September 8, 2025

08.09.2025 Threat Report

By Craig Pepper · 2 minute read

This week’s threat report: Ransomware incidents affecting essential healthcare services, newly disclosed vulnerabilities in enterprise platforms, and a significant lab data breach.

Let's dive into the key threats that caught our attention this week...

Ransomware Attack on Dutch Lab Exposes Data of 941,000 Patients

A Dutch laboratory, Clinical Diagnostics, responsible for a significant portion of the country's cervical cancer screenings, was hit by a ransomware attack. The ransomware group, identified as Nova, has threatened to leak the patient data of 941,000 individuals on the dark web. The compromised data includes sensitive information related to cervical cancer screenings, posing a significant risk of a large-scale data breach. The lab has not commented on whether a ransom was paid.

This incident highlights the vulnerability of critical healthcare infrastructure and the severe consequences of ransomware attacks on patient data. UK-based digital health organisations, including those involved in diagnostics and screening, should take note of the potential for similar attacks and the importance of robust data protection measures.

Recommendations:

Ensure all systems are patched and up-to-date.
Implement a robust data backup and recovery plan.
Conduct regular cybersecurity awareness training for all staff.
Develop and test an incident response plan.

DaVita Ransomware Attack Impacts 2.7 Million Patients

DaVita, a major kidney dialysis provider, experienced a ransomware attack that compromised the personal and health information of approximately 2.7 million individuals. Hackers accessed DaVita's labs database, exposing names, addresses, Social Security numbers, dates of birth, health insurance data, clinical records, dialysis lab results, and in some cases, tax IDs or check images. Despite the attack, DaVita managed to maintain critical patient care services through contingency plans and backup systems. The incident cost approximately £10.8 million ($13.5 million) in Q2 2025.

UK dialysis centres and similar healthcare facilities face similar risks, particularly those handling sensitive patient data and critical care services that cannot afford downtime.

Recommendations:

Implement robust backup and recovery systems to maintain operations during attacks.
Develop and regularly test incident response and business continuity plans.
Ensure all staff receive regular cybersecurity awareness training.
Consider cyber insurance to help mitigate financial losses from ransomware attacks.

CISA Issues Emergency Directive Addressing Critical Security Flaws

The US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive for federal agencies to patch 55 critical vulnerabilities, some of which are being actively exploited. The directive highlights flaws in widely used software, including Microsoft Windows DNS Server, Cisco IOS XE, and VMware vCenter. While the directive is for US federal agencies, it serves as a critical warning for all organisations, including those in the UK healthcare sector, as these vulnerabilities can be exploited to gain full control of systems and networks.

The vulnerabilities listed in the CISA directive affect common enterprise software that is likely to be in use within UK digital health organisations. A successful exploit could lead to widespread disruption of services, data breaches, and a complete compromise of IT infrastructure, impacting patient care and safety.

Recommendations:

Immediately review the CISA directive and identify any affected systems.
Prioritise patching of all critical vulnerabilities, starting with those that are being actively exploited.
Implement a robust vulnerability management program to ensure timely patching of all systems.
Monitor for any signs of compromise and be prepared to activate your incident response plan.

Threat Intelligence

Discover how our compliance platform delivers real-time threat intelligence, keeping your organisation informed and resilient against emerging risks.