Today’s Menu (30-second skim)
- LinkedIn phishing: Attackers send fake message notifications that redirect to credential-stealing pages — 1.2 billion users targeted
- IPPC pharmacy breach: Long-term care pharmacy exposed SSNs and medical records for patients across six states — breach occurred Sept 2025, disclosed now
- CareCloud healthcare breach: IT infrastructure attack exposed patient health records across six electronic health record environments
1) LinkedIn phishing: 1.2 billion users targeted by fake message notifications
What happened (plain English): Security researchers at Cofense Phishing Defense Center have confirmed an ongoing phishing campaign targeting LinkedIn users at scale. Attackers send emails that look exactly like legitimate LinkedIn message notifications — with the correct LinkedIn branding, the proper sender domains, and urgent language about a new message or connection request. The emails include a button or link that appears to lead to LinkedIn, but actually redirects victims to fake login pages designed to steal usernames and passwords. Once attackers have credentials, they can log into real LinkedIn accounts, change recovery email addresses, post scams on the victim’s behalf, and access the contact lists of hundreds of professional connections. The campaign has been active for weeks and Cofense estimates it is targeting a large percentage of LinkedIn’s 1.2 billion monthly users.
Why it matters to you: LinkedIn has become a major phishing target because (1) the platform holds contact lists with hundreds or thousands of professional relationships, and (2) a compromised account can be used to spread malware and scams across those connections with the credibility of a trusted professional. Unlike consumer phishing (fake PayPal, fake Amazon), a compromised LinkedIn account can directly expose your professional network to fraud. The phishing emails look genuinely authentic because the attackers are not spoofing LinkedIn’s domain — they are simply redirecting via link to a convincing fake login page. Standard email security tools often miss these because the email itself passes all authentication checks.
How to protect yourself (do this):
- Never click a link in an email to log into LinkedIn. Go directly to LinkedIn.com in your browser instead.
- Be suspicious of any email that creates urgency (“log in immediately,” “verify now,” “act within 24 hours”). LinkedIn rarely sends urgent credential requests via email.
- Enable two-factor authentication (2FA) on your LinkedIn account now. Go to Settings → Security → Two-step verification and turn it on.
- If you clicked a phishing link and entered your password, change it immediately and contact LinkedIn support.
- Review your LinkedIn login activity in Settings → Security → Sign in & security to see where your account has been accessed from.
Published: April 4, 2026
Source: Forbes
2) IPPC pharmacy breach: 6-state pharmacy network exposes SSNs and medical records
What happened (plain English): IPPC (Innovative Pharmacy Pharmacy Corporation), which operates long-term care pharmacies across New York, New Jersey, Pennsylvania, Delaware, Maryland, and Virginia, disclosed a data breach that occurred on September 18-19, 2025 — but was not discovered and investigated until February 9, 2026. During the 24-hour intrusion window, hackers copied files and accessed patient records. The exposed data includes names, dates of birth, Social Security numbers, Medicare/Medicaid ID numbers, driver’s license numbers, medical diagnoses, treatment information, prescription details, insurance information, financial account numbers, and payment card information. The scope of affected patients has not been disclosed, but notifications are being sent to everyone whose records were accessed.
Why it matters to you: If you receive a breach letter from IPPC or if your pharmacy benefits are managed through them (ask your doctor or insurance company), your most sensitive personal data — SSN, medical diagnoses, prescriptions, and financial accounts — may now be in criminal hands. The delay between the breach (September 2025) and discovery (February 2026) suggests attackers had months to copy and sell the data. With SSNs plus medical information, scammers can file fraudulent prescriptions, open medical accounts in your name, or apply for loans using your stolen credit history. This is exactly the kind of data that is most profitable on criminal marketplaces.
How to protect yourself (do this):
- If you receive a breach notification letter from IPPC, read it carefully and follow the instructions for free credit monitoring and identity protection services they offer.
