The Latest News in Cybersecurity

HIPAA Security Rule Compliance Urged by OCR to Reduce Vulnerability to Hacking and Ransomware Office for Civil Rights warns healthcare providers, business associates, insurers against perils of non-compliance

How the New v4.0.1 Changed PCI DSS 4.0 (and How it Didn’t) Compliance with PCI Data Security Standard 4.0 is still mandatory by March 31, 2025!

CMMC 2.0 Compliance: Newly Updated Timeline for Defense Contractors, Subs, and Suppliers If you handle Federal Contract Information (FCI) or Controlled Unclassified Information (CUI) as part of your contractual work with the Department of Defense (DoD), you will be required to demonstrate compliance with the CMMC 2.0 cybersecurity framework in order to maintain your ability to bid on DoD work. This is Fact 1.

New cybersecurity requirements affect financial firms doing business in Europe plus IT and comm tech providers who serve them from U.S. and elsewhere The Digital Operational Resilience Act (DORA), also known as EU 2022/2554, took initial effect January 16, 2023, and allowed two years for firms to comply. Full DORA compliance becomes mandatory on January 17, 2025—just four months from now. Are you ready?

Preparing for HITRUST Certification Here’s how to do it, why you should, and two checklists to help you succeed The most effective way to meet the relentless challenges of the digital age is through a robust cybersecurity and regulatory compliance program. Several cybersecurity frameworks have been developed over time as roadmaps toward this goal and one, arguably, has become the gold standard.

Latest Survey Spotlights Top Causes of Ransomware Unpatched vulnerabilities, phishing/malicious emails, and stolen credentials are leading causes of ransomware The latest ransomware survey confirms what previous surveys and studies have shown—that the leading causes of ransomware remain unchanged in recent years. In addition to revealing more about the root causes, the survey conducted by Sophos in January and February 2024 and released in April offers new insights into the size of ransom demands, who pays the ransoms, and how much they pay. Still, the important lessons lie in the root causes of ransomware, for those smart enough to learn from them.

This Emerging Cybercrime Hurts Everyone It Touches Synthetic identity fraud is a crime. It is either a felony or misdemeanor depending on its scale and financial impact. In this emerging form of fraud, a cybercriminal combines stolen information, such as an actual Social Security number, with other data that may be a mix of real and invented information, such as name, date of birth, address, and social media handles. The result of this forged alliance is a fake or synthetic identity that can then be used to commit acts of financial fraud. Synthetic identities are effective because they appear to be real and legitimate.

Healthcare business associates who provide revenue cycle management services are vulnerable to cyber attack Vendors who provide revenue cycle management services to hospitals, medical centers, and other healthcare providers continue to be vulnerable to hacking, ransomware schemes, and other cybersecurity issues. Not only do their vulnerabilities put patient data at risk—they can also have downstream effects on other vendors in the healthcare supply chain.

The Gist of NIST CSF 2.0 is Simplicity: Easy to Understand Framework, Step by Step Instructions NIST CSF 2.0 is a maturity model that indicates how well-developed your cybersecurity program is today, and what improvements are required A recent 24By7Security survey, conducted during the Gist of NIST CSF 2.0 webinar on June 27, 2024, revealed that 25% of IT and cybersecurity professionals were not aware of the new NIST CSF 2.0 requirements, with another 15% not sure. The good news is that 60% of respondents admit having at least a working familiarity with the new Cybersecurity Framework which was released by the National Institute of Standards and Technology (NIST)on February 26, 2024.

Introduction The recent amendment to the HIPAA Privacy Rule by the U.S. Department of Health and Human Services (HHS) represents a significant development in the protection of reproductive health care privacy. This update addresses the evolving legal and public concerns following the overturning of Roe v. Wade, which has introduced new challenges and considerations for both healthcare providers and patients. Public Engagement and Feedback When the proposed modifications to the HIPAA Privacy Rule were announced, they garnered significant public interest, resulting in nearly 30,000 comments from a diverse range of stakeholders, including healthcare providers, patient advocacy groups, legal experts, and private citizens. This extensive feedback underscores the critical nature of reproductive health care privacy and reflects widespread concern about the management and protection of reproductive health information in the current political and social context.