by jdpoteet | Jul 22, 2025 | News, Videos/Podcasts
When Jerry’s Auto Group needed cybersecurity support that aligned with their risk—and their budget—they turned to Blackswan Cybersecurity. What made the difference? A level of personalized, white glove service that went far beyond expectations.
Rather than relying on emails or virtual calls, Blackswan CEO Dr. Mike Saylor traveled to Weatherford, Texas to meet face-to-face with Russell Haile, IT Director at Jerry’s Auto Group. That in-person approach helped uncover the right-sized solution for their environment and set the tone for a true partnership.
This customer story highlights what sets Blackswan apart in the world of managed detection and response (MDR):
✔️ Hands-on guidance from leadership
✔️ Cybersecurity tailored for SMBs
✔️ Transparent, budget-conscious planning
✔️ Long-term relationships—not just transactions
If you’re looking for a cybersecurity partner that takes the time to understand your business and meet you where you are, you’re in the right place. Contact us today.
by jdpoteet | Jul 16, 2025 | News, Blogs
In yet another major cybersecurity incident shaking the U.S. healthcare sector, Episource, a subsidiary of UnitedHealth Group’s Optum division, has confirmed a significant data breach affecting over 5.4 million individuals. The breach, which involved highly sensitive personal and medical data, is the latest in a disturbing pattern of cyberattacks targeting the healthcare ecosystem.
What Happened?
The breach was discovered on February 6, 2025, when Episource identified unusual activity within its systems. In response, the company immediately shut down its systems to contain the intrusion and launched an investigation. It is believed that hackers had unauthorized access between January 27 and February 6, during which they may have exfiltrated substantial volumes of patient data.
The Department of Health and Human Services’ breach portal confirms the scope: 5,418,866 people affected.
What Information Was Compromised?
The data potentially exposed includes a broad spectrum of personal and medical information:
- Contact details (name, address, phone number, email)
- Health insurance data (policy numbers, provider info, Medicaid/Medicare identifiers)
- Medical data (diagnoses, medications, lab results, medical record numbers, and treatment information)
- Social Security numbers (in limited cases)
- Dates of birth
Episource stated that not all its clients were impacted and that all affected individuals and organizations have been notified. As of now, the company says there is no evidence the stolen data has been misused—but experts urge vigilance.
The Growing Threat to Healthcare
Cybersecurity researchers warn that data like this—especially when combined—can be used in targeted phishing, identity theft, or medical fraud schemes. Attackers could pose as healthcare providers to solicit more information from victims or submit fraudulent claims using stolen identities.
This breach comes in the wake of the catastrophic ransomware attack on UnitedHealth subsidiary Change Healthcare in early 2024. That incident, linked to the BlackCat/ALPHV ransomware gang, caused widespread disruption across U.S. healthcare systems—delaying prescriptions, freezing provider payments, and affecting care nationwide. UnitedHealth eventually paid a staggering $22 million ransom, after hackers gained access using stolen Citrix credentials.
In January 2025, UHG disclosed the true scope of that breach: 190 million individuals impacted, nearly doubling previous estimates.
Why This Matters
UnitedHealth Group isn’t just any healthcare company—it processes half of all U.S. medical claims, works with 900,000 physicians, and touches nearly every corner of the American healthcare system through 33,000 pharmacies, 5,500 hospitals, and 600 labs.
When a single player in this ecosystem suffers a breach, the ripple effects are enormous. These incidents are a sobering reminder that healthcare organizations—from providers to third-party vendors—remain prime targets for increasingly sophisticated cyber threats.
What Should You Do?
If you believe you may have been affected—or are a provider partnered with Episource—here are some critical next steps:
For Individuals:
- Watch for breach notifications from Episource or your healthcare provider.
- Monitor your credit reports and insurance statements for suspicious activity.
- Consider placing a fraud alert or freezing your credit with major bureaus.
- Be cautious of emails or calls requesting sensitive health or insurance information.
For Healthcare Providers and Organizations:
- Review your third-party vendor risk management policies.
- Confirm your vendors follow minimum cybersecurity standards (MFA, encryption, endpoint protection).
- Audit and restrict remote access solutions.
- Conduct phishing simulations and employee training regularly.
Final Thoughts
The Episource breach reinforces a simple truth: patient trust hinges on data security. As healthcare digitization accelerates, so does the need for coordinated, proactive cybersecurity strategies across the care continuum. From small clinics to nationwide insurers, the mandate is clear—secure your systems, your vendors, and your data—or risk becoming the next headline.
