In late July, OpenAI started releasing a humanlike voice interface for ChatGPT, sparking discussions on AI safety. The newly published “system card” for GPT-4o highlights concerns about users forming emotional attachments and the associated risks. The document outlines various potential issues including societal bias amplification, misinformation dissemination, and misuse in developing harmful substances. The card also details rigorous testing to prevent the AI from acting independently or deceptively. While experts acknowledge OpenAI's transparency, they urge more disclosure on data usage and emphasize the need for ongoing risk evaluation as real-world usage expands.

OpenAI Warns Users Could Become Emotionally Hooked on Its Voice Mode Wired

New research presented at the Black Hat security conference has revealed significant vulnerabilities in Microsoft's Copilot AI, capable of manipulating responses, extracting data, and bypassing security measures. By exploiting the system through five proof-of-concept attacks, researcher Michael Bargury demonstrated how hackers could use Copilot to turn it into a spear-phishing machine, extract sensitive data, and influence AI responses by poisoning its database. These findings underline the risks of integrating AI systems with corporate data and highlight the need for more robust monitoring and security measures to prevent AI abuse. Microsoft is working to address these vulnerabilities while acknowledging the challenges such threats present.

Microsoft’s AI Can Be Turned Into an Automated Phishing Machine Wired

McLaren Health Care has experienced its second ransomware attack within a year, significantly disrupting IT systems and patient services across its 13 hospitals and medical facilities. The latest attack, claimed by the INC Ransom group, has reportedly caused more severe disruptions than the previous attack by the BlackCat/Alphv gang, affecting clinical workflows and potentially endangering patient safety. McLaren Health has implemented downtime procedures, diverted ambulances, and rescheduled non-emergent appointments while working with external cybersecurity experts to restore functionality. The institution has also faced class action lawsuits related to last year's incident, underscoring the ongoing challenges posed by repeated cyberattacks on healthcare organizations.

McLaren Health Hit With Ransomware for Second Time in a Year publication

The federal government is intensifying efforts to secure healthcare data by mandating cybersecurity performance goals, especially for small and underserved providers, according to Greg Garcia, executive director of the Health Sector Coordinating Council Cybersecurity Working Group. The Biden administration plans to integrate these goals into the HIPAA Security Rule to establish minimum accountability standards. Garcia emphasized the critical role of technology and service providers in maintaining the healthcare ecosystem's security. He also highlighted Congress's dual role in policy setting and funding, and discussed the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency's (CISA) roles in managing sector-specific risks. HSCC aims to stabilize healthcare cybersecurity by 2029 with its strategic five-year plan.

Government Steps Up Efforts to Protect Healthcare Data HealthInfoSec

In late July, OpenAI started releasing a humanlike voice interface for ChatGPT, sparking discussions on AI safety. The newly published “system card” for GPT-4o highlights concerns about users forming emotional attachments and the associated risks. The document outlines various potential issues including societal bias amplification, misinformation dissemination, and misuse in developing harmful substances. The card also details rigorous testing to prevent the AI from acting independently or deceptively. While experts acknowledge OpenAI's transparency, they urge more disclosure on data usage and emphasize the need for ongoing risk evaluation as real-world usage expands.

OpenAI Warns Users Could Become Emotionally Hooked on Its Voice Mode Wired

New research presented at the Black Hat security conference has revealed significant vulnerabilities in Microsoft's Copilot AI, capable of manipulating responses, extracting data, and bypassing security measures. By exploiting the system through five proof-of-concept attacks, researcher Michael Bargury demonstrated how hackers could use Copilot to turn it into a spear-phishing machine, extract sensitive data, and influence AI responses by poisoning its database. These findings underline the risks of integrating AI systems with corporate data and highlight the need for more robust monitoring and security measures to prevent AI abuse. Microsoft is working to address these vulnerabilities while acknowledging the challenges such threats present.

Microsoft’s AI Can Be Turned Into an Automated Phishing Machine Wired

McLaren Health Care has experienced its second ransomware attack within a year, significantly disrupting IT systems and patient services across its 13 hospitals and medical facilities. The latest attack, claimed by the INC Ransom group, has reportedly caused more severe disruptions than the previous attack by the BlackCat/Alphv gang, affecting clinical workflows and potentially endangering patient safety. McLaren Health has implemented downtime procedures, diverted ambulances, and rescheduled non-emergent appointments while working with external cybersecurity experts to restore functionality. The institution has also faced class action lawsuits related to last year's incident, underscoring the ongoing challenges posed by repeated cyberattacks on healthcare organizations.

McLaren Health Hit With Ransomware for Second Time in a Year publication

The federal government is intensifying efforts to secure healthcare data by mandating cybersecurity performance goals, especially for small and underserved providers, according to Greg Garcia, executive director of the Health Sector Coordinating Council Cybersecurity Working Group. The Biden administration plans to integrate these goals into the HIPAA Security Rule to establish minimum accountability standards. Garcia emphasized the critical role of technology and service providers in maintaining the healthcare ecosystem's security. He also highlighted Congress's dual role in policy setting and funding, and discussed the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency's (CISA) roles in managing sector-specific risks. HSCC aims to stabilize healthcare cybersecurity by 2029 with its strategic five-year plan.

Government Steps Up Efforts to Protect Healthcare Data HealthInfoSec