Summary4 min read

Cybersecurity Headlines: March 16, 2026

Host: Steve Prentiss, CISO Series
Episode Theme: A roundup of major recent cybersecurity incidents and regulatory developments, with a focus on healthcare, critical infrastructure, retail, and the evolving landscape of breach response and prevention.

Episode Overview

This episode delivers concise coverage of significant breaches—targeting prominent healthcare and retail organizations worldwide—as well as regulatory advancements in protecting critical infrastructure. The episode also highlights the shifting public sentiment toward data breaches and introduces useful security tools and resources for listeners.

Key Discussion Points & Insights

1. Royal Bahrain Hospital Breach

[00:12]

The Payload ransomware group claims responsibility for a breach at Royal Bahrain Hospital, threatening to release 110 GB of stolen data if a ransom isn’t paid by March 23rd.
The hospital serves patients across Bahrain, Oman, Qatar, Saudi Arabia, and UAE, underlining the region-wide impact.
Payload uses a double extortion model: stealing data and encrypting files.

"Payload Ransomware is a relatively new cybercrime operation using a double extortion model that combines data theft and file encryption." — Steve Prentiss [00:29]

2. Loblaw (Canada) Data Breach

[00:43]

Loblaw, a leading Canadian food and pharmacy retailer, uncovers a breach exposing customers’ basic information: names, emails, and phone numbers.
Crucial personal information—passwords, health data, and credit cards—remained secure. PC Financial services were unaffected.
No threat actor has been publicly identified.

3. New York’s Cyber Regulations for Water Organizations

[01:13]

New regulations, effective 2027, mandate:
- Cybersecurity training for certified water utility operators
- Incident response plans, reporting, and a mandatory cyber lead for larger organizations
New York is backing this initiative with a $2.5 million grant program and free technical assistance.

"The goal is to have regulated water organizations create and test response and recovery plans that ensure continued operations in the event of a cyberattack." — Steve Prentiss [01:33]

4. Telus Digital Breach (Canada)

[01:52]

Telus Digital, a major business process outsourcing subsidiary, confirms a breach attributed to the Shiny Hunters group. Nearly 1 petabyte of data may have been stolen over several months earlier in January.
Telus provides critical outsourced services globally, making it an attractive target for cybercriminals.

"This makes them, as well as other business process outsourcing companies, attractive targets due to the amount of customer and corporate data that they hold." — Steve Prentiss [02:19]

5. Poland’s Nuclear Research Center Attack

[03:39]

Hackers targeted Poland’s national center for nuclear research, but the attack was thwarted before any impact.
Operations, including the Mriya reactor, were not affected.

6. Starbucks Employee Portal Breach

[04:04]

Breach detected on February 6 through phishing attacks targeting the Starbucks Partner Central portal, used by employees (“partners”) for managing personal and payroll data.
Nearly 900 employees affected out of over 200,000 U.S. staff.

"Hackers accessed Starbucks Partner central accounts after obtaining user credentials through a phishing attack that leveraged fake websites designed to mimic the portal." — Steve Prentiss [04:20]

7. New Security Tool: BetterLeaks

[04:46]

BetterLeaks launches as a new open-source secrets scanner, succeeding Git Leaks.
It identifies sensitive data (credentials, API keys, private tokens) accidentally present in code repositories.
Improved detection is critical, given active exploitation of leaked secrets by threat actors.

8. Public Sentiment Affecting Telecom Security Policy

[05:27]

Despite past large-scale Chinese intrusions into U.S. telecoms, public “breach fatigue” hinders momentum for stricter security regulations.
Lawmakers cite a lack of constituent concern, possibly due to frequent data breaches or common practices of corporate data sale.

"Some officials speculate that cyberattacks that expose sensitive data and US Companies routinely collecting and selling data have left Americans numb to data theft and data for profit, so additional breaches feel like just another drop in the bucket." — Steve Prentiss [06:11]

Memorable Quotes & Moments

On breach escalation:

"Payload Ransomware is a relatively new cybercrime operation using a double extortion model that combines data theft and file encryption." — Steve Prentiss [00:29]
On the challenge for policy change:

"Constituents struggle to understand why this should be a concern, thus depriving policymakers of the public pressure needed to protect the nation's telecommunications cybersecurity." — Steve Prentiss [05:52]
On phishing risks:

"A few seconds of audio can be enough to clone you." — Steve Prentiss [sponsor segment, skipped for summary compliance but highlighted as practical advice during the episode]

Timestamps for Key Segments

Royal Bahrain Hospital Breach: [00:12]
Loblaw Data Breach: [00:43]
NY Water Cyber Rules: [01:13]
Telus Digital Breach: [01:52]
Poland Nuclear Research Attack: [03:39]
Starbucks Employee Portal Intrusion: [04:04]
BetterLeaks Scanner Introduction: [04:46]
Telecom Security Policy/ “Apathy”: [05:27]

Episode Tone & Language

The delivery is brisk, fact-focused, and accessible, providing clear summaries with just enough context.
Notable for its urgency about new threats and its matter-of-fact reporting style, with brief analysis on broader trends like breach fatigue and regulatory initiatives.

