Humana breach exposes sensitive patient data

From the Editor’s Desk

Security teams are facing a steady rise in breaches linked to third-party access and internal mistakes rather than advanced exploits. The pattern is clear: basic controls are still failing at scale. The question is no longer about having security tools, but about how well they are configured and monitored over time.

🔎 Deep Brief

Humana breach exposes sensitive patient data

Humana has confirmed a data breach linked to unauthorized access in August 2025, affecting an undisclosed number of individuals. The exposed data includes names, Social Security numbers, medical billing and claims information, dates of service, provider names, Humana ID numbers, patient account numbers, and health insurance details. Its subsidiary CenterWell has also begun notifying affected individuals. At least 4,618 people in Texas were impacted, based on filings with the state attorney general.

The breach has already led to a class-action lawsuit, with claims that both organizations failed to protect patient data. Cl0p has claimed responsibility and listed Humana on its leak site, although the company has not confirmed this link. According to Humana, the breach stemmed from a vulnerability in a vendor’s software, again pointing to third-party risk as a weak link in enterprise security.

Humana is offering affected individuals 24 months of credit monitoring and identity restoration services through Equifax, with enrollment open until March 31, 2027.

🧠 Strategy in Action

Databricks moves into cybersecurity with AI-driven monitoring

Databricks is entering the cybersecurity space by integrating its data platform with AI models from Anthropic. The goal is to help organizations detect threats by analyzing large volumes of security data in real time.

The approach focuses on using AI to identify anomalies, automate threat detection, and reduce manual analysis. By combining data engineering with security analytics, the platform aims to give security teams faster insights and better context during incidents. Early use cases include identifying unusual patterns in logs and flagging potential insider threats.

🕵️ Threat Actor Spotlight

🛠️ Tool Check

Cacti alternatives for modern network monitoring

Cacti has long been used for graphing and monitoring network performance, but many organizations are moving to more advanced tools that offer better automation and visibility.

Key alternatives include:

• ManageEngine OpManager – Strong for real-time monitoring with built-in alerting and reporting

• Site24×7 - Cloud-based monitoring for diverse environments.

• Paessler PRTG – Offers an all-in-one monitoring approach with flexible sensors

  Read the entire list

🗣️ Community Signal

From the board's perspective, cybersecurity was being discussed, tracked, and reviewed. From management's perspective, funding was provided, controls were in place, and improvements were underway. Somewhere between information and decision, governance broke down. The uncomfortable reality is this: cybersecurity is still too often framed as a technical condition to be monitored, rather than a risk to be governed. Boards are shown activity, progress, and effort, but not always the choices, trade-offs, and residual risks that define effective oversight. Ruben Chacon

📚 Don’t Miss This

• Iran-Linked Pay2Key Ransomware Strikes U.S. Healthcare Again

• NSA and ASD’s ACSC Release Joint Guidance on LEO SATCOM System Risks and Mitigations

Until Friday’s edition - Let’s keep that zero-day count at zero!