- Comparitech Stack Report
- Posts
- Major Mental Health Authority Data Breach
Major Mental Health Authority Data Breach
Taylor Hawes
February 09, 2026
🔎 Cyber Watch 🔎
The Jefferson Blount St. Clair Mental Health Authority in Alabama has warned more than 30,000 people their sensitive information was exposed in a ransomware attack in late 2025. The leaked data includes names, Social Security numbers, medical records, insurance details, and other personal identifiers. A ransomware group called Medusa claimed responsibility and posted samples online to prove the breach. The authority has not publicly confirmed whether it paid a ransom or how attackers gained access. This incident highlights ongoing threats to healthcare data security.
Key takeaway
Healthcare providers remain prime targets due to the value of medical and identity data.
Ransomware groups increasingly publish proof to pressure victims and build credibility.
Lack of transparency around attack entry points limits shared learning across the sector.
Breaches involving SSNs and medical records create long-term risk for affected individuals.
🎙️ Tech Briefing On‑Air 🎙️
Ransomware Defense From the Front Lines
In this episode of Cyber Security America, host Joshua Nicholson speaks with Matthew Waddell, a cybersecurity leader with more than 25 years of experience in forensics, incident response, and ransomware defense. Waddell draws on work done in active combat zones and large-scale corporate investigations to explain how ransomware operations have matured into highly organized, profit-driven campaigns. The discussion focuses on how attacks spread inside networks, where defenses fail, and why human decisions often matter more than tools. Waddell also outlines how AI and large language models affect both attackers and defenders. The episode closes with insights from his upcoming book, Survive Ransomware, aimed at helping small and mid-sized organizations prepare for real incidents.
Takeaways
Ransomware succeeds because it blends technical skill with human error and weak internal controls.
Poor network segmentation allows attackers to move quickly once inside.
Security tools fail when alerts are ignored or staff lack training.
AI speeds up both attacks and response, raising the stakes for defenders.
Practical preparation matters more than expensive tools during an active incident.
🤝 Partner Intel 🤝
ThreatLocker
ThreatLocker provides a Zero Trust security platform designed to protect endpoints by allowing only approved applications to run, a model known as application whitelisting. Its core features include ringfencing, which restricts how apps interact with systems, and storage and elevation controls to limit access and privileges. The product suits managed service providers, small and medium businesses, and larger enterprises seeking strong protection against malware, ransomware, and other threats. ThreatLocker can also integrate with SIEM tools and expand into advanced analytics to support broader cybersecurity strategies.
🤖 AI Runtime 🤖
AI at Machine Speed and Growing Cyber Risk
AI is changing the cyber threat environment by enabling attackers to automate reconnaissance, customize social-engineering attacks, and launch multi-stage exploits with minimal human effort. Defenders are challenged to match that pace with faster detection and response capabilities. Key risks in 2026 include hyper-personalised phishing, deepfake voice/video attacks, and automated attack chains that exploit legacy systems and third-party dependencies. Leaders are urged to embed resilience into organizational culture and treat AI risk as a board-level priority.
📊 By the Numbers 📊
37
An Asian cyberespionage group has spent the past year breaking into computer systems belonging to governments and critical infrastructure organizations in more than 37 countries, according to the cybersecurity firm Palo Alto Networks.
🗳️ Your Monday Take 🗳️
Cast your vote on our weekly poll.
If you could permanently fix only one human behavior that leads to cyber incidents, which would it be? |
📩 We’ll share the results in the Friday issue.
|
Until Friday’s edition - Let’s keep that zero-day count at zero!