✅ Why “Paper” Compliance Programs Are Now A Real Liability

MSPs and internal IT teams have spent years treating compliance as a documentation exercise: policies in SharePoint, audit binders on demand, screenshots gathered the night before a review, and a lot of confidence that “good enough” paperwork would carry the day. That model is breaking down. In 2026, regulators are signaling that they expect organizations to prove controls through operating evidence, not just polished policies, especially in healthcare, privacy, and employment-related programs…

⚠️ Threat Updates

🔴 716,000 Impacted by OpenLoop Health Data Breach (05/13/26)

Hackers breached telehealth provider OpenLoop Health in January 2026, stealing personal information on 716,000 individuals. The intrusion, discovered on January 7 and lasting until January 8, exposed names, addresses, emails, dates of birth, and certain medical data, but reportedly not EHRs, Social Security numbers, or financial account information. The incident was disclosed to authorities in March and the impacted count was added to the HHS breach portal weeks later. OpenLoop said it cut off access immediately, brought in external cybersecurity experts, strengthened security controls, and is offering affected individuals one year of free identity and credit monitoring. The company has not confirmed the attacker’s identity, though a threat actor has claimed responsibility and alleged the true victim count is higher. » More Info

🔴 Foxconn: North American Factories Hit by Cyberattack (05/13/26)

Cisco Talos has uncovered a CloudZ RAT campaign using a new “Pheno” plugin to abuse Microsoft’s built‑in Phone Link feature on Windows 10/11, allowing attackers who have compromised a PC to quietly loot SMS messages and one‑time passwords from the app’s local SQLite databases—sidestepping mobile defenses and putting any organization that still relies on SMS‑based MFA at heightened risk of account takeover unless they disable Phone Link where unnecessary and move users toward phishing‑resistant MFA like hardware keys or non‑SMS authenticators. » More Info

🗨️ Parting Words

“Trying to be happy by accumulating possessions is like trying to satisfy hunger by taping sandwiches all over your body.” — George Carlin

Are you a vCISO or MSP looking to operationalize security programs? Let’s discuss how Blacksmith Infosec proves that compliance is an opportunity, not a struggle that has to be packaged in FUD!