CyberWatch Weekly: Top 3 Cybersecurity News from May 4th Week

Cybersecurity threats continue to evolve rapidly, targeting critical sectors such as healthcare, education, and cloud infrastructure. With ransomware groups becoming more sophisticated and attackers exploiting overlooked digital vulnerabilities, organizations face mounting pressure to strengthen their cyber defenses. This week’s incidents underscore the urgent need for proactive security measures, including regular system audits, staff training, and improved digital hygiene. From hospital outages to stolen school data and cloud domain hijackings, the risks are growing. Let’s take a look at this week’s top cybersecurity headlines.

Ohio Health System in Chaos: Cyberattack Causes Widespread Outages at Kettering Health

Kettering Health, a major nonprofit hospital network in Ohio, is battling a system-wide technology outage following a cyberattack that began Tuesday morning. The breach, attributed to unauthorized access, has disrupted critical patient care systems and forced the cancellation of elective procedures. While emergency services remain operational, the network’s call center is offline. Though the nature of the attack hasn’t been confirmed, CNN reports a ransom note linked to the notorious Interlock ransomware gang, previously responsible for attacks on DaVita and Texas Tech University’s health systems. Kettering Health, which operates 14 medical centers and numerous clinics, is working with cybersecurity experts to contain the situation. This incident underscores the growing threat to healthcare infrastructure, as similar attacks have severely impacted patient care nationwide. 

Experts urge hospitals to invest in robust cybersecurity defenses to protect essential services and sensitive medical data from increasingly sophisticated ransomware threats.

Source: The Record

Sensitive Resident Data Stolen in West Lothian Council Cyberattack 

A ransomware attack on May 6 breached West Lothian Council’s education network, leading to the theft of sensitive and operational school data. The incident likely occurred due to a vulnerability in the network’s cybersecurity defenses, allowing attackers to access and extract stored files such as lesson plans. While confidential pupil, financial, and social work data remain secure on separate systems, the stolen information could be exploited for phishing or scams. Police Scotland is investigating the breach. The council has disconnected the education network from its main systems and implemented contingency plans to minimize disruption, especially during SQA exams. Parents and carers have been advised to stay alert and avoid contacting schools for more details. 

This event highlights the growing threat of cyberattacks on public education infrastructure and the urgent need for stronger digital safeguards. Experts stress the need for regular security audits, staff training, and segmented data storage to prevent such breaches. 

Source: STV News

Concern Grows as ‘Hazy Hawk’ Hijacks Major Domains for Scams: What’s the Risk?

A newly identified threat actor known as Hazy Hawk is exploiting abandoned cloud infrastructure to hijack subdomains of reputable organizations, including government agencies, Fortune 500 companies, and universities. This form of attack, known as subdomain hijacking, occurs when DNS records pointing to discontinued cloud services, like Amazon S3 buckets or Azure endpoints, are left unattended. Hazy Hawk takes control of these dormant resources to host malicious URLs, push scams, and distribute malware. The issue has grown rapidly with increased cloud adoption and poor digital asset management. Investigators have tracked Hazy Hawk’s activity since December 2024, linking it to numerous high-profile domain takeovers. These attacks are particularly difficult to detect because the affected domains appear legitimate. 

To defend against such threats, cybersecurity experts recommend frequent DNS record audits, immediate removal of outdated records, and increased user education to avoid suspicious websites and deny push notifications from unknown sources.

Source: Scoop

Conclusion

This week’s cyber incidents reveal the growing risk to healthcare, education, and cloud infrastructure. As threats become more advanced, organizations must strengthen defenses through audits, training, and secure systems. Proactive cybersecurity is essential to safeguard sensitive data and maintain operational stability in today’s digital world.

Stay vigilant and informed, tune in next week for more updates in InfosecTrain’s CyberWatch Weekly!