Just over a month after Change Healthcare was hit by a cyberattack that disrupted operations and compromised patient data, United Health Group confirmed the breach, with potential costs reaching $1.6 billion. Despite this, UnitedHealth anticipates meeting its 2024 earnings forecast. The attack has had a profound impact on small providers, who have faced financial struggles similar to those during the Covid-19 pandemic, with reports of significant decreases in revenue. The situation highlights a broader issue within the healthcare sector's preparedness for cyberattacks, underscoring the lack of adequate business impact analyses (BIAs) and incident response plans. This oversight has been exacerbated by a reliance on cyber insurance, which is becoming less viable as insurers increase premiums or deny coverage due to the absence of preparatory measures. The article argues for the necessity of effective BIAs and a proactive approach to cybersecurity, recommending a post-mortem analysis of this incident to improve future security and operational resilience.

Will the Change Healthcare case finally make providers do a business impact analysis? SC Magazine

Foreign nation-state hackers exploited vulnerabilities in Ivanti edge devices to gain extensive access to MITRE Corp.'s unclassified network for three months. MITRE, known for its ATT&CK glossary on cyberattack techniques, faced its first major incident in 15 years due to these exploits. The breach targeted the NERVE network, used for research and development, whose extent of damage is still under assessment. The attackers bypassed multifactor authentication and utilized various techniques to infiltrate and persist within MITRE's VMware infrastructure, ultimately exfiltrating data to a command-and-control server. Despite following recommended best practices for securing the compromised Ivanti system, MITRE was unable to detect the breach until three months later, highlighting the sophistication of the attack and the need for improved detection and mitigation strategies.

MITRE ATT&CKED: InfoSec's Most Trusted Name Falls to Ivanti Bugs Dark Reading

The U.S. House of Representatives has passed legislation that could lead to a ban on TikTok unless its Chinese parent company, ByteDance Ltd., sells its stake within a year. Though initially part of a larger foreign aid package, the measure saw bipartisan support due to national security concerns about Chinese influence and potential data privacy issues. The bill, which passed by a significant majority, could face legal challenges from the company, claiming it infringes on First Amendment rights. TikTok has actively opposed the legislation, urging its significant U.S. user base to lobby against the ban. The Senate will now consider the bill, which includes provisions for the sale deadline to be extended if a sale is already underway.

The House votes for possible TikTok ban in the US, but don't expect the app to go away anytime soon Associated Press

The article titled "Patient Portal — When Patients Take AI into Their Own Hands" discusses the proactive use of generative AI by patients for medical diagnostics and other functions, even as the medical community remains cautious about the implementation of AI in clinical settings. The author, Carey Goldberg, argues that these patient-led "DIY" approaches to using AI in healthcare should not only be monitored but integrated into formal medical advice to ensure safe and effective practices.

Patient Portal — When Patients Take AI into Their Own Hands NEJM AI

Just over a month after Change Healthcare was hit by a cyberattack that disrupted operations and compromised patient data, United Health Group confirmed the breach, with potential costs reaching $1.6 billion. Despite this, UnitedHealth anticipates meeting its 2024 earnings forecast. The attack has had a profound impact on small providers, who have faced financial struggles similar to those during the Covid-19 pandemic, with reports of significant decreases in revenue. The situation highlights a broader issue within the healthcare sector's preparedness for cyberattacks, underscoring the lack of adequate business impact analyses (BIAs) and incident response plans. This oversight has been exacerbated by a reliance on cyber insurance, which is becoming less viable as insurers increase premiums or deny coverage due to the absence of preparatory measures. The article argues for the necessity of effective BIAs and a proactive approach to cybersecurity, recommending a post-mortem analysis of this incident to improve future security and operational resilience.

Will the Change Healthcare case finally make providers do a business impact analysis? SC Magazine

Foreign nation-state hackers exploited vulnerabilities in Ivanti edge devices to gain extensive access to MITRE Corp.'s unclassified network for three months. MITRE, known for its ATT&CK glossary on cyberattack techniques, faced its first major incident in 15 years due to these exploits. The breach targeted the NERVE network, used for research and development, whose extent of damage is still under assessment. The attackers bypassed multifactor authentication and utilized various techniques to infiltrate and persist within MITRE's VMware infrastructure, ultimately exfiltrating data to a command-and-control server. Despite following recommended best practices for securing the compromised Ivanti system, MITRE was unable to detect the breach until three months later, highlighting the sophistication of the attack and the need for improved detection and mitigation strategies.

MITRE ATT&CKED: InfoSec's Most Trusted Name Falls to Ivanti Bugs Dark Reading

The U.S. House of Representatives has passed legislation that could lead to a ban on TikTok unless its Chinese parent company, ByteDance Ltd., sells its stake within a year. Though initially part of a larger foreign aid package, the measure saw bipartisan support due to national security concerns about Chinese influence and potential data privacy issues. The bill, which passed by a significant majority, could face legal challenges from the company, claiming it infringes on First Amendment rights. TikTok has actively opposed the legislation, urging its significant U.S. user base to lobby against the ban. The Senate will now consider the bill, which includes provisions for the sale deadline to be extended if a sale is already underway.

The House votes for possible TikTok ban in the US, but don't expect the app to go away anytime soon Associated Press

The article titled "Patient Portal — When Patients Take AI into Their Own Hands" discusses the proactive use of generative AI by patients for medical diagnostics and other functions, even as the medical community remains cautious about the implementation of AI in clinical settings. The author, Carey Goldberg, argues that these patient-led "DIY" approaches to using AI in healthcare should not only be monitored but integrated into formal medical advice to ensure safe and effective practices.

Patient Portal — When Patients Take AI into Their Own Hands NEJM AI