Healthcare

Third-party processors drove the week's healthcare exposure. Xsolis, a healthcare-AI utilization-management vendor, disclosed a phishing-driven breach affecting 1,396,519 patients across seven US health systems — the data sat at the processor, not the hospitals. The UK's HCRG Care Group began notifying patients of a February 2025 Medusa ransomware attack — a 16-month notification lag. The Lantronix BRIDGE:BREAK flaw (§ 3) additionally exposes serial-attached medical devices.