Healthcare Sees 224% Annual Increase in Attacks Targeting Mobile Devices

Posted by Steve Alder

There has been a significant increase in cyberattacks targeting Android mobile devices in critical infrastructure sectors in the past year, according to a new report from the cybersecurity firm Zscaler. The biggest increase was in the energy sector, which saw a 387% increase in mobile attacks, followed by healthcare (224%) and manufacturing (111%).

The Zscaler ThreatLabz team analyzed data collected from customers’ mobile and Internet of Things (IoT) devices between June 2024 and May 2025, the findings of which were published in Zscaler’s 2025 Mobile, IoT & OT Threat Report. “Mobile, IoT, and OT systems have become the backbone of business operations today, enabling innovation and powering critical infrastructure across industries,” explained Zscaler in the report. “Mobile devices now dominate global connectivity, while IoT and OT systems keep manufacturing, healthcare, transportation, and smart cities running.”

Attackers are taking advantage of the proliferation of mobile devices and the expanding web of connectivity. The increase in hybrid and remote working, along with bring-your-own-device policies, has been a contributory factor in the growth of attacks targeting mobile devices for initial access. In the year to May 2025, Android malware transactions increased by 67%, with 239 malicious Android applications downloaded 42 million times from the Google Play Store. Google has controls to prevent malicious applications from being uploaded to its Play Store, but the figures show that attackers are circumventing those controls and can easily infect mobile devices.

IoT devices have proliferated in sectors such as manufacturing and healthcare and have become foundational to operations, but these devices have drastically increased the attack surface and are an easy target for intrusions. IoT devices often have security weaknesses and contain vulnerabilities that can be targeted to breach corporate networks and disrupt operations, most commonly using malware families such as Mirai, Mozi, and Gafgyt for botnet expansion and malicious payload delivery.

The interconnectedness of critical infrastructure sectors such as energy and healthcare, combined with the critical role these sectors play in daily life and national security, makes them attractive targets for sophisticated cyber campaigns. In these sectors, there is low tolerance of downtime, and in healthcare, attackers can access valuable and highly sensitive healthcare data. Attackers are targeting these sectors with sophisticated attacks designed to maximize impact and financial gain.

Zscaler predicts that the coming year will see a continued increase in AI-driven exploits, including hyper-targeted phishing campaigns. AI-driven threats can be difficult to identify, and call for AI-driven defenses. IoT and OT ransomware attacks are likely to continue to increase, especially in industries such as manufacturing, energy, and healthcare.

Zscaler warns that attackers are likely to increasingly target mobile applications as supply chain attack vectors, especially third-party mobile app development pipelines to inject malicious code into widely trusted apps, which will require continuous analysis of app permissions and behavior. Industries such as healthcare that have seen a massive increase in attacks will need to ensure that they have a robust mobile device security strategy

One of the most important defenses against increasingly sophisticated threats is the implementation of zero-trust architectures, and Zscaler says it uis especially important to implement zero-trust frameworks for internet-facing devices such as routers and other edge devices.

The post Healthcare Sees 224% Annual Increase in Attacks Targeting Mobile Devices appeared first on The HIPAA Journal.

DealMed Medical Supplies Announces July 2025 Cyberattack

Posted by Steve Alder

DealMed Medical Supplies has confirmed that sensitive data was stolen in a July ransomware attack, the Wisconsin Department of Corrections has identified a HIPAA breach, and Healthcare Therapy Services in Indiana has experienced a breach of its email system.

DealMed Medical Supplies

Dealmed Medical Supplies, a Brooklyn, NY-based manufacturer and distributor of medical supplies, has recently announced a data security incident that was identified on July 7, 2025. Immediate action was taken to secure its network, and an investigation was launched to determine the nature of the activity. The investigation confirmed that an unauthorized third party accessed its network and may have viewed or obtained sensitive company data on or around June 7, 2025. DealMed has been reviewing the affected files, and on October 31, 2025, it was confirmed that protected health information had been exposed and potentially stolen. The impacted data included names and Social Security numbers.

Notification letters are being sent to the affected individuals, and complimentary single-bureau credit monitoring, credit score, and credit report services have been offered. DealMed has also confirmed that steps have been taken to enhance security to prevent similar incidents in the future.

In July, the HIPAA Journal reported that the DragonForce ransomware group had added DealMed to its dark web data leak site. The ransomware group claimed to have exfiltrated almost 106 GB of data in the attack. The data breach is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.

Wisconsin Department of Corrections

The Wisconsin Department of Corrections (DOC) has recently announced a HIPAA violation involving an impermissible disclosure of the protected health information of 1,723 inmates. The HIPAA breach was identified on September 16, 2025, although the impermissible disclosure occurred on July 17, 2025, when an employee responded to a public records request.

The disclosed information included the names of individuals who had been evaluated by the DOC’s Bureau of Health Statistics under a Chapter 980 Special Purpose Evaluation, along with diagnostic test scores and mental health diagnoses. The data was disclosed to a state agency office in Kenosha, WI. When the error was identified, the state agency office was contacted to ensure that the data was permanently deleted.

The DOC said additional safeguards have been implemented for public record requests to ensure that all records are thoroughly reviewed to ensure that they do not contain HIPAA-protected data. Should any records contain protected health information, the DOC will ensure that appropriate written authorizations are obtained from the patients, or the DOC will ensure that protected health information is redacted.

The affected individuals had Special Purpose Evaluations up to October 2022, and include current inmates and individuals who have been discharged from DOC custody. Notifications are now being sent to those individuals to advise them about the HIPAA breach.

Healthcare Therapy Services

Healthcare Therapy Services (HTS), a physical therapy clinic in Greenwood, Indiana, has started notifying patients about a recent data security incident. On April 29, 2025, HTS identified unusual activity within its email system. Assisted by third-party cybersecurity specialists, HTS confirmed unauthorized access to employee email accounts.

The accounts were reviewed, and on September 9, 2025, HTS determined that patients’ personal and protected health information had been exposed and may have been obtained by unauthorized individuals.  The impacted data included names, Social Security numbers, driver’s license numbers, medical information, and financial account information. Notification letters started to be sent to the affected individuals on November 7, 2025. At the time of issuing notification letters, HTS was unaware of any misuse of the exposed data. HTS engaged cybersecurity professionals to identify the cause of the breach and identify additional safeguards that could be implemented to prevent similar breaches in the future.

The post DealMed Medical Supplies Announces July 2025 Cyberattack appeared first on The HIPAA Journal.