United States
Stryker Corporation
Operations at Stryker, America’s largest medical device maker, remain disrupted more than a week after an Iran-linked cyberattack.
On March 11, Stryker Corporation confirmed it suffered a significant cyber incident that impacted its global Microsoft environment. The Iran-linked threat actor Handala claimed responsibility for the attack, which appears to be politically motivated and destructive in nature. Unlike typical financially driven incidents, Stryker stated there is no indication of ransomware or traditional malware, suggesting a deliberate data destruction campaign rather than extortion.
Reports indicate that attackers may have exploited Microsoft Intune, Stryker’s mobile device management platform, to issue remote wipe commands across corporate devices worldwide. The group claims to have wiped thousands of servers and endpoints, including Windows laptops and smartphones, and alleges the exfiltration of up to 50 TB of corporate data.
SourceHow it could affect your business
It is important to note that relying on the belief that “the cloud has it covered” can leave organizations exposed when core systems are compromised. Even cloud-based environments such as Microsoft Azure, Microsoft 365 or Google Workspace can become single points of failure, making it critical to maintain independent, third-party backups. Distributing data across separate environments helps reduce single-cloud risk and ensures organizations can recover even when primary platforms are disrupted.
United States
Federal Bureau of Investigation (FBI)
In another nation-state-linked incident, the Federal Bureau of Investigation (FBI) is investigating suspicious cyber activity on its critical surveillance network.
U.S. investigators believe hackers affiliated with the Chinese government are responsible for a cyber intrusion into an internal FBI computer system that holds information related to certain domestic surveillance orders. The agency identified abnormal log activity on February 17 within the targeted system, which is unclassified but contains sensitive data about the communications of individuals under FBI investigation.
The White House, the National Security Agency (NSA), the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are collaborating on an ongoing investigation into the incident.
SourceHow it could affect your business
Nation-state attacks are increasing in scale and frequency, often targeting organizations tied to critical infrastructure and sensitive government operations. To strengthen defenses, organizations should implement continuous monitoring, enforce strict access controls for sensitive systems and adopt a zero-trust approach to limit lateral movement and detect suspicious activity early.
Europe
French health ministry
The French health ministry announced a major data breach involving a third-party health care software provider that exposed approximately 15.8 million administrative medical files.
The cyberattack targeted systems belonging to Cegedim Santé, a health care software vendor used by around 3,800 doctors in France. The leaked records reportedly include personal data such as full names, gender, dates of birth, phone numbers, residential addresses and email IDs. In some cases, highly sensitive health information was also exposed.
The incident surfaced just weeks after another major breach involving the French Ministry of Finance, where more than 1.2 million accounts in the national bank account registry were exposed.
SourceHow it could affect your business
This incident highlights how attackers are increasingly exploiting supply chains to target large networks. By compromising a single vendor, threat actors can gain access to interconnected networks and sensitive data at scale. To reduce risk, organizations should enforce strict third-party security assessments, limit vendor access to critical systems and continuously monitor integrations for unusual activity.
North America
Salesforce Experience Cloud
Salesforce’s Cybersecurity Operations Center has warned that threat actors are mass-scanning publicly accessible Experience Cloud sites using a modified version of the AuraInspector tool to access customer data.
AuraInspector is an open-source command-line tool originally released to audit Salesforce Aura and Experience Cloud applications for data exposure risks. It simulates a guest user to discover endpoints and test for access control weaknesses. Evidence suggests threat actors are now using a modified version of this tool to exploit overly permissive guest user settings, allowing unauthorized access to sensitive records.
Misconfigured sites risk exposing customer relationship management (CRM) data such as accounts, contacts and leads, which can then be used to carry out targeted social engineering or vishing attacks.
SourceHow it could affect your business
Misconfigurations like these can quietly expose large volumes of sensitive CRM data without immediate detection. Salesforce customers should review guest user permissions and enforce a least-privilege access model, ensuring that unauthenticated users can access only explicitly shared and necessary records. Organizations should also prevent unauthenticated access to API endpoints, restrict visibility into internal users and disable self-registration features where they are not required to reduce exposure.
United States
University of Hawaii Cancer Center
An August 2025 ransomware attack targeting the University of Hawaii Cancer Center compromised the personal information of approximately 1.2 million individuals.
The cancer center, which disclosed the incident in January, said the breach involved three main data sets:
- Two legacy files from 1998 to 2000 containing names and Social Security numbers from driver’s license and voter registration records
- Files linked to the Multiethnic Cohort Study and other research projects, including names, addresses, Social Security numbers and limited health data
- Additional research registry files with names and Social Security numbers collected from public health sources for epidemiological studies
Most of the exposed data is tied to a long-running study launched in 1993 that enrolled more than 215,000 participants, of whom 87,493 have been confirmed to be affected by this incident.
SourceHow it could affect your business
Cyberattacks targeting healthcare institutions continue to rise, as they hold highly sensitive personal and medical information that is valuable to threat actors. When exposed, this data can be reused in targeted phishing and social engineering campaigns, making it easier to impersonate trusted entities and exploit victims further. Individuals should stay alert to unexpected communications, avoid sharing personal or medical details over unsolicited messages and regularly monitor financial and health-related accounts for suspicious activity.
