.

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)
A suspected Chinese advanced persistent threat (APT) group exploited CVE-2025-22457, a previously unexploitable buffer overflow bug, to compromise devices running Ivanti Connect Secure (ICS) and