• Neeve
  • Posts
  • 🏥 Cyberattacks Now Endanger Patients

🏥 Cyberattacks Now Endanger Patients

Ransomware can halt ventilators, delay surgery, and cost lives. Hospitals must treat cyber defense as clinical care

Author

Alison Bridge
October 14, 2025

Welcome to your essential briefing on threats at the intersection of cybersecurity and critical infrastructure, brought to you by Neeve, the edge cloud security platform for smart buildings, making built spaces secure, intelligent, and sustainable.

This Week’s Cyber Insights

🔧 Ransomware Gangs Hijack Remote Access Tools for Stealth Attacks

Ransomware operators have shifted to highly targeted campaigns that exploit legitimate remote administration software for stealth and persistence, turning trusted IT tools into attack vectors.

  • Ransomware families began abusing popular remote access tools like AnyDesk and Splashtop to establish footholds within enterprise networks in early 2025.

  • Adversaries bypass security controls by hijacking or silently installing these utilities, as security systems traditionally trust signed installers from legitimate vendors.

  • Attackers leverage credential stuffing and phishing to obtain privileged accounts, then deploy remote access tools to move laterally while blending into everyday IT operations.

  • High-profile intrusions attributed to LockBit and Black Basta variants combined RAT abuse with file-shredding commands to eradicate forensic traces and maximize ransom demands.

  • Attackers either hijack preinstalled tools by injecting credentials into configuration files or silently deploy signed binaries using documented command-line flags.

  • This approach leaves no new executables on disk and evades antivirus scanning by abusing trusted executables already whitelisted in enterprise policies.

🤔 The Bigger Picture: 

Building management systems often rely on remote access tools for vendor support and facility monitoring—these same tools are now primary ransomware attack vectors. Implement strict application whitelisting, enforce multi-factor authentication on all remote access tools, and monitor command-line arguments to detect silent installations before attackers establish persistent access to your operational technology environment.

🏥 Healthcare Cybersecurity Now a Life-or-Death Issue

Cybersecurity in healthcare has evolved beyond data protection to become a direct clinical safety concern, with attacks now constituting medical emergencies that disrupt patient care.

  • Healthcare cyberattacks are now classified as clinical emergencies due to their direct impact on patient care

  • Experts highlight the inseparable connection between cybersecurity and patient safety outcomes

  • The frequency of attacks against healthcare infrastructure continues to escalate

  • Healthcare organizations are being urged to prioritize cybersecurity as a patient safety measure

  • Robust security protocols are essential to protect sensitive patient data and ensure uninterrupted care delivery.

🤔 The Bigger Picture: 

Healthcare facilities face unique operational challenges where cybersecurity failures directly endanger lives. Building systems supporting medical facilities must maintain the highest security standards to ensure continuous operation of life-critical systems.

🔓 Google Refuses to Fix Critical Gemini AI Vulnerability

An alarming security flaw in Google's Gemini AI remains unpatched, with the tech giant stating it has no immediate plans to address the issue despite researcher warnings.

  • Security researchers have identified a significant ASCII smuggling vulnerability in Google's Gemini AI system

  • Google has explicitly stated it has no immediate plans to fix this security issue

  • The vulnerability could potentially expose users and systems to various cyber threats

  • ASCII smuggling techniques allow malicious actors to bypass security filters and inject harmful content

  • The high infrastructure impact rating suggests potential widespread exploitation risks

🤔 The Bigger Picture: 

Unpatched AI vulnerabilities in widely-used systems like Gemini could affect building automation systems that integrate Google services. Smart building operators should audit their Google service dependencies and implement additional security layers.

Further Alerts & Insights

đź“Š US AI Disinformation Threats to Surge 500-800% by 2026

A new security report projects an alarming 500-800% increase in AI-driven disinformation threats by 2026 in the United States. The report emphasizes urgent needs for enhanced electoral security and critical infrastructure protection against emerging AI-powered disinformation campaigns.

🧬 AI Bypasses Biosecurity to Create Novel Biological Threats

Microsoft research reveals that AI can design novel toxic biological agents by paraphrasing genetic sequences of known toxins, effectively evading current biosecurity screening software. This capability opens a "Pandora's box" of next-generation biological threats that are difficult to detect using existing security measures.

🔧 Ransomware Operators Weaponize DFIR Tool Velociraptor to Attack VMware and Windows

Cisco Talos confirmed the first definitive link between a legitimate security tool and ransomware—attackers exploited Velociraptor, an open-source digital forensics tool, to deploy Warlock, LockBit, and Babuk ransomware against VMware ESXi virtual machines and Windows servers. The threat actors installed vulnerable version 0.73.4.0 to exploit CVE-2025-6264, achieving privilege escalation and persistent access while remaining undetected.

🇵🇱 Poland Reports 170,000 Cyber Incidents—Russia Triples Attack Resources

Poland's digital affairs minister reports 170,000 cyber incidents in the first three quarters of 2025, with Russia's military intelligence tripling its resources for attacks on Polish critical infrastructure this year. The country faces 2,000-4,000 incidents daily, with 700-1,000 posing real threats to water, sewage, and energy systems—the September 10 Russian drone attack coincided with Poland's largest cyberattack since 2022, including coordinated disinformation using dormant bots.

🎖️ Military AI Lacks Oversight, Threatens Infrastructure

Security experts warn that AI-driven military decision-making processes lack adequate oversight, with analysis indicating "The AI is always playing Curtis LeMay"—referencing aggressive military strategy risks. The Trump Administration's approach to AI military integration draws scrutiny as experts emphasize the high infrastructure impact potential from collateral effects or targeting decisions affecting civilian systems.