Healthcare

ireland

HSE, hospitals, healthcare providers

NIS2 Essential Entity

Compliance tags are AI-generated and should not be cited as regulatory evidence without independent review.

Total (30d)

Critical

High

Medium

28 threats in last 30 days(↓ 46% vs prior period)

Top Threat Actors

RhysidaUnknown3 mentions APT41China2 mentions AkiraUnknown1 mention BlackCatRussia1 mention REvilRussia1 mention

Top ATT&CK Techniques

T1190Exploit Public-Facing Application35x

Deploy WAF rules, patch public-facing apps within 48h of CVE disclosure, segment DMZ from internal networks, and run authenticated vulnerability scans weekly.

T1486Data Encrypted for Impact12x

Maintain offline/immutable backups tested monthly, enable ASR rules against ransomware, and deploy behavioural detection for mass file encryption patterns.

T1078Valid Accounts8x

Enforce MFA on all accounts, implement conditional access policies, audit privileged accounts quarterly, and monitor for impossible-travel logins.

T1566Phishing7x

Enforce DMARC (p=reject), SPF, and DKIM on all domains; block executable attachments at the mail gateway; conduct quarterly phishing simulations.

T1566.001Spearphishing Attachment3x

Block macros in Office docs from the internet (ASR rules), detonate attachments in a sandbox before delivery, and strip active content from inbound email.

T1566.002Spearphishing Link2x

Enable Safe Links / URL rewriting in email, block newly registered domains at the proxy, and train users to verify URLs before entering credentials.

T1567Exfiltration Over Web Service2x

Deploy DLP policies on cloud storage uploads, block unauthorised file-sharing services at the proxy, and alert on anomalous outbound data volumes.

T1071Application Layer Protocol2x

Inspect TLS traffic at the proxy (break-and-inspect), deploy network IDS/IPS signatures for known C2 frameworks, and baseline normal DNS/HTTP patterns.

T1078.001Valid Accounts2x

Enforce MFA on all accounts, implement conditional access policies, audit privileged accounts quarterly, and monitor for impossible-travel logins.

T1195.002Compromise Software Supply Chain1x

Pin and hash all software dependencies, verify publisher signatures before deployment, scan third-party software with SBOM tools, and isolate build pipelines.

Compliance Exposure

NIS2-Art21-2e(49)NIS2-Art21-2b(36)GDPR-Breach(13)DORA-Art17-23(7)DORA-Art5-16(3)NIS2-Art21-2i(3)NIS2-Art23(1)NIS2-Art21-2a(1)NIS2-Art21-2c(1)NIS2-Art21-2d(1)

Technologies

EpicCernerPACSHL7FHIR

Recent Intelligence

Infostealers Replace Phishing Payloads

Cybercriminals are increasingly using infostealers as phishing payloads due to their ease of use and scalability. This shift affects individuals and organizations who may unknowingly download and install infostealers, potentially compromising sensitive information. To mitigate this threat, users should exercise caution when clicking on links or downloading attachments from unfamiliar sources.

3/6/2026Medium

Anthropic Expands Project Glasswing

Anthropic has expanded its Project Glasswing cybersecurity initiative to 150 organizations across 15 countries, including sectors such as healthcare and technology. The expansion aims to enhance security for participating organizations, which must meet specific security requirements to join. Organizations in these sectors should review their security posture and consider participating in the program.

3/6/2026Info

Anthropic Expands AI-Based Vulnerability Hunting

Anthropic has expanded its Project Glasswing initiative to include 150 additional companies, focusing on critical infrastructure such as power, water, and healthcare. This move aims to enhance vulnerability identification, but raises concerns about the ability of vendors to triage and patch issues in a timely manner. Organizations should be prepared to adapt to

3/6/2026Medium

Medplum FHIR Server Vulnerability

A critical vulnerability has been reported in Medplum up to version 5.1.13, affecting the FHIR Handler component and allowing server-side

2/6/2026Critical

SQL Injection in Patient Records System

A vulnerability has been discovered in the SourceCodester Hospitals Patient Records Management System, allowing for SQL injection attacks. This affects the manage_history.php file, potentially exposing patient records. Users should update their systems and monitor for suspicious activity.

