Microsoft is introducing mandatory multifactor authentication (MFA) for all Azure sign-ins starting in the second half of 2024. This move is part of its $20 billion investment in security and the Secure Future Initiative to protect identities and digital assets from increasingly sophisticated cyberattacks. The phased rollout aims to provide customers with time to implement the changes and will involve notifications via email, Azure portals, and the Microsoft 365 message center. Customers will also have various MFA options, including Microsoft Authenticator, FIDO2 security keys, and certificate-based authentication, with extended timeframes available for complex environments. More details can be found in Microsoft's documentation.

Announcing mandatory multi-factor authentication for Azure sign-in | Microsoft Azure Blog azure.microsoft.com

Epic Systems will transition its customers to the Trusted Exchange Framework and Common Agreement (TEFCA), an initiative mandated by the 21st Century Cures Act to enhance nationwide health information interoperability, by the end of 2024. TEFCA offers a unified governance and technical standard framework, and Epic Nexus has been designated as a Qualified Health Information Network to facilitate this transition. Carequality, which currently connects a vast network of healthcare providers and is used by Epic’s community, has also announced plans to align with TEFCA. Despite past controversies over record requests, Epic assures continued support for Carequality during the transition to ensure successful interoperability.

Epic plans nationwide transition by 2025 Becker's Hospital Review

Earlier this year, Change Healthcare, a UnitedHealth-owned health tech company, suffered a significant ransomware attack, resulting in what is likely one of the largest data breaches of U.S. health and medical data. The attack, attributed to the ALPHV/BlackCat ransomware gang, caused widespread outages across the healthcare sector, disrupting billing and prescription services. Although UnitedHealth paid a $22 million ransom for a "safe" copy of the stolen data, issues persisted as affected individuals began receiving breach notifications. UnitedHealth confirmed the breach impacted a substantial portion of the U.S. population, with potentially over 100 million individuals affected. The incident, rooted in compromised security protocols, highlights vulnerabilities in handling sensitive healthcare data and has prompted increased bounty efforts from the U.S. government to locate those responsible.

How the ransomware attack at Change Healthcare went down: A timeline TechCrunch

Action1, a patch management and vulnerability remediation startup, has declined a $1 billion acquisition offer from CrowdStrike to remain independent. Co-founder and President Mike Walters believes that staying independent allows the company to capitalize on its unique technology and dedication to patch management, projecting that Action1 can grow into a multibillion-dollar business. The founders' previous success with Netwrix and the company's financial independence contribute to this decision, allowing them to prioritize long-term growth. Customer sentiment also played a role, with many expressing concerns that an acquisition might negatively impact Action1's existing offerings.

No Deal: Action1 Rebuffs CrowdStrike's Interest in $1B Buy BankInfoSecurity

Microsoft is introducing mandatory multifactor authentication (MFA) for all Azure sign-ins starting in the second half of 2024. This move is part of its $20 billion investment in security and the Secure Future Initiative to protect identities and digital assets from increasingly sophisticated cyberattacks. The phased rollout aims to provide customers with time to implement the changes and will involve notifications via email, Azure portals, and the Microsoft 365 message center. Customers will also have various MFA options, including Microsoft Authenticator, FIDO2 security keys, and certificate-based authentication, with extended timeframes available for complex environments. More details can be found in Microsoft's documentation.

Announcing mandatory multi-factor authentication for Azure sign-in | Microsoft Azure Blog azure.microsoft.com

Epic Systems will transition its customers to the Trusted Exchange Framework and Common Agreement (TEFCA), an initiative mandated by the 21st Century Cures Act to enhance nationwide health information interoperability, by the end of 2024. TEFCA offers a unified governance and technical standard framework, and Epic Nexus has been designated as a Qualified Health Information Network to facilitate this transition. Carequality, which currently connects a vast network of healthcare providers and is used by Epic’s community, has also announced plans to align with TEFCA. Despite past controversies over record requests, Epic assures continued support for Carequality during the transition to ensure successful interoperability.

Epic plans nationwide transition by 2025 Becker's Hospital Review

Earlier this year, Change Healthcare, a UnitedHealth-owned health tech company, suffered a significant ransomware attack, resulting in what is likely one of the largest data breaches of U.S. health and medical data. The attack, attributed to the ALPHV/BlackCat ransomware gang, caused widespread outages across the healthcare sector, disrupting billing and prescription services. Although UnitedHealth paid a $22 million ransom for a "safe" copy of the stolen data, issues persisted as affected individuals began receiving breach notifications. UnitedHealth confirmed the breach impacted a substantial portion of the U.S. population, with potentially over 100 million individuals affected. The incident, rooted in compromised security protocols, highlights vulnerabilities in handling sensitive healthcare data and has prompted increased bounty efforts from the U.S. government to locate those responsible.

How the ransomware attack at Change Healthcare went down: A timeline TechCrunch

Action1, a patch management and vulnerability remediation startup, has declined a $1 billion acquisition offer from CrowdStrike to remain independent. Co-founder and President Mike Walters believes that staying independent allows the company to capitalize on its unique technology and dedication to patch management, projecting that Action1 can grow into a multibillion-dollar business. The founders' previous success with Netwrix and the company's financial independence contribute to this decision, allowing them to prioritize long-term growth. Customer sentiment also played a role, with many expressing concerns that an acquisition might negatively impact Action1's existing offerings.

No Deal: Action1 Rebuffs CrowdStrike's Interest in $1B Buy BankInfoSecurity