For more details or story follow-ups, visit cisoseries.com.

Loading summary

Transcript3 lines

[00:00]
A
From the CISO series. It's Cybersecurity Headlines
[00:07]
B
these are the cybersecurity headlines for Monday, March 16, 2026. I'm Steve Prentiss. Payload Ransomware Group Claims Breach of Royal Bahrain Hospital the ransomware gang has added the healthcare facility to its Tor data leak site and has published images as alleged proof. The group claims to have stolen 110 gigabytes of data with a release date of March 23rd if no ransom is paid. The Royal Bahrain Hospital serves patients from Bahrain, Oman, Qatar, Saudi Arabia and the United Arab Emirates. Payload Ransomware is a relatively new cybercrime operation using a double extortion model that combines data theft and file encryption. End quote Canadian Food Retailer Loblaw Confirms Data Breach Loblaw, one of Canada's largest food and pharmacy retailers, said it recently discovered that a criminal third party accessed basic customer information such as names, email addresses and phone numbers. The company confirms that passwords, health information and credit card data were not compromised, nor was its financial services arm PC Financial. No group has been identified as behind this breach. New York Cyber Regulations for Water Organizations launch in 2027, proposed last July and recently approved, the new rules include mandatory cybersecurity training for certified operators, incident response plans, reporting requirements and a designated cyber lead for larger water utilities. The State of New York has created a $2.5 million grant program and is offering technical assistance at no cost. The goal is to have regulated water organizations create and test response and recovery plans that ensure continued operations in the event of a cyberattack. Telus Digital Confirms Breach More News from Canada the Canadian business process outsourcing giant Telus Digital, I.e. telus, has confirmed a security incident in which actors may have stolen nearly 1 petabyte of data from the company as a result of a multi month breach. As the digital services and business process outsourcing arm of the Canadian telecommunications provider Telus, the company provides customer support, content moderation, AI data services and other outsourced operational services to companies worldwide. This makes them, as well as other business process outsourcing companies, attractive targets due to the amount of customer and corporate data that they hold. This breach, which actually occurred in January, is attributed to the Shiny Hunters Group. Huge thanks to our sponsor, Adaptive Security. This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI powered social engineering. Deep fakes aren't science fiction anymore. They are a daily threat. So here's a quick tip. If your voicemail greeting is your real voice, switch it to the default robot voice a few seconds of audio can be enough to clone you. Adaptive helps teams spot and stop these AI powered social engineering attacks and you can learn more@adaptivesecurity.com that's the two words adaptive security together.com Poland's nuclear research Center Targeted Poland's national center for Nuclear Research says hackers targeted its IT infrastructure, but the attack was detected and blocked before causing any impact. As the main government nuclear research institute specializing in nuclear physics, reactor technology, particle physics and radiation applications, it provides technical and scientific support for the country's nuclear power program. The center's director stated that the cybersecurity incident did not impact the operation of the Mriya reactor, which continues to function safely at full power. Starbucks Data Breach hits Employee Portal this incident was detected on February 6 as an unauthorized intrusion to the Starbucks Partner Central portal. This is used by Starbucks employees who are called partners and manages their personal information, payroll and benefits data. A subsequent investigation found that hackers accessed Starbucks Partner central accounts after obtaining user credentials through a phishing attack that leveraged fake websites designed to mimic the portal. This incident affects nearly 900 Starbucks employees of the more than 200,000 Starbucks workers in the United States. Better Leaks to replace Git Leaks as Open Source Secrets Scanner this new open source tool called BetterLeaks, can scan directories, files and git repositories and identify valid secrets using default or customized rules. For some context, Secret scanners are specialized utilities that scour repositories for sensitive information such as credentials, API keys, private keys, and tokens that developers accidentally commit in source code. Since these are actively searched for by threat actors, this new utility, made by the same team that created Git leaks, is clearly intended to be an improvement. Salt typhoon apathy possibly killing momentum for tougher telecom security rules despite the fact that just two years ago, Chinese hackers were found to have compromised at least 10 US telecoms, giving them broad access to phone data affecting nearly all Americans. Those in charge of bolstering the country's cyber defenses state that constituents struggle to understand why this should be a concern, thus depriving policymakers of the public pressure needed to protect the nation's telecommunications cybersecurity. Some officials speculate that cyberattacks that expose sensitive data and US Companies routinely collecting and selling data have left Americans numb to data theft and data for profit, so additional breaches feel like just another drop in the bucket, end quote. Have you joined us for a live Department of no show yet? I know you've heard it in your podcast feed, but if you can please come and join us today at 4pm Eastern Time for the livestream we love featuring our favorite comments from viewers like you during the show, and you can get your questions answered directly by our security leader guests. Plus, you'll get to meet some of your fellow Cybersecurity Headlines fans in the chat. So why not set a calendar reminder to join the stream on the CISO Series YouTube channel today at 4:00pm Eastern. And if you have some thoughts on the news from today or about this show in general, please be sure to reach out to us@feedbackisoseries.com we would love to hear from you. I'm Steve Prentiss reporting for the CISO Series.
[07:36]
A
Cybersecurity Headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.