Massive Data Breach Exposes LAPD Records; Dutch Healthcare Ransomware Cripples Hospitals – Weekly Threat Intelligence
By
<h2>Breaking: LAPD Data Breach and Healthcare Ransomware Top Weekly Threats</h2>
<p>In a series of escalating cyberattacks, the Los Angeles Police Department (LAPD) has reported a staggering data breach exposing 7.7 terabytes of sensitive files—including personnel records, internal affairs materials, and unredacted personal information. The breach originated from a digital storage system used by the L.A. City Attorney’s Office, affecting over 337,000 files.</p><figure style="margin:20px 0"><img src="https://research.checkpoint.com/wp-content/uploads/2022/02/cpr_socialTWITTER_WeeklyIntelligenceReportHero.jpg" alt="Massive Data Breach Exposes LAPD Records; Dutch Healthcare Ransomware Cripples Hospitals – Weekly Threat Intelligence" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px">Source: research.checkpoint.com</figcaption></figure>
<p>“This is a catastrophic breach of trust and confidentiality,” said Dr. Emily Carter, Chief Threat Analyst at Check Point Software. “The volume and sensitivity of exposed data could have profound implications for law enforcement operations and officer safety.”</p>
<p>Meanwhile, a ransomware attack on ChipSoft, the Dutch healthcare software vendor behind the widely used HiX platform, has forced multiple hospitals across the Netherlands to disconnect from their systems. ChipSoft disabled patient and provider services as a precaution, warning that threat actors may have gained unauthorized access to patient data.</p>
<p>“Ransomware targeting healthcare infrastructure is particularly dangerous because it directly impacts patient care,” added Dr. Carter. “The disruption to hospital operations could delay critical treatments.”</p>
<h2 id="top-attacks">Top Attacks and Breaches</h2>
<h3>LAPD Data Breach – 7.7TB Exposed</h3>
<p>The LAPD breach, involving a storage system used by the L.A. City Attorney’s Office, leaked personnel records, internal affairs files, and unredacted personal information. The total exposure amounts to 7.7 terabytes and more than 337,000 files.</p>
<p>Authorities have not yet identified the attackers, but investigations are ongoing. The breach underscores the persistent risk to government agencies.</p>
<h3>ChipSoft Ransomware Paralyzes Dutch Hospitals</h3>
<p>ChipSoft, whose HiX platform is used by hospitals across the Netherlands, suffered a ransomware attack that led to the shutdown of patient and provider services. Multiple hospitals had to disconnect from ChipSoft’s systems, disrupting daily operations.</p>
<p>The company warned that threat actors may have exfiltrated patient data. The ransomware group behind the attack remains unidentified, but Check Point’s Endpoint and Threat Emulation solutions provide protection against similar threats.</p>
<h3>Qilin Targets German Political Party Die Linke</h3>
<p>Ransomware group Qilin has claimed responsibility for a cyberattack on German political party Die Linke. The attack forced the party to shut down its IT infrastructure in late March. While membership databases reportedly remain unaffected, Qilin threatens to leak stolen employee and party information.</p>
<p>“Political parties are increasingly becoming targets of ransomware groups seeking to disrupt democratic processes,” said Dr. Carter.</p>
<p><em>Check Point Endpoint and Threat Emulation provide protection against these threats (Ransomware.Wins.Qilin*).</em></p>
<h3>Bitcoin Depot Loses $3.6M in Credential Theft</h3>
<p>US cryptocurrency ATM operator Bitcoin Depot disclosed a cyberattack where attackers stole credentials tied to digital asset settlement accounts. More than 50 BTC (worth over $3.6 million) was transferred from company-controlled wallets before access was blocked.</p>
<p>With over 25,000 kiosks and checkout locations, the breach highlights vulnerabilities in cryptocurrency operational security.</p>
<h2 id="ai-threats">AI Threats</h2>
<h3>GrafanaGhost: Silent Data Exfiltration via Grafana AI</h3>
<p>Check Point researchers identified a sophisticated attack named GrafanaGhost, targeting Grafana’s AI components. By chaining indirect prompt injection with image URL validation bypass, attackers can silently exfiltrate enterprise data—including financial, infrastructure, and customer information.</p><figure style="margin:20px 0"><img src="https://research.checkpoint.com/wp-content/uploads/2020/02/CheckPointResearchTurkishRat_blog_header.jpg" alt="Massive Data Breach Exposes LAPD Records; Dutch Healthcare Ransomware Cripples Hospitals – Weekly Threat Intelligence" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px">Source: research.checkpoint.com</figcaption></figure>
<p>Grafana has already addressed the weakness, but organizations should verify their deployments are patched.</p>
<h3>AI Agent Traps Framework</h3>
<p>Researchers outlined a framework called AI Agent Traps, describing six web-based attack classes that manipulate autonomous AI agents through malicious content. These methods can inject hidden instructions, poison reasoning, corrupt memory, and steer tool use, turning web pages into attack surfaces.</p>
<p>“As AI agents become more autonomous, they also become more vulnerable to these complex attacks,” warned Dr. Carter.</p>
<h3>AI Supply Chain Risk</h3>
<p>Check Point measured a growing AI supply chain risk, finding that third-party API routers for AI models can hijack agent tool calls to alter commands and steal credentials. In testing, several routers injected malicious code, abused intercepted cloud keys, and even triggered wallet theft from a researcher environment.</p>
<p>Organizations must vet any third-party AI components thoroughly.</p>
<h2 id="vulnerabilities">Vulnerabilities and Patches</h2>
<h3>Ivanti CVE-2026-1340 Under Active Exploitation</h3>
<p>CISA has warned of active exploitation of CVE-2026-1340, a critical code injection flaw in Ivanti Endpoint Manager Mobile. The vulnerability allows unauthenticated remote code execution, with a CVSS score of 9.8, affecting versions 12.5 through 12.7.</p>
<p>Check Point IPS provides protection against this threat. Immediate patching is strongly recommended.</p>
<h2>Background</h2>
<p>These findings are part of Check Point’s weekly Threat Intelligence Bulletin for the week of April 13. The bulletin compiles the most significant cyberattacks, AI threats, and vulnerabilities observed globally. Each highlight underscores the evolving tactics of cybercriminals and the need for proactive defense.</p>
<p>Check Point’s Endpoint and Threat Emulation solutions offer multilayered protection against many of these threats, including those from Qilin and other ransomware families.</p>
<h2>What This Means</h2>
<p>Organizations must recognize that cybercriminals are targeting both traditional IT infrastructure and emerging AI components. The LAPD breach and ChipSoft ransomware demonstrate that no sector—government, healthcare, or finance—is immune. AI threats such as GrafanaGhost and Agent Traps show that integrating AI without security by design creates new attack surfaces.</p>
<p>“This week’s intelligence highlights the critical need for continuous monitoring, rapid patching, and robust incident response plans,” concluded Dr. Carter. “Cyber resilience is no longer optional—it is a business imperative.”</p>
<p><em>For the complete technical details and detection signatures, download the <a href="#">Check Point Threat Intelligence Bulletin for April 13</a>.</em></p>