References
by jdpoteet | Jul 16, 2025 | News
Blackswan Cybersecurity is excited to announce that our CEO, Dr. Mike Saylor, was selected to present at the 2025 MSSP Alert Live (Dec. 8-10) in National Harbor, Maryland. Dr. Saylor will discuss: “Developing a Scalable and Sustainable Staffing Model for MSSPs.”
MSSP Alert Live, the highly anticipated event for MSSPs, MSPs, cybersecurity experts, and industry innovators, is returning with even more value!
This year’s edition will offer valuable insights into the latest cybersecurity tactics, emerging technologies, and business growth opportunities. Attendees will also explore key trends shaping the industry, including:
- The role of artificial intelligence (AI) in incident response and crisis management.
- Strategies to address the cybersecurity talent shortage and optimize your current team’s capabilities.
- Understanding cybersecurity liability and how to safeguard your business in the event of customer litigation.
- Updates on the evolving cyber insurance landscape and essential information to prepare for 2026.
Whether you’re just starting in managed security services, seeking to expand your MSP offerings, or already an established MSSP, MSSP Alert Live will equip you with essential insights for your security services strategy going forward into 2026 and beyond.
REGISTER NOW
by jdpoteet | Jul 2, 2025 | News, Threat Advisories
DOWNLOAD PDF
Threat Overview
Google has confirmed active exploitation of a critical 0-day vulnerability (CVE-2025-6554) in the Chrome browser. The flaw exists in Chrome’s V8 JavaScript engine and enables arbitrary code execution through a type confusion error. Successful exploitation could allow attackers to take control of affected systems.
This vulnerability is already being exploited in the wild. Immediate action is required.
Threat Details
- CVE ID: CVE-2025-6554
- Severity: High
- Exploit Status: Actively exploited in the wild
- Vulnerability Type: Type Confusion in V8 (Chrome’s JavaScript & WebAssembly engine)
- Attack Impact: Arbitrary code execution with browser-level privileges
- Reported by: Clément Lecigne, Google Threat Analysis Group
- Discovery Date: June 25, 2025
- Initial Mitigation Deployed: June 26, 2025
- Patch Release Version:
- Windows: 138.0.7204.96/.97
- Mac: 138.0.7204.92/.93
- Linux: 138.0.7204.96
Attack Vector
Exploitation may occur via:
- Malicious websites that trigger the vulnerability when visited
- Compromised web applications or advertisements
- Drive-by download attacks via social engineering or phishing campaigns
This is a client-side vulnerability, meaning end-user browsers are the attack surface.
Immediate Actions – For Individuals & End Users
- Update Chrome Immediately
- Navigate to: Settings > About Chrome
- Chrome will auto-check for updates and prompt for a restart.
- Ensure version matches or exceeds the fixed release.
- Restart Chrome after the update to apply the patch.
- Avoid Untrusted Links or Suspicious Sites until your browser is patched.
Remediation – For Security Teams / IT Administrators
- Force Update Across Fleet
- Use enterprise device management tools (e.g., GPO, Intune, Jamf) to enforce Chrome updates.
- Validate Chrome version deployment across Windows, macOS, and Linux endpoints.
- Monitor for Indicators of Exploitation
- Audit outbound traffic for unusual domains.
- Review endpoint alerts tied to browser behavior, memory access, or script anomalies.
- Enable/verify EDR solutions are active on all Chrome-using endpoints.
- Communicate Internally
- Send an internal security bulletin to employees explaining the update urgency.
- Require browser updates prior to accessing sensitive systems, if feasible.
- Strengthen Browser Isolation Policies
- Use tools like Chrome Enterprise’s site isolation features.
- Consider sandboxing Chrome usage for high-risk users or privileged roles.
Strategic Recommendations
- Implement Auto-Update Enforcement for all browsers in your environment.
- Leverage Threat Intelligence Feeds to monitor for CVE-2025-6554 exploitation campaigns.
- Conduct a Rapid Patch Validation Audit across all user endpoints this week.
- For SMBs lacking internal cybersecurity resources, consider engaging a managed security service provider (MSSP) like Blackswan Cybersecurity, who can help assess exposure and implement critical patch compliance monitoring through services like Active Incident Exposure (AIE).
Conclusion
This vulnerability underscores the risk of unpatched software—even in widely trusted platforms like Chrome. With active exploitation confirmed, this is not a theoretical risk. IT leaders must act swiftly to patch systems, verify coverage, and monitor for abuse.
The speed of Google’s response is commendable, but protection ultimately depends on user and enterprise action.
To learn more or to discuss your security posture, contact us at: contact@blackswancybersecurity.com or blackswan-cybersecurity.com.
DOWNLOAD PDF
References
