November 2025 brought a troubling mix of insider threats, social engineering attacks and the fallout from a widespread ransomware campaign targeting enterprise software. This month’s cybersecurity news recap by SWK Technologies examines these stories alongside legislative efforts to expand data privacy protections in healthcare, and how these developments will impact your business’s security posture and compliance efforts for the rest of the year:
Cybersecurity Professionals Charged by DOJ for Ransomware
The U.S. Department of Justice (DOJ) indicted three cybersecurity professionals in November for allegedly conducting ransomware attacks against at least five companies while employed by at least two different security firms to help victims negotiate with threat actors. Kevin Tyler Martin and an unnamed employee of DigitalMint worked as cyber extortion negotiators when prosecutors say they carried out their own malware attacks against a Florida medical device manufacturer, Maryland pharmaceutical company, Virginia drone manufacturer and several other targets for the purpose of extorting the victims themselves. A third defendant, Ryan Clifford Goldberg, served as an incident response manager at Sygnia before his termination following the allegations.
The scheme allegedly involved hacking company networks, stealing sensitive data and encrypting systems using ALPHV/BlackCat ransomware-as-a-service (RaaS) tools. Goldberg reportedly confessed to participating in the attacks during a June 2025 FBI interview and said a co-conspirator recruited him. According to the indictment documents, the defendants received over $1.2 million in ransom payments from the Florida medical device company alone after initially demanding $10 million.
DoorDash Confirms Breach Exposed the Data of Millions in November 2025
DoorDash confirmed in mid-November that attackers accessed customer, delivery worker, and merchant contact information following a social engineering attack that occurred on October 25, 2025. The food delivery platform’s security team detected unauthorized third-party access to internal systems after an employee fell victim to a cyber scam that gained access to their credentials. They terminated the unauthorized access and launched an investigation with assistance from external cybersecurity firms and law enforcement, and late began notifying affected users on November 13.
Compromised information included names, email addresses, phone numbers and physical addresses for an undisclosed number of users across the United States, Canada, Australia and New Zealand, though independent investigators have reported that it could potentially total in the millions. DoorDash stated that no Social Security numbers, government-issued identification, driver’s license information or payment card details were accessed during the breach. The breach marks the company’s third significant security incident in six years, following breaches affecting 5 million users in 2019 and a third-party vendor compromise in 2022.
Senate Reviews Health Information Privacy Reform Act to Update HIPAA
Senator Bill Cassidy (R-LA) introduced the Health Information Privacy Reform Act (HIPRA) on November 4, 2025, seeking to extend HIPAA-like protections to AHI (applicable health information) collected by organizations not currently regulated by federal healthcare law. The legislation would create new requirements for “regulated entities” — companies that collect private information related to healthcare services, but that do not qualify as HIPAA-covered entities or business associates. Under the proposed framework, the Department of Health and Human Services (HHS) would develop privacy, security and breach notification regulations for these entities in consultation with the Federal Trade Commission.
The bill requires entities accessing protected health information through a patient’s right of access to inform individuals that their data is no longer protected by HIPAA and to obtain consent before selling that information to third parties. HIPRA would also require HHS to publish guidance on applying HIPAA’s minimum necessary standard to data used for artificial intelligence and machine learning applications. Enforcement authority would rest with HHS, with civil penalties aligned to HIPAA’s existing enforcement framework.
Dozens of Victims of Oracle Hack Confirmed from Ransomware List
The Cl0p ransomware group named nearly 30 organizations in November as victims of a campaign targeting Oracle E-Business Suite (EBS) customers, including The Washington Post, Logitech, Harvard University, Cox Enterprises and Pan American Silver. The campaign exploited CVE-2025-61882, a critical vulnerability affecting Oracle EBS versions 12.2.3 through 12.2.14 that allows unauthenticated remote code execution (RCE). It has been confirmed that nearly 10,000 victims may have had their information exposed after the attackers supposedly contacted the Post on September 29, 2025.
Other confirmed victims include American Airlines subsidiary Envoy Air, DXC Technology, Chicago Public Schools, Schneider Electric, Emerson, LKQ Corporation and Copeland. This is the second major breach of a major Oracle product this year, with a previous exposure in April 2025 affecting Oracle Cloud Classic and Oracle Health servers, which occurred not long before the car rental agency Hertz disclosed a similar attack by Cl0p as well.
Contact SWK Technologies to Keep Up with Cybersecurity News
The cybersecurity incidents from November 2025 reflect how many threats continue to exploit human error and technical vulnerabilities, creating the need for diligence to maintain an adequate security posture. Working with SWK Technologies gives you access to an expert team and a partner network of solution providers that will help you harden your cyber defense against modern and emerging cyber threats, and secure your critical systems and data from known hacking techniques.
Contact SWK here to learn more about protecting your business from emerging cyber threats and maintaining compliance with modern data protection requirements.