Epic Systems, a major health-care software vendor, announced that patients will now be able to securely release their health data to various apps of their choosing, granting them greater control over their medical information. This development marks a significant technological advancement in the healthcare sector. Epic has been collaborating with the federal government to establish TEFCA, which sets the legal and technical standards for widespread patient data sharing.

Your health records are coming to new apps. Here's why CNBC

The White House is developing a new cyber insurance policy proposal aimed at addressing catastrophic cyber incidents, as announced at the Black Hat cybersecurity conference. National Cyber Director Harry Coker revealed that his office, in collaboration with the Department of Treasury’s federal insurance office and the Cybersecurity and Infrastructure Security Agency (CISA), is set to release the proposal by the end of the year. The initiative, part of the broader National Cybersecurity Strategy, seeks to manage risk, stabilize the insurance market against catastrophic cyber threats, and improve national cybersecurity resilience. Current efforts focus on challenges related to actuarial data and understanding stakeholder needs within the insurance industry.

White House working on cyber insurance policy proposal for ‘catastrophic’ incidents The Record from Recorded Future News

Court documents reveal that federal and state investigations are underway into Prospect Medical Holdings, a 16-hospital system accused of defrauding the government and failing to protect personal information prior to a ransomware attack last year. The investigations, which involve the U.S. Department of Justice, Connecticut Attorney General, and Connecticut Commissioner of Consumer Protection, are part of a larger legal conflict with Yale New Haven Health over a $435 million hospital sale. The DOJ has issued Civil Investigative Demands linked to potential violations of the False Claims Act, while Connecticut officials are focused on cybersecurity lapses and potentially deceptive hospital funding practices. Prospect denies all allegations.

Unsealed court filings offer details of DOJ investigation into Prospect Medical HealthCare Dive

The article highlights the pitfalls of focusing too much on the identities of cybercriminal groups in enterprise security strategies. Experts, including Andy Piazza from Palo Alto Networks Unit 42 and Jen Easterly from the Cybersecurity and Infrastructure Security Agency, argue that mythologizing threat actors can detract from more effective practices like improving detection, response capabilities, and patch management. They suggest that instead of emphasizing the names and narratives of cyberattacks, defenders should concentrate on practical measures to reduce risk. Crowdsourcing efforts from cybersecurity vendors, such as CrowdStrike's symbolic representations of threat groups, aim to elevate cybersecurity discourse but can inadvertently glamorize the adversaries they seek to neutralize.

It’s time to stop thinking of threat groups as supervillains, experts say Cybersecurity Dive

Epic Systems, a major health-care software vendor, announced that patients will now be able to securely release their health data to various apps of their choosing, granting them greater control over their medical information. This development marks a significant technological advancement in the healthcare sector. Epic has been collaborating with the federal government to establish TEFCA, which sets the legal and technical standards for widespread patient data sharing.

Your health records are coming to new apps. Here's why CNBC

The White House is developing a new cyber insurance policy proposal aimed at addressing catastrophic cyber incidents, as announced at the Black Hat cybersecurity conference. National Cyber Director Harry Coker revealed that his office, in collaboration with the Department of Treasury’s federal insurance office and the Cybersecurity and Infrastructure Security Agency (CISA), is set to release the proposal by the end of the year. The initiative, part of the broader National Cybersecurity Strategy, seeks to manage risk, stabilize the insurance market against catastrophic cyber threats, and improve national cybersecurity resilience. Current efforts focus on challenges related to actuarial data and understanding stakeholder needs within the insurance industry.

White House working on cyber insurance policy proposal for ‘catastrophic’ incidents The Record from Recorded Future News

Court documents reveal that federal and state investigations are underway into Prospect Medical Holdings, a 16-hospital system accused of defrauding the government and failing to protect personal information prior to a ransomware attack last year. The investigations, which involve the U.S. Department of Justice, Connecticut Attorney General, and Connecticut Commissioner of Consumer Protection, are part of a larger legal conflict with Yale New Haven Health over a $435 million hospital sale. The DOJ has issued Civil Investigative Demands linked to potential violations of the False Claims Act, while Connecticut officials are focused on cybersecurity lapses and potentially deceptive hospital funding practices. Prospect denies all allegations.

Unsealed court filings offer details of DOJ investigation into Prospect Medical HealthCare Dive

The article highlights the pitfalls of focusing too much on the identities of cybercriminal groups in enterprise security strategies. Experts, including Andy Piazza from Palo Alto Networks Unit 42 and Jen Easterly from the Cybersecurity and Infrastructure Security Agency, argue that mythologizing threat actors can detract from more effective practices like improving detection, response capabilities, and patch management. They suggest that instead of emphasizing the names and narratives of cyberattacks, defenders should concentrate on practical measures to reduce risk. Crowdsourcing efforts from cybersecurity vendors, such as CrowdStrike's symbolic representations of threat groups, aim to elevate cybersecurity discourse but can inadvertently glamorize the adversaries they seek to neutralize.

It’s time to stop thinking of threat groups as supervillains, experts say Cybersecurity Dive