Pharmaceutical

A significant data breach at Conduent, one of the largest government contractors in the U.S., has compromised the personal information of over 25 million individuals. The breach, attributed to a ransomware attack in January 2025, has raised serious concerns regarding the handling of sensitive data, as Conduent provides essential services for state government benefits and corporate unemployment operations. The stolen data includes names, Social Security numbers, health insurance information, and medical records. Despite the scale of the breach, Conduent has been criticized for its lack of transparency, providing minimal updates and making it difficult for affected individuals to access information about the incident. The breach is one of the largest recorded, trailing only behind a previous attack on Change Healthcare that affected over 190 million people. The incident highlights the vulnerabilities in cybersecurity practices, particularly in organizations handling vast amounts of personal data, and raises questions about accountability and the effectiveness of data protection measures in the face of increasing cyber threats.

A significant security vulnerability at DavaIndia Pharmacy, part of Zota Healthcare, exposed sensitive customer data and administrative controls to potential attackers. Security researcher Eaton Zveare identified the flaw, which stemmed from insecure 'super admin' application programming interfaces (APIs) that allowed unauthorized users to create high-privilege accounts. This breach compromised nearly 17,000 online orders and allowed unauthorized access to critical functions such as modifying product listings, pricing, and prescription requirements. The exposed data included personal information like names, phone numbers, and addresses, raising serious privacy and patient safety concerns. Although the vulnerability was reported to India's national cyber emergency response agency and was fixed shortly thereafter, the incident highlights the risks associated with inadequate cybersecurity measures in the rapidly expanding digital health sector. As DavaIndia continues to scale its operations, the implications of such vulnerabilities could have far-reaching effects on customer trust and safety in the healthcare industry.