- Place a credit freeze with all three credit bureaus (Equifax, Experian, TransUnion) — it is free and prevents criminals from opening new accounts in your name. You can do this online at each bureau’s website.
- File your 2026 tax return early (as soon as you have all your documents) to prevent a scammer from filing a fake return first.
- Contact your health insurance company and ask if any fraudulent claims have been filed using your information.
- Monitor your pharmacy records — contact your pharmacy and ask to review your recent prescription history to catch anything suspicious.
Published: April 3, 2026
Source: ClassAction.org
3) CareCloud healthcare breach: Patient health records compromised in IT infrastructure attack
What happened (plain English): CareCloud, a New Jersey-based healthcare IT company that provides electronic health record (EHR) software to medical practices and hospitals, disclosed a data breach on March 16, 2026. Attackers broke into CareCloud’s IT infrastructure and accessed one of its six patient health record environments for approximately eight hours before the company detected the intrusion and restored full access. The company has not yet disclosed how many patients are affected or exactly what data was compromised, as the forensic investigation is still ongoing. CareCloud has engaged external cybersecurity experts and is working with law enforcement. The company confirmed that the attacker no longer has access, all systems are restored, and there is no indication other platforms or divisions were compromised.
Why it matters to you: If you have visited a medical practice or hospital that uses CareCloud software, your health records — diagnoses, test results, medications, appointment notes, insurance information — may have been accessed by attackers. Healthcare data is the most valuable category of personal information on the dark web. Scammers can use medical records to file fraudulent insurance claims, obtain prescription drugs in your name, or use your medical history to commit identity fraud. Unlike a payment card breach (which you can dispute and replace), compromised medical records can be misused for years. The eight-hour window where attackers had access is long enough to copy entire databases of patient information.
How to protect yourself (do this):
- If you received a breach notification from a medical provider, follow the instructions for free credit monitoring and identity monitoring they provide.
- Contact the medical provider directly (not via a phone number in the breach letter) and ask exactly what data was compromised.
- Request a copy of your medical records and review them for any services you did not receive or charges you did not authorize.
- Monitor your insurance explanation of benefits (EOB) statements for fraudulent medical claims. Report any unauthorized charges immediately.
- Be suspicious of any calls or emails claiming to be from medical providers or insurance companies asking you to verify information — scammers now use real breach data to appear legitimate.
Published: March 30, 2026
Source: BleepingComputer
👏 Grandma’s Firewall
This week’s rule: If a website or email asks you to log in — go directly to the company’s website instead of clicking the link in the email. That one habit stops 90% of phishing attacks.
Why it works: Phishers are great at making emails look real. They’re terrible at making you suspicious of a direct visit. If you ignore links in emails and always go directly to the site, you bypass the fake login page entirely.
Script 1 — What to say when you get a \”log in now\” email:
\”I’m not clicking this link. I’m going directly to the website myself and logging in from there.\”
Script 2 — What to tell a family member who already clicked:
\”Stop. Did you enter your password? If yes, change it right now from a different device. If no, just close the page and forget it happened.\”
Forward this to one person who might click a phishing email. That’s this week’s mission.
— Philip | Human In[Security]
![Human In[Security] Die-cut stickers](https://humaninsecurity.com/wp-content/uploads/2026/01/die-cut-stickers-satin-6x6-front-697d1d26150e0-300x300.jpg)
![Human Network In[]Security Cotton Heritage MC1082 I Men's Premium Short Sleeve Tee](https://humaninsecurity.com/wp-content/uploads/2026/01/cotton-heritage-mc1082-i-mens-premium-short-sleeve-tee-vintage-white-front-697d1df2a58b4-300x300.jpg)
![Official Human In[Security] Unisex Hoodie](https://humaninsecurity.com/wp-content/uploads/2026/01/cotton-heritage-m2580-i-unisex-premium-pullover-hoodie-carolina-blue-front-697d24c26e85b-300x300.jpg)