Crowdstrike

• CrowdStrike disclosed on April 25, 2026, a sophisticated cyberattack via compromised third-party software affecting 2.5 million patient records at UnitedHealth's Change Healthcare subsidiary. • Attackers, linked to North Korean Lazarus Group, exfiltrated data over 72 hours before detection, demanding $22 million ransom. • Incident highlights vulnerabilities in US healthcare IT supply chains, prompting HHS emergency directives for 500+ providers.

• CrowdStrike disclosed on April 20, 2026, a sophisticated supply chain attack affecting 1,200 US clients, including Fortune 500 firms, via compromised third-party software. • Attackers deployed ransomware, encrypting critical systems and demanding $50 million in Bitcoin; no data exfiltration confirmed yet. • The incident highlights rising risks in software supply chains, echoing SolarWinds breach, with FBI joining investigation.

• CrowdStrike identified a LockBit ransomware campaign targeting 15 major US hospitals on April 8, 2026 evening, disrupting patient records in California and New York. • Attackers exfiltrated 200TB of data including 500,000 patient records before encryption; no patient harm reported. • This incident highlights ongoing cybersecurity vulnerabilities in US healthcare, with HIMSS stating 'AI defenses are insufficient against evolving threats.'