A red team exercise by the US Cybersecurity and Infrastructure Security Agency (CISA) at an unnamed federal agency exposed significant security weaknesses that went unnoticed for five months. The exercise, simulating a nation-state cyber threat, began with the exploitation of an unpatched vulnerability (CVE-2022-21587) in the agency's Oracle Solaris enclave, leading to a comprehensive system breach. Despite early notification, the agency delayed patching the flaw for over two weeks, during which the exploit became publicly available. Further compromises were achieved through phishing and weak password attacks, with the red team gaining extensive access to privileged systems. The assessment highlighted inadequate detection capabilities, ineffective log management, and over-reliance on known indicators of compromise (IoCs). The exercise underscored the need for defense-in-depth strategies and stricter adherence to security patching deadlines.

CISA broke into US federal agency, wasn't spotted for months The Register

Steward Health Care, a financially challenged Dallas-based health system, is under criminal investigation by federal prosecutors from the U.S. Attorney's office in Boston. The investigation involves allegations of fraud and Foreign Corrupt Practices Act violations, linked to a failed deal with Malta to operate three state-owned hospitals. While no charges have been filed regarding the Malta situation, Steward confirmed it is cooperating with the U.S. Department of Justice. The beleaguered health system, which filed for bankruptcy on May 6, is auctioning off its 31 hospitals and physician group, though the auction process has faced delays. UnitedHealth Group's Optum recently withdrew from a planned acquisition of Stewardship Health, further impacting Steward's future.

Steward hit with federal investigation over alleged fraud, corruption Becker's Hospital Review

The Florida Department of Health is facing system outages affecting the distribution of birth and death certificates following an alleged ransomware attack, in which hackers claimed to have stolen 100GB of personal data. Although the department has not confirmed the cyberattack, it has acknowledged temporary disruptions in its Vital Statistics system. This has delayed funerals and caused financial issues for individuals awaiting death certificates for legal and financial processes. Health officials are collaborating with law enforcement, funeral homes, and healthcare facilities to continue operations manually during the outage. The attack highlights the increasing vulnerability of healthcare systems to cyber threats, with significant risks posed by the exposure of sensitive patient data. Residents are advised to monitor their financial and credit records for unusual activity as a precaution.

Hack on Florida's Vital Statistics is just the latest cyberattack on health-related systems health.wusf.usf.edu

Hackensack Meridian Health promptly filed a lawsuit against HHS Secretary Xavier Becerra on the same day the Supreme Court overturned Chevron deference. The New Jersey-based health system challenges the formula for disproportionate share hospital payments, criticizing CMS' interpretations that have affected their Medicare reimbursements. Audrey Murphy, VP and chief legal officer, emphasized that the Supreme Court's decision allows for stricter adherence to congressional payment policies, which is crucial for the financial stability of nonprofit health systems like Hackensack. The lawsuit aims to ensure accurate future Medicare payments and clarity on supplemental security income reimbursements, signaling Hackensack's proactive stance in protecting its financial interests.

Why Hackensack Meridian acted quickly in post-Chevron landscape Becker's Hospital Review

A red team exercise by the US Cybersecurity and Infrastructure Security Agency (CISA) at an unnamed federal agency exposed significant security weaknesses that went unnoticed for five months. The exercise, simulating a nation-state cyber threat, began with the exploitation of an unpatched vulnerability (CVE-2022-21587) in the agency's Oracle Solaris enclave, leading to a comprehensive system breach. Despite early notification, the agency delayed patching the flaw for over two weeks, during which the exploit became publicly available. Further compromises were achieved through phishing and weak password attacks, with the red team gaining extensive access to privileged systems. The assessment highlighted inadequate detection capabilities, ineffective log management, and over-reliance on known indicators of compromise (IoCs). The exercise underscored the need for defense-in-depth strategies and stricter adherence to security patching deadlines.

CISA broke into US federal agency, wasn't spotted for months The Register

Steward Health Care, a financially challenged Dallas-based health system, is under criminal investigation by federal prosecutors from the U.S. Attorney's office in Boston. The investigation involves allegations of fraud and Foreign Corrupt Practices Act violations, linked to a failed deal with Malta to operate three state-owned hospitals. While no charges have been filed regarding the Malta situation, Steward confirmed it is cooperating with the U.S. Department of Justice. The beleaguered health system, which filed for bankruptcy on May 6, is auctioning off its 31 hospitals and physician group, though the auction process has faced delays. UnitedHealth Group's Optum recently withdrew from a planned acquisition of Stewardship Health, further impacting Steward's future.

Steward hit with federal investigation over alleged fraud, corruption Becker's Hospital Review

The Florida Department of Health is facing system outages affecting the distribution of birth and death certificates following an alleged ransomware attack, in which hackers claimed to have stolen 100GB of personal data. Although the department has not confirmed the cyberattack, it has acknowledged temporary disruptions in its Vital Statistics system. This has delayed funerals and caused financial issues for individuals awaiting death certificates for legal and financial processes. Health officials are collaborating with law enforcement, funeral homes, and healthcare facilities to continue operations manually during the outage. The attack highlights the increasing vulnerability of healthcare systems to cyber threats, with significant risks posed by the exposure of sensitive patient data. Residents are advised to monitor their financial and credit records for unusual activity as a precaution.

Hack on Florida's Vital Statistics is just the latest cyberattack on health-related systems health.wusf.usf.edu

Hackensack Meridian Health promptly filed a lawsuit against HHS Secretary Xavier Becerra on the same day the Supreme Court overturned Chevron deference. The New Jersey-based health system challenges the formula for disproportionate share hospital payments, criticizing CMS' interpretations that have affected their Medicare reimbursements. Audrey Murphy, VP and chief legal officer, emphasized that the Supreme Court's decision allows for stricter adherence to congressional payment policies, which is crucial for the financial stability of nonprofit health systems like Hackensack. The lawsuit aims to ensure accurate future Medicare payments and clarity on supplemental security income reimbursements, signaling Hackensack's proactive stance in protecting its financial interests.

Why Hackensack Meridian acted quickly in post-Chevron landscape Becker's Hospital Review