A recent survey conducted by Wolters Kluwer Health reveals that over two-thirds of U.S. physicians have grown more trusting of generative AI (GenAI) over the past year, appreciating its potential to save time and improve health care. Approximately 40% of physicians are now ready to use GenAI at the point of care, provided they trust the tool in question. Key benefits recognized include time savings in accessing and summarizing medical information and enhancing care team efficiency. The survey also highlights a critical need for transparency about the sources and creation of GenAI content, with the majority of physicians requiring assurance that the data used by GenAI tools are provided by medical professionals. Despite these positive attitudes among healthcare providers, there remains a notable skepticism among patients regarding GenAI's application in healthcare.

Physicians are embracing clinical GenAI—in theory, at least AI in Healthcare

A report from cybersecurity firm Sophos highlights a surge in low-cost, basic ransomware, termed as 'junk-gun ransomware,' making it both accessible for aspiring cybercriminals and challenging for cybersecurity defenses. From June 2023 to February 2024, Sophos identified 19 types of such ransomware, which were inexpensive and simply constructed, some even lacking advanced features. This trend not only lowers the entry barrier for attackers, with some ransomware being available for free or at minimal cost, but also poses detection and monitoring challenges for cybersecurity professionals, due to the small number and low cost of these malicious software versions. Moreover, these rudimentary ransomware varieties evade the traditional Ransomware as a Service (RaaS) models' commission structures, indicating a shift in the cybercrime marketplace.

For some cybercriminals, ‘junk’ ransomware does the job IT Brew

The Cybersecurity and Infrastructure Security Agency (CISA) is set to fully implement an automated vulnerability warning system by the end of the year, designed to notify organizations about software vulnerabilities being leveraged by ransomware groups. This initiative, which is currently in its pilot stage and falls under the mandates of the Cyber Incident Reporting for Critical Infrastructure Act of 2022, seeks to diminish ransomware attacks by encouraging the patching of vulnerable systems before they are compromised. Announced by CISA Director Jen Easterly, the program has already issued over 2,000 warnings since its inception last year and integrates CISA's inventory of exploited vulnerabilities and common misconfigurations tied to ransomware incidents. This effort is in response to the growing threat of ransomware attacks, exemplified by a recent significant breach that affected the U.S. healthcare system, highlighting the urgency of addressing such vulnerabilities.

CISA ransomware warning program set to fully launch by end of 2024 CyberScoop

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued guidance indicating that it has not yet received mandatory HIPAA breach reports from Change Healthcare or its parent company UnitedHealth Group (UHG) following a significant cyberattack. The guidance underscores the requirement for HIPAA-covered entities and their vendors to report breaches of protected health information (PHI) within 60 days of discovery for incidents affecting 500 or more individuals. The notice also discusses the obligations of these entities to notify affected individuals and outlines the unclear timeline for when Change Healthcare and UHG discovered the breach and the extent of their notification responsibilities. Further, HHS has initiated an investigation into the incident due to its broad impact on patient privacy and healthcare provider operations, emphasizing the importance of compliance with HIPAA rules in the wake of the cyberattack's implications.

Feds Issue Guide for Change Health Breach Reporting Duties BankInfoSecurity

A recent survey conducted by Wolters Kluwer Health reveals that over two-thirds of U.S. physicians have grown more trusting of generative AI (GenAI) over the past year, appreciating its potential to save time and improve health care. Approximately 40% of physicians are now ready to use GenAI at the point of care, provided they trust the tool in question. Key benefits recognized include time savings in accessing and summarizing medical information and enhancing care team efficiency. The survey also highlights a critical need for transparency about the sources and creation of GenAI content, with the majority of physicians requiring assurance that the data used by GenAI tools are provided by medical professionals. Despite these positive attitudes among healthcare providers, there remains a notable skepticism among patients regarding GenAI's application in healthcare.

Physicians are embracing clinical GenAI—in theory, at least AI in Healthcare

A report from cybersecurity firm Sophos highlights a surge in low-cost, basic ransomware, termed as 'junk-gun ransomware,' making it both accessible for aspiring cybercriminals and challenging for cybersecurity defenses. From June 2023 to February 2024, Sophos identified 19 types of such ransomware, which were inexpensive and simply constructed, some even lacking advanced features. This trend not only lowers the entry barrier for attackers, with some ransomware being available for free or at minimal cost, but also poses detection and monitoring challenges for cybersecurity professionals, due to the small number and low cost of these malicious software versions. Moreover, these rudimentary ransomware varieties evade the traditional Ransomware as a Service (RaaS) models' commission structures, indicating a shift in the cybercrime marketplace.

For some cybercriminals, ‘junk’ ransomware does the job IT Brew

The Cybersecurity and Infrastructure Security Agency (CISA) is set to fully implement an automated vulnerability warning system by the end of the year, designed to notify organizations about software vulnerabilities being leveraged by ransomware groups. This initiative, which is currently in its pilot stage and falls under the mandates of the Cyber Incident Reporting for Critical Infrastructure Act of 2022, seeks to diminish ransomware attacks by encouraging the patching of vulnerable systems before they are compromised. Announced by CISA Director Jen Easterly, the program has already issued over 2,000 warnings since its inception last year and integrates CISA's inventory of exploited vulnerabilities and common misconfigurations tied to ransomware incidents. This effort is in response to the growing threat of ransomware attacks, exemplified by a recent significant breach that affected the U.S. healthcare system, highlighting the urgency of addressing such vulnerabilities.

CISA ransomware warning program set to fully launch by end of 2024 CyberScoop

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued guidance indicating that it has not yet received mandatory HIPAA breach reports from Change Healthcare or its parent company UnitedHealth Group (UHG) following a significant cyberattack. The guidance underscores the requirement for HIPAA-covered entities and their vendors to report breaches of protected health information (PHI) within 60 days of discovery for incidents affecting 500 or more individuals. The notice also discusses the obligations of these entities to notify affected individuals and outlines the unclear timeline for when Change Healthcare and UHG discovered the breach and the extent of their notification responsibilities. Further, HHS has initiated an investigation into the incident due to its broad impact on patient privacy and healthcare provider operations, emphasizing the importance of compliance with HIPAA rules in the wake of the cyberattack's implications.

Feds Issue Guide for Change Health Breach Reporting Duties BankInfoSecurity