United Kingdom
Birmingham Community Healthcare (BCHC) flags cyber security risks amid digital reliance
- BCHC NHS Foundation Trust has highlighted important cybersecurity vulnerabilities due to the use of outdated and unpatched systems. The Trust cited a paper from June 2025, warning that these systems could cause malware, ransomware or spyware attacks, thereby leading to data loss, reputational damage and service disruption.
- Another cause of concern highlighted was lack of internal cyber security skills as reliance on technology continues to grow. This includes, an under resourced team, out-of-date access controls and hardware.
- BCHC presented some protective measures such as appointing a cyber lead, outsourcing firewall monitoring and compulsory (and periodic) data security training.
- These concerns also stem from a patient death confirmed by the King’s College Hospital NHS Foundation Trust linked to the June 2024 ransomware attack on Synnovis.
Ransomware turf war raises cyber security threat for businesses
- There is a rising conflict among two major ransomware gangs, namely DragonForce and RansomHub, which has increased the risk of cyber attacks and extortion for companies. These organisations offer ransomware-as-a-service (RAAS) to affiliates who carry out said attacks.
- DragonForce specifically has been linked to the recent attacks on Marks & Spencer, Harrods and the Co-op. At the same time, it is believed that DraganForce took RansomHub’s website offline to which RansomHub responded by defacing DragonForce’s website.
- These turf wars could lead to the same victim being targeted twice, wherein a second ransom is demanded by a new hacker after payment is made to the original hacker.
- The cost of cyber crime globally is projected to be $10 trillion by the end of 2025. Corporate organisations should prepare for sophisticated and unpredictable cyber security threats.
United States
US state department on alert after another impersonation attempt
- The US Department of State is strengthening cyber security measures after an imposter used AI to impersonate secretary of state (SoS) Marco Rubio to contact (at least) three foreign ministers.
- The imposter also contacted a US governor and a member of Congress by sending them voice and text messages through the Signal messaging app, which mimicked the SoS’s voice and writing style.
- A few months back, attackers created a deep fake video of Marco Rubio claiming that he wanted to Ukraine’s access to the Starlink internet service. Tammy Bruce, the spokesperson for the department stated that they are addressing the matter as well as implementing safeguards to prevent future incidents.
- Since April 2025, there have been a long string of impersonation attempts of US government officials, including the hacking of White House chief of staff’s mobile phone to call and message senators, governors and business executives.
Europe
The EU introduces a Delegated Regulation on Data Access under the Digital Services Act (DSA)
- The Delegated Regulation will enable vetted researchers studying systemic risks to request data from online platforms. Under Article 40 of the DSA, national authorities and researchers must be supported in their request to access real-time public data. These public data platforms must provide a ‘data catalogue’ to allow researchers identify the type of data that is available.
- This raises data protection concerns as this regulation allows institutions outside the EU to be vetted thereby exposing personal data to jurisdictions that lack the same level of data protection laws. The regulation also removes the need for seeking advice from Data Protection Authorities and lacks provisions for dealing with politically influenced universities that may misuse sensitive data.
- The data access requests will largely be assessed by Digital Service Coordinators who will evaluate the suitability of the research questions and determine access modalities. The process for reviewing such requests could go up to 150 working days, highlighting a significant disadvantaged posed to researchers working on fixed term or limited funding projects.
EU pushes to replace Microsoft Azure with European cloud providers
- As part of its digital sovereignty agenda, the European Commission is planning on replacing Microsoft Azure with European cloud providers like the France based OVHcloud.
- This move would likely violate the EU’s obligations under the WTO’s Agreement on Government Procurement which requires merit-based decision-making. Microsoft has taken numerous measures to meet the EU’s data protection standards which includes opening European data centres.
- Additionally, replacing Microsoft with newer cloud providers could disrupt operations and inflate costs as they will not be able to compete with Microsoft in terms of scalable, secure and competitively priced offerings.
International
- SK Telecom was investigated after a data leak which affected its Home Subscriber Server (HSS) leading to subscriber information including authentication keys of nearly 23 million customers being extracted by the hackers.
- The South Korean government found SKT negligent for poorly managing account information and inadequate response to previous breaches. As SKT did not report the initial breach, it will be fined up to 30 million won (or $22,000) and be referred for further investigation.
- SKT issued an apology and introduced a plan to invest $514 million over a period of 5 years to improve cyber security measures, which includes doubling the information protection team by hiring leading experts. They have also vowed to establish a further $7.3 million fund to strengthen Korea’s cyber security industry.
- The Accountability and Commitment program also includes revamping the operational structure of the company such that board of directors will include a cybersecurity expert and the chief information security officer would report directly to the CEO. Additionally, customers of SKT will receive a 50% reduced bill for August and extra 50gb of data per month until the end of 2025.
