Healthcare — HIPAA breach + healthcare supply-chain exposure

ShinyHunters published the DentaQuest dataset this week: 234 GB, 2.6 million records in HIPAA-format ASC X12 claims interchange, including Medicaid IDs (BleepingComputer, 2026-06-04). The DentaQuest extortion arc is the week's clearest demonstration that the ShinyHunters operation monetises pure data theft — no encryption, no backup-based leverage — placing the detection priority at bulk-export monitoring in claims and SaaS systems rather than backup integrity. Additionally, CVE-2026-42251 in KAMSOFT KS-SOMED (hardcoded FTP update-server credentials, allowing trojanised updates to any downstream Polish NHS deployment) underlines the supply-chain-through-update-mechanism risk in healthcare software.