The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry-leading practices, specifically for the healthcare industry.
In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week:
- Healthcare Cybersecurity Act introduced in the U.S. Senate; details and analysis of the proposed regulation
- HHS and OCR seek feedback on new HITECH safe harbors for the adoption of cybersecurity best practices including NIST and HITRUST
- OCR requests feedback on how HIPAA civil monetary penalties should be shared with individuals that have been victims of breaches
- University of Pittsburgh Medical Center is required to make payments to 66,000 employees that were victims of a 2014 cyber breach as part of legal settlement
- Proposed PATCH Act that would see the FDA require cybersecurity measures for medical device manufacturers; details and analysis
- New NIST standards for enterprise patching management including NIST SP 800-40 and NIST SP 1800-31
- FDA releases updated guidance on medical device cybersecurity (in addition to the PATCH Act)
- Lapsus$ cyber threat group alerts from the Health Sector Cybersecurity Coordination Center (HC3) as well as prominent arrests of the Lapsus$ gang’s teenage leader
- Arrest of ransomware leader responsible for 13 ransomware attacks; details of attacks and sentencing
- Germany and the U.S. shut down the world’s largest illegal darknet marketplace
- CISA warns of Uninterruptible Power Supply (UPS) device cyberattacks
- Urgent security alert for Philips MRI monitoring software
- A new zero-day vulnerability in the Spring Core Java framework called 'Spring4Shell'
- U.S State Department announces Bureau of Cyberspace and Digital Policy (CDP)