Healthcare — administrative and imaging intermediaries remain the soft surface

Healthcare's exposure this week sat almost entirely in the administrative and imaging layers rather than clinical systems — the same structural lesson W21 drew from the Unimed billing-processor breach. Cisco Talos published a technical tour of the DICOM-format attack surface against Orthanc PACS, showing how network-ingested medical images become a heap out-of-bounds-write primitive precisely because PACS systems automatically ingest files received over the network (2026-05-31). France's CNIL fined IQVIA Operations France €5M for health-data-warehouse security failures — no MFA, no log monitoring, no network segmentation (2026-05-30) — a concrete regulatory marker of what "inadequate" looks like for a health-data processor. And California's AG sued the former 23andMe over the 2023 genetic-data breach (bulk-enumeration coding error plus absent credential-stuffing defences) affecting ~6.9M customers (2026-05-31). For CH/EU healthcare SOCs: treat auto-ingesting imaging pipelines as an untrusted-input attack surface, and read the IQVIA fine as a checklist of the baseline controls a regulator now expects on a health-data store.