Chinese state-linked hackers breached the FBI’s own surveillance system — and they got in through a vendor. That’s not a spy novel plot; that’s a confirmed federal “major incident” declared at the highest severity level under FISMA, and it happened in 2024. That’s just the opener. On this episode of Security Squawk, Bryan Hornung, Randy Bryan, and Reginald Andre cover three stories that show exactly what happens when third-party risk, healthcare IT gaps, and a single phone call aren’t taken seriously enough. SALT TYPHOON HACKS THE FBI — China’s Salt Typhoon threat group targeted a vendor ISP with access to the FBI’s court-authorized wiretap surveillance system. The breach was classified as a FISMA “major incident,” the federal government’s highest severity designation. BROCKTON HOSPITAL CYBERATTACK — April 6, 2026: ambulances diverted, chemo cancelled, pharmacies closed, staff on paper records. The same hospital was breached in 2021. Average healthcare ransomware recovery: $2.5M, 19 days, 33% increase in patient mortality. HIMS & HERS VISHING ATTACK — 2.5 million subscribers. $2.35 billion in revenue. Gone through one phone call. ShinyHunters used a single vishing call to steal an Okta SSO credential and access Zendesk support tickets. CA AG notified. Class action filed. Support the show: buymeacoffee.com/securitysquawk