24/5/2026High

SQL Injection in Patient Records System

A vulnerability has been discovered in the SourceCodester Hospitals Patient Records Management System, allowing for remote SQL injection attacks. This affects users of the system, potentially compromising

24/5/2026High

SQL Injection in Patient Records System

A security vulnerability has been discovered in the SourceCodester Hospitals Patient Records Management System, allowing for SQL injection attacks. Users of this system are potentially at risk, particularly those with access to the view_history.php file. To mitigate this

23/5/2026High

SQL Injection in Hospitals Patient Records System

A critical vulnerability was discovered in SourceCodester Hospitals Patient Records Management System 1.0, affecting the manage_history.php file. This vulnerability allows for SQL injection attacks, which can be performed remotely. Users of this system should update to a patched version or apply mitigations to prevent exploitation.

23/5/2026Critical

SQL Injection in Hospitals Patient Records

A critical vulnerability has been discovered in SourceCodester Hospitals Patient Records Management System 1.0, allowing remote attackers to inject SQL code via the ID argument in Master.php. This affects hospitals using the system, potentially exposing patient records. Users should update the system or apply a patch to prevent exploitation.

23/5/2026Critical

SQL Injection in Hospitals Patient Records System

A critical vulnerability was discovered in the SourceCodester Hospitals Patient Records Management System 1.0, allowing remote SQL injection attacks. This affects the view_history.php file, potentially exposing patient records. Users should update their systems to prevent exploitation.

23/5/2026Critical

Healthcare Faces Rising Social Engineering Threats

The 2026 Data Breach Investigations Report highlights an increase in social engineering attacks targeting the healthcare sector, with ransomware and vendor breaches persisting as ongoing threats. Healthcare organizations are advised to enhance their security measures to counter these evolving tactics. Individuals and organizations should be cautious of phishing and other social engineering attempts.

22/5/2026Medium

Open ISES Tickets XSS Vulnerability

A reflected cross-site scripting vulnerability has been discovered in Open ISES Tickets versions prior to 3.44.2, allowing authenticated attackers to inject arbitrary JavaScript code. This affects users of Open ISES Tickets, particularly those who use the patient.php feature. To mitigate this vulnerability, users should update to version 3.

21/5/2026Medium

AI-Powered App Attacks Rise

A recent report by Digital.ai warns that AI-powered attacks on mobile apps are becoming faster, more frequent, and harder to stop, affecting all industries. These attacks can occur within hours of an app's release, erasing the distinction between emerging and primary targets. Users and developers should be vigilant and take proactive measures to secure their apps.

20/5/2026High

Vulnerability Exploitation Tops DBIR

According to the 2026 Verizon Data Breach Investigations Report, vulnerability exploitation has become the most common initial access vector, surpassing stolen credentials. This shift affects organizations of all sizes and industries, emphasizing the need for robust vulnerability management. To mitigate this risk, prioritize vulnerability patching and implement a comprehensive security strategy.

20/5/2026High

Mesalvo Meona Access Control Flaw

A critical vulnerability has been discovered in the Mesalvo Meona Client Launcher Component, allowing for improper access controls. This issue affects an unknown functionality, and exploitation requires local access. Users should review their access controls and

20/5/2026Critical

Mesalvo Meona Code Injection

A critical vulnerability was discovered in the Mesalvo Meona Client Launcher Component, allowing remote code injection. Users of the Meona Client Launcher Component and Meona Server Component are affected. No exploit is currently available, but users should monitor for updates and apply patches as soon as possible.

20/5/2026Critical

Untitled Security Alert

The 2026 Data Breach Investigations Report reveals that exploits are increasingly used in initial access for breaches, with patching efforts lagging behind. This trend affects enterprises, highlighting the need for timely vulnerability management. To mitigate risks, organizations should prioritize patching and vulnerability remediation.

19/5/2026High

Healthcare Breach Exposes 1.8M Records

A major healthcare breach has occurred at NYC Health + Hospitals, affecting at least 1.8 million people, after attackers gained access to its systems through a compromised third-party vendor. The breach, which

19/5/2026High

Offline HMS 5.3.0 Priv Escalation

A critical vulnerability in Offline Hospital Management System 5.3.0 allows for privilege escalation, potentially affecting hospitals and healthcare organizations using this system. Users are advised to monitor for updates and patches from the

18/5/2026Critical

Adobe Hospital System RCE Vulnerability

A remote code execution vulnerability has been discovered in Adobe's Offline Hospital Management System, allowing attackers to execute arbitrary operating system commands. This vulnerability affects users of the system, particularly those in the healthcare sector. Users should update their systems and review security configurations to mitigate the risk.

18/5/2026High

All Sectors Latest Intelligence