July 21 – 27, 2025 Week in Review

1. U.S. agencies raise the temperature on Interlock ransomware (22 July).

On Tuesday, CISA, the FBI, HHS and MS-ISAC issued a rare joint #StopRansomware advisory warning that “Interlock” is systematically targeting hospitals and other critical-infrastructure organizations. The alert details drive-by-download initial access, VM-level encryption, and a double-extortion playbook that leaves both Windows and Linux estates at risk. Healthcare security leaders were urged to harden virtualization stacks, enable EDR inside hypervisors and practice out-of-band backups. Industry observers noted that Interlock’s tactics overlap with Rhysida, suggesting code-sharing among mid-tier ransomware syndicates. 

2. 41,500 Texans caught in a gastroenterology breach (reported 25 July).

Texas Digestive Specialists disclosed that an “unauthorized party” exfiltrated 263 GB of PHI from its Harlingen clinic in late May, exposing names, DOBs, insurance data and medical records for 41,521 patients. Class-action firm Federman & Sherwood called it “one of the most serious Texas healthcare breaches this year.” Investigators suspect Interlock is behind the theft—an uncomfortable echo of the federal warning issued just two days earlier. The clinic is offering TransUnion credit monitoring and scrambled to notify patients, but incomplete contact data may hamper outreach. 

3. Genea IVF breach resurfaces on the dark web (23 July).

Australian fertility provider Genea finally confirmed that a February intrusion led to highly sensitive reproductive-health files being dumped online. Patients learned via late-night e-mails that diagnostic notes, embryo data and identification documents were circulating on leak sites, five months after the Supreme Court granted Genea an injunction to stop dissemination. The delayed disclosure triggered outrage and renewed calls for mandatory 30-day notification rules for healthcare entities handling “ultra-sensitive” data classes such as fertility and genomics. 

4. New research quantifies last year’s CrowdStrike meltdown (published 23 July).

Marking the first anniversary of 2024’s CrowdStrike patch fiasco, University of California San Diego researchers published a JAMA Network Open study showing that at least 759 of 2,232 U.S. hospitals suffered measurable network outages—34 % of the national sample. Roughly 22 % of the disrupted services were direct patient-care systems (EHR access, fetal monitoring, imaging), while another 15 % were operational (labs, pharmacy robots). CrowdStrike disputed the methodology, but CIOs told Wired the analysis “puts numbers on the nightmare” and underscores the need for real-time availability monitoring and diversified endpoint agents. 

5. Medtronic’s cardiac-monitor hub under the microscope (24 July).

CISA’s newest ICS Medical Advisory (ICSMA-25-205-01) revealed three vulnerabilities in Medtronic’s MyCareLink Patient Monitors (models 24950/24952). An attacker with physical access can read unencrypted storage, exploit empty-password configs and leverage unsafe deserialization to tamper with device functions. Although exploitation requires proximity, compromise could allow falsification of device telemetry or loading of malicious firmware that disrupts rhythm-management therapy. Medtronic has issued mitigations and reminded clinicians to keep monitors in controlled areas—a sober reminder that the “Internet of Medical Things” is only as strong as its weakest implant base station. 

6. Policy moves: bans, carrots and data-sharing blueprints.

Regulators spent the week flexing new muscles. In London, the U.K. government proposed banning public-sector bodies—including the National Health Service—from paying ransoms, coupled with compulsory incident reporting. Security minister Dan Jarvis framed it as an effort to “smash the cyber-criminal business model” after repeated NHS outages linked to patient harm. 

Stateside, Bloomberg first reported that HHS Secretary Robert F. Kennedy Jr. will convene tech executives at the White House on 31 July to unveil a plan for “seamless health-data sharing.” While pitched as an interoperability push, insiders say enhanced cyber safeguards—zero-trust APIs, mandatory FHIR-endpoint MFA, and real-time breach reporting—are baked into the initiative to prevent another Change Healthcare-scale catastrophe. 

7. The big picture.

Taken together, last week’s events illustrate three converging trends. First, ransomware groups are professionalizing around virtualization targets and high-value PHI, forcing hospitals to treat hypervisors and remote patient-monitoring gear as crown jewels. Second, disclosure lags—whether months-long (Genea) or hours-long (Texas Digestive)—continue to erode trust and invite regulatory scrutiny. Third, policymakers are tightening both the “stick” (U.K. ransom-payment ban, looming U.S. HIPAA Security Rule update) and the “carrot” (federal data-sharing investments conditioned on strong cyber hygiene). Security leaders should map these developments to their risk registers, prioritize VM and IoMT hardening, rehearse low-tech continuity plans, and prepare for a regulatory environment that increasingly links funding, fines and public reputation to demonstrable cyber resilience.