Vail Summit Orthopaedics discloses year-long data breach exposing patient Social Security numbers and medical records after August 2024 email compromise. Meanwhile, critical vulnerability in Lorex security cameras allows remote code execution without authentication.
Singulr AI has launched its unified control plane to tackle enterprise AI governance chaos, securing $10M from Nexus and Dell Technologies Capital while addressing the shadow AI crisis plaguing 75% of enterprise employees.
Aon's 2025 Cyber Risk Report reveals AI-driven attacks and supply chain vulnerabilities escalating threats to Australian organizations. Meanwhile, St. Paul Minnesota deploys National Guard after sophisticated digital attack cripples city infrastructure and services.
Vail Summit Orthopaedics discloses year-long data breach exposing patient Social Security numbers and medical records after August 2024 email compromise. Meanwhile, critical vulnerability in Lorex security cameras allows remote code execution without authentication.
Cyber News Centre's cyber update for 4th August 2025: Vail Summit Orthopaedics has disclosed a significant data breach affecting patient Social Security numbers and comprehensive medical records following a year-long investigation into email system compromise. Meanwhile, security researchers have disclosed a critical vulnerability in Lorex 2K Indoor Wi-Fi Security Cameras that allows remote code execution without authentication.
Vail Summit Orthopaedics is a Colorado-based orthopedic medical practice specializing in sports medicine and surgical procedures, serving patients in the Vail and Summit County areas.
Update: Vail Summit Orthopaedics disclosed a significant data breach on July 31, 2025, affecting patient information including Social Security numbers, medical records, and financial details. The breach was discovered on August 6, 2024, when the practice detected suspicious activity in its email environment, but the full scope wasn't determined until July 24, 2025, after an extensive forensic investigation.
Compromised information includes names, addresses, dates of birth, Social Security numbers, health insurance numbers, financial account details, medical diagnoses, treatment information, medical history, allergies, prescription drugs, test results, and healthcare provider names. The practice has engaged external cybersecurity specialists and is offering complimentary credit monitoring services through Cyberscout for affected patients.
Why it Matters: This breach represents a particularly concerning case where a healthcare provider took nearly a year to fully understand the scope of a cyberattack, highlighting the complex challenges medical practices face in detecting and responding to sophisticated threats. The exposure of Social Security numbers combined with comprehensive medical records creates significant identity theft and fraud risks for patients.
Healthcare data breaches are especially damaging because medical information cannot be changed like credit card numbers, making patients vulnerable to long-term exploitation.
Lorex is a prominent security camera manufacturer that produces surveillance systems for residential and commercial use.
Update: Security researchers from Viettel Cyber Security have disclosed a critical vulnerability (CVE-2025-8389) in Lorex 2K Indoor Wi-Fi Security Cameras that allows network-adjacent attackers to execute arbitrary code without authentication. The vulnerability, assigned a CVSS score of 7.5, exists within the processing of requests sent to TCP port 9876 and results from improper validation of user-supplied data, which can cause a read past the end of an array.
Attackers can leverage this flaw in conjunction with other vulnerabilities to execute code with root privileges on affected cameras. The Zero Day Initiative coordinated the disclosure on July 30th, 2025, after the vulnerability was reported to Lorex on January 8th, 2025. Lorex has released firmware version V2.800.0000000.8.R.20241111 to address the issue.
Why it Matters: This vulnerability poses serious privacy and security risks for thousands of Australian households and businesses using affected Lorex cameras. Successful exploitation could allow attackers to gain complete control over security cameras, potentially accessing live video feeds, recorded footage, and using compromised devices as entry points into home or business networks.
The fact that no authentication is required makes this vulnerability particularly dangerous, as attackers only need network adjacency to exploit it. Given the widespread availability of Lorex cameras in Australia through major retail chains, the potential impact is significant. Users must immediately update their camera firmware to the patched version to prevent potential compromise of their surveillance systems and broader network infrastructure.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Aon's 2025 Cyber Risk Report reveals AI-driven attacks and supply chain vulnerabilities escalating threats to Australian organizations. Meanwhile, St. Paul Minnesota deploys National Guard after sophisticated digital attack cripples city infrastructure and services.
Australia's largest home builder Metricon Homes confirms Qilin ransomware attack exposing 128GB of sensitive data including financial documents and architectural plans. Meanwhile, Orange France detects cyberattack affecting internal systems, disrupting services for 290 million customers.
Russia's Aeroflot airline cancels 40+ flights after Silent Crow hackers claim year-long infiltration. Meanwhile, Ohio's Kettering Health confirms Interlock ransomware attack exposed patient data including Social Security numbers and medical records.
Heart Research Australia responds to website malware affecting donation systems while NASCAR confirms Medusa ransomware attack exposed names and Social Security numbers of racing fans in $4 million extortion demand.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
