Ethan Grammer
Guillermo Sánchez / February 28, 2025 / 2 minutes of readingRecent Breaches & Incidents
Venture Capital Firm Insight Partners Discloses January Cyberattack
Description:
New York-based venture capital and private equity firm Insight Partners has revealed that its systems were breached on January 16, 2025, following a sophisticated social engineering attack. The firm, managing over $90 billion in assets and with investments in more than 800 software and technology companies worldwide, promptly engaged third-party cybersecurity experts and notified law enforcement upon discovering the breach. Insight Partners stated that there is no evidence of continued unauthorized access and that their operations have not been further disrupted due to the incident.
External Links:
Apex Custom Software hacked
Description:
Apex Custom Software, a Texas-based healthcare software provider, was hacked by the group 0mid16B, who claim to have exfiltrated and deleted all server data. The attackers demanded a ransom, which Apex allegedly refused. Hackers claim Apex had weak security, allowing them to access its software, which manages controlled substances, credentialing, and inventory. While no protected health information (PHI) was exposed, the breach included sensitive employee credentials and software vulnerabilities. The hackers threatened to leak the stolen software, raising concerns about potential misuse.
Cardinal Health, one of Apex’s clients, had some employee login credentials leaked in plaintext, though no patient data was confirmed compromised. It was reported via multiple threat intelligence platforms that the data provided in the breach forum was consistent with Cardinal Health’s “Controlled Substance Database” and included information that was related to employee’s personally identifiable information (PII). It remains unclear if the breach affected customers or partners of Cardinal Health, although at the time of writing there was no confirmed breach of customer information. Cardinal Health has not issued a public release with regards to the alleged breach.
External Links: