Dear Valued Customer,
Healthcare organizations carry a special responsibility: protecting patients, preserving trust, and keeping critical services available when people need them most. At CorePlus, trust is the foundation of every customer relationship. Thank you for allowing us to support your organization as cybersecurity, compliance, and technology risk continue to evolve. We are grateful for the confidence you place in our team, and we remain committed to helping you protect your people, your data, your operations, and the communities you serve.
Why This Matters Now
Cyber risk is no longer limited to isolated criminal activity. Organizations are facing a blended environment where ransomware groups, nation-state actors, hacktivists, and opportunistic attackers often use similar tactics. The most important shift is that attackers increasingly look for leverage: stolen data, disrupted operations, third-party access, and public pressure.
Iranian Cyber Impact: A Practical Assessment
Iranian-linked cyber activity should be viewed as a realistic, event-driven risk rather than a headline-only concern. During periods of regional conflict, sanctions pressure, or direct confrontation with U.S. interests, Iranian-aligned and opportunistic actors may increase phishing, credential attacks, website defacement, denial-of-service activity, exploitation of vulnerable internet-facing systems, and attempts to use third-party access as a foothold. The most likely impact is not a custom attack against every organization; it is opportunistic pressure against exposed VPNs, unpatched firewalls, weak remote access, cloud misconfigurations, and reused credentials.
For healthcare, Iranian-linked activity matters because disruption creates leverage. Hospitals, clinics, specialty practices, research groups, and healthcare vendors may be targeted for intelligence collection, public pressure, or opportunistic disruption. Even if an organization is not a direct geopolitical target, exposed remote access, unpatched systems, and vendor connections can create a path into clinical or billing operations.
Forward-Looking Quantum Threat Assessment
Quantum computing is not an immediate mass-market threat, but it is a present-day planning issue. Practical systems capable of breaking RSA and elliptic-curve cryptography at scale remain expensive, fragile, and concentrated among nation-states, major technology companies, and research institutions. The real risk is the migration window: cryptography is embedded in identity systems, VPNs, certificates, cloud services, applications, backups, and vendor platforms. Data stolen today may retain value long enough to be decrypted later, making cryptographic inventory and crypto-agility practical priorities now.
Healthcare data has one of the longest risk timelines of any sector. Medical histories, genetic data, biometric identifiers, behavioral health records, research data, and identity information cannot simply be reissued. That makes healthcare a high-priority sector for cryptographic inventory, long-term data classification, vendor PQC roadmaps, and encryption modernization planning.
The Current Threat Landscape
Current breach and threat intelligence reporting shows a consistent shift: attackers are exploiting software vulnerabilities faster, relying on trusted identities and third-party access, using cloud and SaaS integrations as paths to data, and applying AI to accelerate phishing, reconnaissance, and intrusion activity. Verizon's latest DBIR reporting indicates vulnerability exploitation has become a leading breach path, ransomware remains present in a large share of breaches, the human element is still a major factor, and supply-chain involvement continues to rise. Google Cloud threat reporting highlights increased exploitation of third-party software and SaaS trust relationships. CrowdStrike reports sharply compressed breakout times and AI-enabled adversary activity, while Palo Alto Networks Unit 42 emphasizes the role of weak identity controls and over-permissioned cloud access. IBM's 2025 breach research adds that shadow AI and insufficient AI governance are now measurable breach-cost and access-control issues. The business implication is that security programs should combine employee awareness with faster patching, MFA, better detection of data movement, tested incident response, AI-use governance, and stronger third-party oversight.
For healthcare, the current threat landscape points to four priorities: reduce internet-facing vulnerability exposure, strengthen MFA and identity controls, monitor for data exfiltration before ransomware detonation, and treat vendors as part of the clinical risk surface. Because healthcare data has a lifetime value and cannot be reissued, patient care and continuity planning should be built into incident response, not added after an outage begins.
Employee AI Risk & the Rise of AI Governance
Employee AI risk is now part of cybersecurity and compliance, not a separate innovation topic. Staff may use public AI tools to summarize emails, analyze spreadsheets, draft customer communications, troubleshoot code, review contracts, or process support tickets. Without policy and technical guardrails, that can expose confidential data, protected personal information, customer records, credentials, trade secrets, or regulated business information. AI governance should define approved tools, prohibited data inputs, human review requirements, logging expectations, vendor review, retention rules, and escalation paths for AI-related incidents.
Employee AI risk in healthcare includes workforce members entering PHI into unapproved AI tools, relying on AI-generated summaries without validation, using AI to draft patient communications, or using ambient documentation tools without clear review and retention controls. AI governance should address HIPAA, state privacy obligations, clinical safety review, vendor BAAs where applicable, and human approval before AI-generated content is used in care, billing, or patient communications.
Recent Regulatory & Breach Themes
Recent healthcare developments reinforce the urgency. HHS has proposed major HIPAA Security Rule updates designed to strengthen ePHI safeguards. The Change Healthcare incident showed how a single vendor cyber event can disrupt claims, pharmacies, providers, and patients across the country. Healthcare customers should review incident response, vendor dependencies, downtime procedures, MFA coverage, and monitoring for unusual data movement.
Recommended Priorities
- Confirm MFA on email, remote access, EHR, billing, and privileged accounts.
- Inventory where PHI and long-lived medical data are stored, transmitted, and archived.
- Review AI use cases for PHI exposure, clinical reliance, vendor terms, and retention.
- Test downtime procedures for claims, scheduling, pharmacy, and patient communications.
- Ask critical vendors for ransomware readiness, AI governance, and post-quantum roadmaps.
Townsend Bell — promoted to Support Team Lead
Townsend Bell joined CorePlus as a summer 2024 intern on the Operations team, then continued part-time as an Operations Analyst while finishing school. After graduating summa cum laude from Texas State University with a B.S. in Computer Information Systems, he moved into Service Delivery as a Systems Analyst — and has now earned a well-deserved promotion to Support Team Lead. His journey reflects the hard work, adaptability, and growth opportunities that define life at CorePlus. Congratulations, Townsend!
In Closing
Thank you for continuing to trust CorePlus. We value your partnership and look forward to helping your organization move forward with confidence in a changing risk environment.