Data breaches are no longer rare events. They are a common recurring cost of doing business. And lately, no sector is safe. From hospitals to financial institutions to energy giants, attackers found their way in. But every breach started with a specific mistake, a specific moment where things could have gone differently.
These are three of those stories, and what they mean for your business.
Change Healthcare is not a famous name, but it’s a large payments company that provides checks, claims, and multiple services across the U.S healthcare system.
During February, Change Healthcare detects an attack and goes offline. Hospitals couldn't verify insurance, and pharmacies couldn't process prescriptions, causing chaos in the system. BlackCat, the ransomware group, claimed responsibility and announced it had stolen over 4TB of data, including sensitive payment records and insurance information.
The time of remediation was devastating: massive disruptions in hospitals and pharmacies, five federal lawsuits were filed against the parent company, and a total of $2.3 to 2.45 billion for response.
Rick Pollack, CEO of the American Hospital Association, even stated that it’s the most significant and consequential incident of its kind against the U.S. healthcare system in history.
Hackers got in because a login portal had no MFA enabled, and a stolen username and password were enough to break into the system remotely. Multifactor authentication (MFA) is a well-established industry standard that was absent in this case.
Relying solely on passwords is a failing strategy. It's clearer than ever that the strongest attack vectors today are phishing, credential stuffing, and the human factor. Those lead to password compromise in seconds, leaving your business completely open to attackers with valid credentials.
The cost of an enterprise MFA solution, including licensing and deployment, is insignificant compared to the cost of a breach. Change Healthcare is the proof.
National Public Data (NPD) is a company of background checks and address history. Their main work is knowing everything about everyone and selling it as a service. So the data they hold is critical.
They hired a third-party development firm to build a part of their website. But the firm accidentally uploaded the source code to the internet. Unfortunately, the code contained a list of database passwords, written in plain text, completely unencrypted.
Eventually, hackers identified the secrets, exploited software vulnerabilities, and executed some phishing vectors against internal staff.
The result: 2.9 billion records (names, Social Security numbers, addresses) belonging to 170 million individuals in the US, UK, and Canada. The data was eventually leaked for free on forums. Victims now face a lifelong risk of identity fraud and financial exploitation.
Buried under lawsuits it could not survive, National Public Data filed for bankruptcy and shut down before the end of 2024.
This case leaves us with uncomfortable questions: How can a developer publish such sensitive files? Why does the code contain clear passwords at all? And could this have been caught before it went live?
Poor Development Practices & Source Code Leaks are a core failure. The answer to all three is the same: the absence of basic security culture. Developers are still hardcoding sensitive information as a shortcut, instead of a separate secure storage policy. And basic code reviews and secrets scanning tools made for exactly this were simply not used.
This also highlights the Third-party vulnerability, where you're only as secure as your weakest vendor. National Public Data didn't write the vulnerable code. But sadly, a vendor did, and ended their story.
Halliburton is one of the largest oilfield services companies in the world. While they don't drill, they make drilling possible by providing engineering, logistics, and services for global energy infrastructure. Their reach is massive, and so is their exposure.
By August 2024, they were struck by a ransomware attack that locks everything it touches. As a normal response, Halliburton shut down large parts of their IT systems to contain the attack.
The financial hit was $35 million in direct costs. But it was also expensive in terms of disruptions, major corporate functions, and logistics paralyzed
The main failure detected, alongside inadequate ransomware defenses, is the lack of segmentation. The business and operational systems were far too interconnected, making it easier for the malware to move and amplify its impact.
Ransomware is not just a data problem. When IT and operational systems share too much access, a single compromised endpoint can cause a physical shutdown.
For companies in energy, manufacturing, or critical infrastructure, this is not a theoretical risk, and Halliburton is the example.
Proper segmentation means building walls between departments and systems so that a breach in one area cannot freely spread to another. It also means designing incident response plans that account for real-world operational impact. not just data loss.
Different industries, multiple entry points, but a very clear pattern in between. None of these breaches required extraordinary sophistication. They all started with a missing basic:
The organizations that recover fastest from attacks are not those with the biggest security budgets. They are the ones with the clearest visibility into their environment, a clear Attack surface, and a proactive understanding of attacker behavior.
Threat intelligence is not about predicting the future. It is about understanding your present exposure well enough that you are not caught off guard by it. Are you ready to learn more about your exposure with Defendis?
