Healthcare companies are being attacked byransomwareThe attack may be the largest medical data breach in history.
The original healthcare data breach, which involved 10.5 million customers, has further expanded to include up to 25 million people across the U.S., including 15 million people in Texas alone. An unauthorized third party hacked into the commercial service provider Conduent's systems on October 21, 2024, and was not discovered until January 13, 2025.
SafePlay, a ransomware organization, admitted to launching the attack, which compromised sensitive information including full names, addresses, social security numbers, health insurance information and medical records that can be used toidentity theft。
Conduent is not the only organization that has compromised privacy, Check Point researchers say that account credential thefts will soar by about 160% year-over-year in 2025, and hackers are increasingly using stolen login information to infiltrate accounts. Even if the hacker doesn't commit the crime immediately, the leaked email or password can be used weeks or months later to try to log into your other online services.
If your data has been exposed in this breach, there is no need to panic, but take immediate action and deal with the most important accounts first. Here are some ways to lock down your accounts and minimize further losses:
Handle email accounts first
Email can be considered as the "universal key" for all online services. Once someone hacks into your personal or work email, even if you don't know the original password, you can change the password of your banking applications, social media, medical services, cloud storage, etc. through "password reset".
If you suspect that your email password has been compromised, please change it immediately.Unique passwords that are long enough and have never been used elsewhereDo not repeat the password.
If supported by your email provider, please turn on theDual Accreditation (2FA)SMS is the most common choice, but the least secure - it can be intercepted and hackers can use it throughSIM card hijackingTechnology to seize control of the cell phone number. The authenticator app generates the authentication code directly on the device to avoid the risk.
Also review recent logins and security settings. If you find any anomalies, log off all devices and revoke access to unrecognized third-party applications.
Replacing leaked and reused passwords
Second, update the passwords of all accounts directly affected by the breach. If you've reused passwords for accounts that were involved in the breach, you should also change the passwords for other related accounts. This is the most common way for hackers to turn a small breach into a large one.
Hackers will take the leaked email and password combinations and automatically test them on hundreds of popular services because many people reuse passwords.
Each account should haveUnique PasswordThe ideal is a random combination of at least 14 characters. If you don't want to memorize them one by one, you can usePassword AdministratorGenerate and save passwords, and your phone comes with a free password manager: iCloud Keychain for iOS, Google Password Manager for Android.
Account SupportPassage Keys (Passkeys)It is recommended to turn it on. The passkey replaces traditional passwords with device authentication, so it will not be phished and will not be reused even if the service is compromised.
Turn on dual authentication as much as possible
Dual authentication adds a second layer of protection, such as a temporary authentication code or biometric scan, in addition to the password.
All accounts that support 2FA should be open, especially those that store large amounts of personal data. App-based authenticators and hardware keys are more secure than SMS, but any form of 2FA is better than none.
When you turn it on, be sure toRecovery CodeStored in a safe place, this is the only way to regain your account if your cell phone or security key is lost.
Check for suspicious activities
After reinforcing certificate security, watch for account intrusion and review recent logins and transactions.
Watch out for unexpected password reset emails, email additions with unknown forwarding rules, and unauthorized changes to personal information. Check your financial accounts for recent purchases and turn on transaction alerts.
If unauthorized access is detected, contact the service provider immediately and follow the account recovery process.
Remove access rights that are no longer needed
Over time, many accounts are connected to multiple third-party apps, browser extensions, and older devices, all of which can become security weaknesses in the event of a breach.
Review connected applications and devices and remove unused or unrecognized items. Log out of all active sessions and force logged-in hackers to log out.
Continuous monitoring of accounts
Even with all the security in place, it's important to stay vigilant. Some hackers will hold on to stolen data for months before acting on it, taking advantage of users' relaxed vigilance.
Register for breach alerts via password manager or identity monitoring service, and turn on security notifications to be notified of new logins or data changes instantly.
A data breach is annoying, but it doesn't have to turn into identity theft or financial loss. Starting with email, strengthening passwords, and increasing security are just a few key steps that can go a long way toward securing your account the next time a breach occurs.
Source:
https://www.cnet.com/tech/services-and-software/conduent-data-breach-lock-down-your-online-accounts/
估計損失高達-19-億英鎊,為英國歷來之最.jpg)
